"Recent posts
#1
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by neel - Today at 03:41:26 AMI'd love to have an UEFI ARM64 installer image. The Minisforum MS-R1 seems interesting enough being a 10GbE ARM Mini PC.
I can compile in a FreeBSD VM on my M3 MacBook Pro. Is this possible? It's either a MBP or two Raspberry Pi 4s, everything else has x86 for me (including the laptop I'm typing this on) or is a smartphone.
I can compile in a FreeBSD VM on my M3 MacBook Pro. Is this possible? It's either a MBP or two Raspberry Pi 4s, everything else has x86 for me (including the laptop I'm typing this on) or is a smartphone.
#2
General Discussion / UPNP Broken
Last post by lmnsour - Today at 01:59:13 AMI've been trying to troubleshoot this for almost a week and cant seem to figure out what is wrong. I enabled UPNP earlier this year it worked fine but lately I've been getting STRICT NAT warnings from STEAM games.
The UPNP service shows no active connections.
I initially set it up using this guide: https://www.youtube.com/watch?v=g5EJYVnpmlM&t=193s
I've tried reinstalling the UPNP (v 1.7) and miniupnpd (v 2.3.9_1,1)
I've read and tried all of the following:
https://forum.opnsense.org/index.php?topic=17869.msg81044#msg81044
https://forum.opnsense.org/index.php?topic=17855.0
https://forum.opnsense.org/index.php?topic=32787.msg158703#msg158703
https://forum.opnsense.org/index.php?topic=22591.msg107325#msg107325
https://forum.opnsense.org/index.php?topic=37585.0
https://forum.opnsense.org/index.php?topic=42478.msg210152#msg210152
Did one of the updates break UPNP? Or am I missing something?
My OPNSENSE PC doesn't go through a router but is connected through a network switch.
The UPNP service shows no active connections.
I initially set it up using this guide: https://www.youtube.com/watch?v=g5EJYVnpmlM&t=193s
I've tried reinstalling the UPNP (v 1.7) and miniupnpd (v 2.3.9_1,1)
I've read and tried all of the following:
https://forum.opnsense.org/index.php?topic=17869.msg81044#msg81044
https://forum.opnsense.org/index.php?topic=17855.0
https://forum.opnsense.org/index.php?topic=32787.msg158703#msg158703
https://forum.opnsense.org/index.php?topic=22591.msg107325#msg107325
https://forum.opnsense.org/index.php?topic=37585.0
https://forum.opnsense.org/index.php?topic=42478.msg210152#msg210152
Did one of the updates break UPNP? Or am I missing something?
My OPNSENSE PC doesn't go through a router but is connected through a network switch.
#3
General Discussion / Wifi 802.11ac Support
Last post by Albertk - Today at 01:57:55 AMHi,
I have managed to set an Intel AX200 m.2 card to work as STA for WAN but the issue is that is only connect via 802.11a (54Mbps). Since that OpnSense 25.7.x is based in FreeBSD 14.3 which support 802.11ac. Is there anything have to do to enable that?.
https://www.freebsd.org/releases/14.3R/announce/
I have managed to set an Intel AX200 m.2 card to work as STA for WAN but the issue is that is only connect via 802.11a (54Mbps). Since that OpnSense 25.7.x is based in FreeBSD 14.3 which support 802.11ac. Is there anything have to do to enable that?.
https://www.freebsd.org/releases/14.3R/announce/
#4
Hardware and Performance / Re: Suggestion for Bufferbloat...
Last post by cookiemonster - Today at 01:09:05 AMQuote from: meyergru on December 02, 2025, 11:08:38 PMMaybe that is due to the TCP congestion algorithms used. You can change it with Windows, I think under Win10, it was BBR2, but that had some problems, so they reverted back to CUBIC for Win11.
With Linux, you can easily change it via sysctl. These are the values I use:Code Selectnet.core.rmem_default = 2048000
net.core.wmem_default = 2048000
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.ipv4.tcp_rmem = 4096 1024000 33554432
net.ipv4.tcp_wmem = 4096 1024000 33554432
# don't cache ssthresh from previous connection
#net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_adv_win_scale = 5
# recommended to increase this for 1000 BT or higher
net.core.netdev_max_backlog = 30000
# for 10 GigE, use this
# net.core.netdev_max_backlog = 30000
net.ipv4.tcp_syncookies = 1
# Enable BBR for Kernel >= 4.9
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
Interesting. I did not know anything about this. Thanks @meyergry
Quote from: Seimus on December 02, 2025, 11:30:01 PMQuote from: cookiemonster on December 02, 2025, 06:14:28 PMHey. I've been using a windows laptop for testing the bufferbloat so far. Normally I use linux but had a need to stay booted on Win last few days. This one is connected via a Wi-Fi 6 (802.11ax) Wifi network using a Intel(R) Wi-Fi 6E AX210 160MHz adapter. Depending on location I can get as little as 480/721 (Mbps) agregated link speed (rec/tran) so I have a bottleneck there at times. Wired connections are only one for a PC but I can't get to it most of the time.
For OPN's CPU I'm using an AMD Ryzen 5 5600U on Proxmox with two vCPUs. Just did a ubench run on it and gives: Ubench Single CPU: 910759 (0.41s). So I think that is Ok.
I've now reset the shaper to docs defaults. This time also the upload side. I need to reboot (had limit and flows on the pipe), I'll update the post.
HW should be okay to handle ZA + Shaper and that throughput.
But keep in mind the stuff about WiFi I mentioned above.
Regards,
S.
So far, gone back to exactly as docs I am getting consistent B grades. It seems to confirm my testing was flawed too. Wired testing seems better but don't have the values at hand.
That said, although I did know that I expected wired/wifi differences, I was hoping that the bufferbloat cure would help the wireless clients, which are the majority in the household, hence I was testing this way.
Is it possible or even desirable to tweak the shaper for wireless as main target ?
#5
25.7, 25.10 Series / Re: Lost web mgmt. on 25.7.9 u...
Last post by OPNenthu - Today at 12:30:35 AMI thought it was an issue with the login session at first, so I hit 'refresh' in the browser to see if it would drop me out to the login screen. Unfortunately it was not responding.
#6
25.7, 25.10 Series / Re: Lost web mgmt. on 25.7.9 u...
Last post by Jose - Today at 12:05:59 AMI've also updated from 25.7.8 to 25.7.9 today trough the Dashboard [System:Firmware] and everything went fine, though never experienced this Dashboard hiccups(I use Firefox) but wondering why some users are reporting this issue after updates.
However I've experienced this problems in the past with some Rpi/ARM distributions running from bare slow USB/SDCard media, but that's expected unless the system is loaded/running from RAM disk, and/or when testing on older hardware with limited resources.
Regards
However I've experienced this problems in the past with some Rpi/ARM distributions running from bare slow USB/SDCard media, but that's expected unless the system is loaded/running from RAM disk, and/or when testing on older hardware with limited resources.
Regards
#7
German - Deutsch / Re: Routing Frage
Last post by meyergru - December 04, 2025, 11:39:08 PMIch verstehe offen gesagt nicht, wieso Du so pikiert reagierst. Du hast anfangs nicht genau gesagt, was Du eigentlich tust. Ich schrieb Dir dann, dass Deine Frage, wie der Switch das Routing zwischen Server 2 und 3 übernehmen kann mit "gar nicht" beantwortet werden muss, weil beide im selben VLAN liegen und somit kein Routing erfolgt.
Danach sagtest Du, dass Du den Switch nutzen willst, um direkt zwischen dem VLAN für den Mac und dem für die Server zu routen und habe lediglich gefragt, wozu Du dann die OpnSense noch benötigst. Das primär deswegen, weil die OpnSense dann eben genau bislang wirksame Netztrennung der VLANs nicht mehr gewährleistet - so langsam das aktuell auch sein mag. Ein solcher Hinweis ist doch wohl legitim, wenn Du selbst sagst, dass Du kein Netzwerkprofi bist.
Finde ich auch schade, aber ich nehme wahr, dass Du offenbar keine weiteren Hinweise mehr möchtest.
Danach sagtest Du, dass Du den Switch nutzen willst, um direkt zwischen dem VLAN für den Mac und dem für die Server zu routen und habe lediglich gefragt, wozu Du dann die OpnSense noch benötigst. Das primär deswegen, weil die OpnSense dann eben genau bislang wirksame Netztrennung der VLANs nicht mehr gewährleistet - so langsam das aktuell auch sein mag. Ein solcher Hinweis ist doch wohl legitim, wenn Du selbst sagst, dass Du kein Netzwerkprofi bist.
Finde ich auch schade, aber ich nehme wahr, dass Du offenbar keine weiteren Hinweise mehr möchtest.
#8
General Discussion / Re: use traffic shaper in fire...
Last post by saleh - December 04, 2025, 11:24:56 PMThank you so much Seimus and Franco for your support and assistance.
I hope the issue will be fixed in the upcoming release.
Best regards,
Saleh
I hope the issue will be fixed in the upcoming release.
Best regards,
Saleh
#9
General Discussion / Re: Port forwarding never reac...
Last post by viragomann - December 04, 2025, 11:12:32 PMQuote from: gigagames on December 03, 2025, 09:16:07 PMBut noting is received by the 10.30.0.80 machine. If i run `tcpdump -ni vlan0.30 port 62217` on Opnsense I also see no traffic.Did you verify this with a tcpdump on the destinations server?
#10
25.7, 25.10 Series / Re: OPNsense dies every 24th h...
Last post by TomasL - December 04, 2025, 10:26:05 PMWill probably go for ROXY9 and AIF, at the end.
