"Recent posts
#1
General Discussion / Re: ARC RAM usage
Last post by nero355 - Today at 11:11:51 PMQuote from: Isabella Borgward on Today at 03:52:37 PMDon't blame me for what they have written! LOL! :DQuote from: nero355 on Today at 12:34:13 PMif the system runs any other daemons or processes that may require memory.Right. Is there any system on earth that doesn't run 'other daemons or processes' than ARC? :D
QuoteAnyway, from the graphs, yes I can see that ARC tops out once it gets to 1GB free, so it is behaving as documented.NICE!!! :)
#2
26.1, 26,4 Series / Re: WAN Interface Statistics n...
Last post by OPNenthu - Today at 11:10:00 PMI don't know if it's correct or not but I was curious if there would be a discrepancy between the two sources. If they agreed (and the data was obviously wrong) then I would have said the problem could be at the OS/driver level.
What you show here is nowhere near 1TB even, let alone 3.96T. I had ChatGPT convert the numbers to human readable format:
The netstat numbers (I think) are cumulative since the last boot or when the network interface was initialized.
I'm not sure what the reporting period of your insight data is. In your first post you said you were looking at the interface totals on the Dashboard, which I would guess more closely align to netstat, with some rounding.
What you show here is nowhere near 1TB even, let alone 3.96T. I had ChatGPT convert the numbers to human readable format:
Code Select
Name Network RX Packets RX Data TX Packets TX Data
------- --------------- ----------- ---------- ----------- ----------
mlxen0 <Link#6> 24,067 16.8 MiB 375,393 621.2 MiB
Local IPv6 6,753 552.7 KiB 6,768 573.1 KiB
0.0.0.0/22 1,810,036 597.7 MiB 3,165,999 3.22 GiB
IPv6 Address 67,311 26.4 MiB 110,451 39.2 MiB
The netstat numbers (I think) are cumulative since the last boot or when the network interface was initialized.
I'm not sure what the reporting period of your insight data is. In your first post you said you were looking at the interface totals on the Dashboard, which I would guess more closely align to netstat, with some rounding.
#3
26.1, 26,4 Series / Re: WAN Interface Statistics n...
Last post by Component0002 - Today at 09:59:10 PMQuote from: OPNenthu on June 16, 2026, 02:56:47 PMRun 'netstat -ib'.
Maybe this way we can at least rule out OPNsense and isolate the issue to FreeBSD.
Running this I get:
Code Select
Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll
mlxen0 1500 <Link#6> MAC Address 24067 0 15755 17619261 375393 0 651359478 0
mlxen0 - Local IPV6 6753 - - 565951 6768 - 586868 -
mlxen0 - 0.0.0.0/22 example.org 1810036 - - 626700987 3165999 - 3460842453 -
mlxen0 - IPV6 Address 67311 - - 27675314 110451 - 41138776 -
The firewall has been up for 2 days. Does this look correct to you? (I have redacted the IPs)
Insights is reporting:
Bytes In Bytes Out Total:
195.33 G 3.77 T 3.96 T
#4
General Discussion / Re: Unable to remove neighbor ...
Last post by proxytun - Today at 09:17:48 PMHi,
I'm having a similar problem. And here is a solution: previously i was used ISC DHCP v4 server, it was disabled when i migrated to dnsmasq, but static record still persists here. Go to ISC DHCPv4, select interface, find static arp record and delete it. Problem solved.
I'm having a similar problem. And here is a solution: previously i was used ISC DHCP v4 server, it was disabled when i migrated to dnsmasq, but static record still persists here. Go to ISC DHCPv4, select interface, find static arp record and delete it. Problem solved.
#5
German - Deutsch / Re: Wemag dual stack
Last post by proofy4u - Today at 08:49:46 PMDas Besondere an diesen Provider ist, dass man überhaupt keine Informationen bekommt. Sie bieten zwar den Anschluss ohne Router an, aber dann hat man halt Pech gehabt.
Als Nicht-Business Anschluss bekommt man tatsächlich nur IPV6 dynamisch - was immer das bei denen bedeuten soll.
Beim Businessanschluss habe ich es tatsächlich mit der statischen IPV6 hinbekommen, allerdings mit einem TP-Link Router und ich habe noch nicht alle IPV6 Tests gemacht, um wirklich sicher zu sagen, dass es funktioniert.
Als Nicht-Business Anschluss bekommt man tatsächlich nur IPV6 dynamisch - was immer das bei denen bedeuten soll.
Beim Businessanschluss habe ich es tatsächlich mit der statischen IPV6 hinbekommen, allerdings mit einem TP-Link Router und ich habe noch nicht alle IPV6 Tests gemacht, um wirklich sicher zu sagen, dass es funktioniert.
#6
Hardware and Performance / Re: cpu-microcode-intel: no ma...
Last post by BrandyWine - Today at 08:24:53 PMSome more reading about alder lake with bios/uefi with freeBSD.
loader.conf may be too early to try and push a ucode update.
as a test, remove the load entries from loader.conf (or change to cpu_microcode_load="NO")
rc.local
#!/bin/sh
sleep 10
/usr/sbin/cpucontrol -m /dev/cpuctl0 /boot/firmware/intel-ucode.bin
/usr/sbin/cpucontrol -m /dev/cpuctl1 /boot/firmware/intel-ucode.bin
chmod +x /etc/rc.local
loader.conf may be too early to try and push a ucode update.
as a test, remove the load entries from loader.conf (or change to cpu_microcode_load="NO")
rc.local
#!/bin/sh
sleep 10
/usr/sbin/cpucontrol -m /dev/cpuctl0 /boot/firmware/intel-ucode.bin
/usr/sbin/cpucontrol -m /dev/cpuctl1 /boot/firmware/intel-ucode.bin
chmod +x /etc/rc.local
#7
German - Deutsch / Re: Problem: guce.yahoo.com wi...
Last post by feofan69 - Today at 08:13:56 PMQuote from: patient0 on June 16, 2026, 09:39:48 PMQuote from: feofan69 on June 16, 2026, 09:01:33 PMDNS‑Abfrage über Unbound (drill guce.yahoo.com @127.0.0.1) → liefert NXDOMAINMachst Du diese Anfrage auf der Sense oder auf dem Klient? Wenn auf dem Klient, dann mal mit 'drill guce.yahoo.com @<OPNsense IP>' versuchen
Das ist die Abfrage am Firewall zu Firewall
Code Select
drill guce.yahoo.com @10.1.2.254
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 41025
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; guce.yahoo.com. IN A
;; ANSWER SECTION:
guce.yahoo.com. 1800 IN CNAME real.rotation.guce.aws.oath.cloud.
;; AUTHORITY SECTION:
guce.aws.oath.cloud. 900 IN SOA ns-877.awsdns-45.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;; ADDITIONAL SECTION:
;; Query time: 332 msec
;; SERVER: 127.0.0.1
;; WHEN: Wed Jun 17 20:10:01 2026
;; MSG SIZE rcvd: 160
Das ist die Abfrage am Firewall zu 1.1.1.1
Code Select
drill guce.yahoo.com @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60469
;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; guce.yahoo.com. IN A
;; ANSWER SECTION:
guce.yahoo.com. 1706 IN CNAME real.rotation.guce.aws.oath.cloud.
real.rotation.guce.aws.oath.cloud. 26 IN CNAME prod-rotation-v2.guce.aws.oath.cloud.
prod-rotation-v2.guce.aws.oath.cloud. 26 IN A 52.211.254.147
prod-rotation-v2.guce.aws.oath.cloud. 26 IN A 54.155.89.181
prod-rotation-v2.guce.aws.oath.cloud. 26 IN A 34.251.109.51
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 7 msec
;; SERVER: 1.1.1.1
;; WHEN: Wed Jun 17 20:11:35 2026
;; MSG SIZE rcvd: 158
Ich vermuhte es liegt daran, dass guce.yahoo.com CNAMES hat.
#8
General Discussion / Re: Connecting to DHCP managed...
Last post by lnet.admin - Today at 07:50:59 PMHave you tried with the MAC Address spoofing?
My UK fibre provider works perfectly well without it and I get no connection with it.
My UK fibre provider works perfectly well without it and I get no connection with it.
#9
Hardware and Performance / Re: cpu-microcode-intel: no ma...
Last post by BrandyWine - Today at 07:18:41 PMQuote from: fastboot on Today at 09:59:24 AMalthough I have not yet found Intel documentation explicitly confirming the exact revision mapping.
100% Intel has it. meyergru was right, that cpu is a 0x80. I was likely provided bad info for the mapping of desktop vs mobile variant (see below).
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/b24397c3611f5b0a7ccb3071df99ba596721d82b#diff-1dfe853ac13a3d80cb5ef06b3c030342fb367f6f6ad6bdb2328e48c47ec16e08
Apparently, the i3-1215U is a "mobile" cpu package, period. However, the fusing is different, notice they call the 0x80 the "desktop" fusing and the 0x40 is the "mobile" fusing.
(for this i3-1215U)
mask = "package"/"fusing"
0x40 = mobile/mobile
0x80 = mobile/desktop
/////////////////////////////////////////
Why there are multiple platform IDs (.40 vs .80)
From Intel microcode layout:
The same CPU model (06-9A-04)
can run in different platform configurations
selected via MSR IA32_PLATFORM_ID (0x17)
So Intel splits microcode into:
Platform ID mask Meaning
0x40 mobile / low-power configuration
0x80 desktop / higher-power configuration
///////////////////////////////////////
A good read
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/microcode-update-guidance.html
#10
Hardware and Performance / Re: cpu-microcode-intel: no ma...
Last post by BrandyWine - Today at 07:05:19 PMI agree with fastboot.
Everything points to cpu variant fusing ID 7 (0x80 mask)
The iucode testing I did shows the newer rev code for this cpu(ID 7). It's listed in the bin and in the .80 file.
Here's some new info, please verify.
According to some docs the klm cpuctl needs to be loaded BEFORE a microcode can be installed by cpucontrol utility.
1) boot normally, try kldstat | grep cpuctl , is that klm loaded?
1a) if that klm is not loaded, then kldload cpuctl (it may not actually be loaded at boot time, or in time for cpucontrol)
2) then try cpucontrol -u /dev/cpuctl0 /boot/firmware/intel-ucode.bin
3) then verify it installed on that cpu
cpucontrol -m 0x8B /dev/cpuctl0
expecting to see MSR 0x8B: 0x00000000 0x0000043b
microcode revision = 0x043b
remember, you have /dev/cpuctl0 and /dev/cpuctl1
If this manual process fails, then something else is preventing the install of the code onto the device, bios/uefi is likely culprit.
Everything points to cpu variant fusing ID 7 (0x80 mask)
The iucode testing I did shows the newer rev code for this cpu(ID 7). It's listed in the bin and in the .80 file.
Here's some new info, please verify.
According to some docs the klm cpuctl needs to be loaded BEFORE a microcode can be installed by cpucontrol utility.
1) boot normally, try kldstat | grep cpuctl , is that klm loaded?
1a) if that klm is not loaded, then kldload cpuctl (it may not actually be loaded at boot time, or in time for cpucontrol)
2) then try cpucontrol -u /dev/cpuctl0 /boot/firmware/intel-ucode.bin
3) then verify it installed on that cpu
cpucontrol -m 0x8B /dev/cpuctl0
expecting to see MSR 0x8B: 0x00000000 0x0000043b
microcode revision = 0x043b
remember, you have /dev/cpuctl0 and /dev/cpuctl1
If this manual process fails, then something else is preventing the install of the code onto the device, bios/uefi is likely culprit.
