Recent posts

#1

Hardware and Performance / Re: Suggestion for Bufferbloat...

Last post by OPNenthu - Today at 02:02:16 AM

It was worth a try guys, but I'm not seeing a difference between BBR and CUBIC on my system.  At least the loaded latency in all cases doesn't go above +10ms.

#2

Hardware and Performance / Re: Suggestion for Bufferbloat...

Last post by Seimus - December 02, 2025, 11:38:22 PM

Linux: https://www.waveform.com/tools/bufferbloat?test-id=964b7180-4a1f-4eed-a114-1dfb613e9b63
Win10: https://www.waveform.com/tools/bufferbloat?test-id=edad2d94-d2c8-41e1-8b63-a31eeb2539bb

These results are not bad, and if they are constant I would call it a win.

But as mentioned by @meyergru you may have differences due to congestion algorithms. On Win10 I think the default is CTCP or CUBIC.

I personally run BBR on Linux.

Code Select Expand

bat /etc/sysctl.d/bbr.conf
─────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
     │ File: /etc/sysctl.d/bbr.conf
─────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1 │ net.core.default_qdisc=fq
   2 │ net.ipv4.tcp_congestion_control=bbr
─────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Regards,
S.

#3

Hardware and Performance / Re: Suggestion for Bufferbloat...

Last post by Seimus - December 02, 2025, 11:30:01 PM

Hey. I've been using a windows laptop for testing the bufferbloat so far. Normally I use linux but had a need to stay booted on Win last few days. This one is connected via a Wi-Fi 6 (802.11ax) Wifi network using a Intel(R) Wi-Fi 6E AX210 160MHz adapter. Depending on location I can get as little as 480/721 (Mbps) agregated link speed (rec/tran) so I have a bottleneck there at times. Wired connections are only one for a PC but I can't get to it most of the time.
For OPN's CPU I'm using an AMD Ryzen 5 5600U on Proxmox with two vCPUs. Just did a ubench run on it and gives: Ubench Single CPU:   910759 (0.41s). So I think that is Ok.
I've now reset the shaper to docs defaults. This time also the upload side. I need to reboot (had limit and flows on the pipe), I'll update the post.

HW should be okay to handle ZA + Shaper and that throughput.
But keep in mind the stuff about WiFi I mentioned above.


Regards,
S.

#4

25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist s...

Last post by Patrick M. Hausen - December 02, 2025, 11:21:44 PM

Mainly, none of the RFC authors ever considered that with the abundance of IPv6 addresses, any ISP would ever even think of using dynamic prefixes. Alas, that is the reality for most consumer setups now.

Nailed it!

#5

25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist s...

Last post by meyergru - December 02, 2025, 11:20:46 PM

Mainly, none of the RFC authors ever considered that with the abundance of IPv6 addresses, any ISP would ever even think of using dynamic prefixes. Alas, that is the reality for most consumer setups now.

#6

General Discussion / Re: Where should I put the mai...

Last post by meyergru - December 02, 2025, 11:17:37 PM

And frankly speaking, the videos I saw from that guy are mostly outdated, unspecific and in some cases, beside "usual" approaches. As Patrick noted, transparent filtering bridges might look like a good idea to beginners (obviously, also to Home Network Guy), while in reality, they make most things harder.

#7

General Discussion / Re: Where should I put the mai...

Last post by Patrick M. Hausen - December 02, 2025, 11:11:37 PM

Why are you trying to set up a transparent filtering bridge? The most complex error prone hard to debug configuration of a firewall existing? Set up OPNsense as a router and firewall which is the well documented default.

#8

Hardware and Performance / Re: Suggestion for Bufferbloat...

Last post by meyergru - December 02, 2025, 11:08:38 PM

Maybe that is due to the TCP congestion algorithms used. You can change it with Windows, I think under Win10, it was BBR2, but that had some problems, so they reverted back to CUBIC for Win11.

With Linux, you can easily change it via sysctl. These are the values I use:

Code Select Expand

net.core.rmem_default = 2048000
net.core.wmem_default = 2048000
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.ipv4.tcp_rmem = 4096 1024000 33554432
net.ipv4.tcp_wmem = 4096 1024000 33554432

# don't cache ssthresh from previous connection
#net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_adv_win_scale = 5
# recommended to increase this for 1000 BT or higher
net.core.netdev_max_backlog = 30000
# for 10 GigE, use this
# net.core.netdev_max_backlog = 30000
net.ipv4.tcp_syncookies = 1
# Enable BBR for Kernel >= 4.9
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr


#9

General Discussion / Re: Where should I put the mai...

Last post by timlab55 - December 02, 2025, 10:56:50 PM

This is along the same problem.  I've been following the video from "Home Network Guy - How To Set Up A transparent Filtering Bridge on OPNsense" because I'm very slowly learning about networking.  I mean, to me it's step by step (which is what I need).  Two problems.  #1:  One day, I can get it to work (the section I'm learning about), and the next day, I go back and make a correction or something, and it doesn't work.  Come back a week later and it does work.  Doesn't make sense to me.  And yes, he does talk about making the maintenance interface.  He the reason for my question is because of what he is saying, I have no clue about.  In his video he states "You will need to ensure the static IP address is not located in the DHCP range you have set on your primary router and does not conflict with any other static IP addresses on your management network."  So again, with the opening question and this, what should my ip address be for the MGMT interface?

#10

General Discussion / Re: Problems with NRPE

Last post by franco - December 02, 2025, 10:18:07 PM

Same problem with check_procs here (other commands work) and sudo did not help. I suspect a relation to "unbound: safe command execution changes" (from the release notes of 25.7.8)?!

Highly unlikely.

I have the ticket here as requested on reddit from michaelsage. Will look into it tomorrow.

https://github.com/opnsense/plugins/issues/5059