"Recent posts
#1
25.7, 25.10 Series / Intel Thermal Sensor Virtually...
Last post by WhatAMess - Today at 03:58:39 PMI have Opnsense OPNsense 25.7.11_2-amd64 installed on two different mini-pcs, on one the temperatures are clearly visible and posted inside a green box on the other the text is white on white background and barely visible, plus the temperature is way off (.1C). Should be near to 34 deg C since it is a fanless unit. I am using Opnsense-Dark theme on both units, they are different brands but both Intel based. Searches for the thermal sensor problem appear to be a little dated, I am using a current version of Opnsense so hopefully someone has an idea of a fix.--Thanks.
#2
German - Deutsch / Re: MTU bei PPPoe | Deutsche G...
Last post by Patrick M. Hausen - Today at 03:51:05 PMQuote from: s.meier68 on Today at 03:44:04 PMDie MTU gehört zum Layer3Header"Teil" des Paketes. Der VLAN Header befindet sich vor dem Layer 3 Header im Layer2 "Teil" des Paketes.
Die MTU gilt für den Layer 2 Payload und der beginnt dann üblicherweise mit dem Layer 3 Header, ja. Falls es ein Layer 3 gibt, was ja nicht sein muss. Also hier bei OPNsense schon, aber es gibt so Audio-Kram und ähnliches, was direkt auf Ethernet aufsetzt.
Du hast aber m.E. vollkommen Recht, dass ein 802.1q (VLAN) Header immer "außen" an den Layer 2 Frame dran geklebt wird und nicht auf Kosten der MTU geht. Ich hab das noch nie gesehen und wir haben mit VLANs angefangen, als man auch noch ISL statt 802.1q verwendet hat, ein proprietäres Format von Cisco.
#3
German - Deutsch / Re: MTU bei PPPoe | Deutsche G...
Last post by s.meier68 - Today at 03:44:04 PMQuote from: s.meier68 on Today at 03:01:15 PMQuote from: meyergru on January 16, 2026, 07:43:16 PMExklusiv oder nicht, das ändert nichts daran, dass bei virtualisierten NICs die MTU auf dem PVE-Host bereits vergrößert werden muss, ehe die OpnSense VM das auch nutzen kann.
Das habe ich jetzt schon ein paar mal gelesen und das ist aus meiner Sicht falsch. Die MTU und die Größe des Ethernetframes haben nur bedingt etwas miteinander zu tun. Die MTU gehört zum Layer3Header"Teil" des Paketes. Der VLAN Header befindet sich vor dem Layer 3 Header im Layer2 "Teil" des Paketes. Dieser hat mit der MTU überhaupt nichts zu tun.
Die MTU kleiner machen, damit das gesamte Paket unter einer bestimmten Größe bleibt ist ungefähr so als wenn man ein Ikea-Paket aufteilt ohne zu wissen was die Spedition für einen LKW verwendet. (Was übrigens auch im Bezug zum Ethernetpaket vollkommen egal ist, da sich die Spedition drum kümmert und nicht das Ikea-Paket!!!)
#4
Zenarmor (Sensei) / Re: Latest Zenarmor update bre...
Last post by sy - Today at 03:38:19 PMHi,
We have received the report and are currently investigating the matter. I will provide you with regular updates regarding the ticket.
We have received the report and are currently investigating the matter. I will provide you with regular updates regarding the ticket.
#5
25.7, 25.10 Series / GeoIP list no more correct for...
Last post by jfou1987 - Today at 03:15:10 PMHello, i'm on 25.10.1_2 business Version.
Today, a road warrior user told me he can't connect anymore to VPN server.
I tried on cellular with the same issue.
I found the problem. It's GeoIP. I only give access to Belgian IP (BE). When disabled, it works again.
The geoip database was updated about 15 minutes ago. In the alias IP list (diagnostic/alias) i cannot found any of my belgian (verified) IP adsresses.
I temporary add a whitelist for my user to let him work. But he's behind a dynamic IP internet connexion. I will add his new IP when change.
Does anyone know if the provider of the business GeoIP list has an issue today ?
Today, a road warrior user told me he can't connect anymore to VPN server.
I tried on cellular with the same issue.
I found the problem. It's GeoIP. I only give access to Belgian IP (BE). When disabled, it works again.
The geoip database was updated about 15 minutes ago. In the alias IP list (diagnostic/alias) i cannot found any of my belgian (verified) IP adsresses.
I temporary add a whitelist for my user to let him work. But he's behind a dynamic IP internet connexion. I will add his new IP when change.
Does anyone know if the provider of the business GeoIP list has an issue today ?
#6
General Discussion / Re: Where is TCP processed - C...
Last post by Seimus - Today at 03:05:44 PMQuote from: chemlud on Today at 02:22:33 PMRE 2: Mirrors are "hardcoded" and identical on FAST and SLOW. The download of weekly packages on FAST and SLOW is simultaneously in the attachment of OP, so how/why only one client should be rate limited?True if this is the case. I assumed you have dynamic mirrors and downloads are in different intervals. If you would be rate limited it would be for the Public IP. But if both of them are NATed behind one, it would affect them both. BTW based on this when you only run the update for the slow, result is the same correct?
Quote from: chemlud on Today at 02:22:33 PMCongestion algorithm? Hmmm... ;-)I could talk about this whole day long, but to simplify it, its the often omitted brother of the TCPs scaling window.
Sender > Responsible for the Scaling Window
Receiver > Responsible for the Congestion management
Congestion tells the sender to slow down, and how to recover from the congestion event (this not 100% correct but enough to see both of them are important).
Current enabled congestion algo, default should be at least CUBIC
Code Select
sysctl net.ipv4.tcp_congestion_controlAll available congestion algos
Code Select
sysctl net.ipv4.tcp_available_congestion_controlFor BRR you you usally need to enable some extra flags in system but nothing to hard...
Regards,
S.
#7
German - Deutsch / Re: MTU bei PPPoe | Deutsche G...
Last post by s.meier68 - Today at 03:01:15 PMQuote from: meyergru on January 16, 2026, 07:43:16 PMExklusiv oder nicht, das ändert nichts daran, dass bei virtualisierten NICs die MTU auf dem PVE-Host bereits vergrößert werden muss, ehe die OpnSense VM das auch nutzen kann.
Das habe ich jetzt schon ein paar mal gelesen und das ist aus meiner Sicht falsch. Die MTU und die Größe des Ethernetframes haben nur bedingt etwas miteinander zu tun. Die MTU gehört zum Layer3 Header des Paketes. Der VLAN Header befindet sich vor dem Layer 3 Header im Layer2 des Paketes. Dieser hat mit der MTU überhaupt nichts zu tun.
Die MTU kleiner machen, damit das gesamte Paket unter einer bestimmten Größe bleibt ist ungefähr so als wenn man ein Ikea-Paket aufteilt ohne zu wissen was die Spedition für einen LKW verwendet. (Was übrigens auch im Bezug zum Ethernetpaket vollkommen egal ist, da sich die Spedition drum kümmert und nicht das Ikea-Paket!!!)
#8
Q-Feeds (Threat intelligence) / Girls In Your Town - Anonymous...
Last post by vihb88com - Today at 02:38:55 PMGirls In Your Town - No Selfie - Anonymous Casual Dating
https://secrelocal.com
Womens In Your Town - Anonymous Sex Dating - No Selfie
https://secrelocal.com
Womens In Your Town - Anonymous Sex Dating - No Selfie
#9
General Discussion / Re: Where is TCP processed - C...
Last post by chemlud - Today at 02:22:33 PMThanks for reading.
RE 2: Mirrors are "hardcoded" and identical on FAST and SLOW. The download of weekly packages on FAST and SLOW is simultaneously in the attachment of OP, so how/why only one client should be rate limited?
Congestion algorithm? Hmmm... ;-)
RE: BBR
I had in Tumbleweed:
Then I followed this:
https://www.techrepublic.com/article/how-to-enable-tcp-bbr-to-improve-network-speed-on-linux/
and did
Then I have after
RE 2: Mirrors are "hardcoded" and identical on FAST and SLOW. The download of weekly packages on FAST and SLOW is simultaneously in the attachment of OP, so how/why only one client should be rate limited?
Congestion algorithm? Hmmm... ;-)
RE: BBR
I had in Tumbleweed:
Code Select
sudo sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = reno cubic
Then I followed this:
https://www.techrepublic.com/article/how-to-enable-tcp-bbr-to-improve-network-speed-on-linux/
and did
Code Select
sudo nano /etc/sysctl.conf
-> and add the following two lines:
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
Then I have after
Code Select
sudo sysctl -pCode Select
sudo sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr #10
General Discussion / Re: (Newbie) Internet speeds h...
Last post by Seimus - Today at 02:14:48 PMQuoteThe game I'm playing uses p2p (peer to peer) connections between players. Not a dedicated server, so connections are based on the "host" player with the other players feeding off the host's connection.
This is a common problem for such games. Most likely you fall into the NAT3 and lower category. Because NAT is by default setup-ed to NAT as well the port dynamical, you may hit such problems.
I would advice you create a new NAT rule for you PC and enable Static Port. This will keep the port generated by the source the same and will NAT only the IP. Usually this is enough to help the P2P games.
https://docs.opnsense.org/manual/nat.html#outbound
Regards,
S.
