"Recent posts
#1
25.7, 25.10 Series / Re: Unable to boot after updat...
Last post by HourWithHobbit - Today at 02:11:10 AMYeah, I should have looked more into the update before jumping in and updating.
I am running this in hardware but do not have the plug in mentioned installed. Instead, I needed to completely remove the WAN interface and reconfigure. After that, internet returned.
I work in IT I know I should have looked into issues! Oops. Thankfully its my home lab!
I am running this in hardware but do not have the plug in mentioned installed. Instead, I needed to completely remove the WAN interface and reconfigure. After that, internet returned.
I work in IT I know I should have looked into issues! Oops. Thankfully its my home lab!
#2
German - Deutsch / Re: Opnsense DNS Warum funktio...
Last post by meyergru - Today at 01:05:14 AMNein, Patrick, das müsstest Du doch wissen!
https://www.rfc-editor.org/rfc/rfc2606.html
https://www.rfc-editor.org/rfc/rfc6761.html
;-)
Wir wissen ja nur zu gut, dass manche Leute alles wörtlich nehmen - und andere eben nicht... die Kunst ist zu unterscheiden, wann etwas wörtlich zu nehmen ist und wann nicht. Aber um das zu wissen, muss man leider schon Experte sein - ein wichtiger Aspekt des Dunning-Kruger-Effekts.
https://www.rfc-editor.org/rfc/rfc2606.html
https://www.rfc-editor.org/rfc/rfc6761.html
;-)
Wir wissen ja nur zu gut, dass manche Leute alles wörtlich nehmen - und andere eben nicht... die Kunst ist zu unterscheiden, wann etwas wörtlich zu nehmen ist und wann nicht. Aber um das zu wissen, muss man leider schon Experte sein - ein wichtiger Aspekt des Dunning-Kruger-Effekts.
#3
German - Deutsch / Re: Opnsense DNS Warum funktio...
Last post by bamf - Today at 12:59:46 AMDas schon. Aber auch in einem Platzhalter sollte man doch Beispiele verwenden, die sich zumindest an gängigen Standards orientieren. meinedomain.internal oder meinedomain.home.arpa wären da als Platzhalter besser geeignet, finde ich 😉
#4
General Discussion / Re: new setup cannot reach lin...
Last post by meyergru - Today at 12:55:08 AMThe CPU should not be of concern, at least on bare metal, it is way faster than you need.
You say you use a modem. What connection type is that? DSL over PPPoE? Could it be that the MTU is sub-optimal for your ISP?
If the packets must be re-fragmented, you could experience lesser speeds. Did you try to lower MTU sizes on both LAN and WAN?
The "usual" approach would be to limit the MTU size to a value that does keep OpnSense from refragmenting via MSS clamping. And BTW: OpnSense is not very good at determining the correct size automatically.
Sometimes, ISPs allow for "mini jumbo frames", this is all explained here: https://forum.opnsense.org/index.php?topic=45658.0
Note, however, that this is for non-VM installations. With a VM, you would have to enlarge the MTU on the physical WAN device and the bridge for this to work, too - but I never actually tried that.
You say you use a modem. What connection type is that? DSL over PPPoE? Could it be that the MTU is sub-optimal for your ISP?
If the packets must be re-fragmented, you could experience lesser speeds. Did you try to lower MTU sizes on both LAN and WAN?
The "usual" approach would be to limit the MTU size to a value that does keep OpnSense from refragmenting via MSS clamping. And BTW: OpnSense is not very good at determining the correct size automatically.
Sometimes, ISPs allow for "mini jumbo frames", this is all explained here: https://forum.opnsense.org/index.php?topic=45658.0
Note, however, that this is for non-VM installations. With a VM, you would have to enlarge the MTU on the physical WAN device and the bridge for this to work, too - but I never actually tried that.
#5
General Discussion / Re: new setup cannot reach lin...
Last post by muusemuuse - Today at 12:21:09 AMI can't do passthru on this board because I'm cheap and it sucks. But I did try booting into a live instance of opnsense. It was better but still nowhere near line level.
#6
Hardware and Performance / Re: Network behind a double NA...
Last post by Maurice - Today at 12:04:37 AMQuote from: Patrick M. Hausen on November 27, 2025, 10:17:47 PMWiFi client mode is very actively being worked on so people can run current laptops with FreeBSD as their day to day OS.
Thanks for the clarification. Though it's debatable whether newly introducing limited support for 802.11ac in 2025 counts as "very actively". ;-) That's more than a decade behind Linux.
But since client mode is what @kernew wants (WAN via WiFi), this might actually be reasonable (when using a supported Intel WiFi module and being okay with good old 802.11ac + WPA2).
#7
German - Deutsch / Re: Opnsense DNS Warum funktio...
Last post by Patrick M. Hausen - November 27, 2025, 11:49:21 PMQuote from: JeGr on November 27, 2025, 10:26:03 PMQuote from: Patrick M. Hausen on November 18, 2025, 03:55:37 PMWas ist denn die eingestellte Domain der OPNsense? Da solltest du nicht .local benutzen sondern z.B. meinedomain.lan oder so etwas. Unter dieser Domain werden die Hostnamen Test1 und Test2 dann ins DNS eingetragen.
Patrick, sag doch sowas nicht, das bleibt ewig online ;) und dann heißt es wieder "das hat aber jemand gesagt ich soll das so machen". Bitte nicht irgendwelche ausgedachten TLDs für internen Betrieb nehmen.
Du meinst, es ist nicht offensichtlich, dass "meinedomain.lan" ein Platzhalter ist? 🤯
#8
25.7, 25.10 Series / Re: Unable to boot after updat...
Last post by meyergru - November 27, 2025, 11:00:08 PMDo not look any further...
Let me guess: UFS install, 25.7.x installed, not having read or followed the advice here: https://forum.opnsense.org/index.php?topic=42985.0, point 23, or more specifically: https://forum.opnsense.org/index.php?topic=48343.msg244891#msg244891
The microcode updates by themselves do no harm, but rather help. There are known instabilities with newer FreeBSD kernels with certain Intel generations (i.e. Alder Lake, Twin Lake and Nxxx).
The problems turn up mostly on UFS installs. They can be avoided by certain tuneables that are explained in the postings above.
And this thread was about a VM install where microcode updates have been applied inside the VM - which is wrong and will probably not work (or cause problems). All of this is mentioned in the READ ME FIRST post as well.
Let me guess: UFS install, 25.7.x installed, not having read or followed the advice here: https://forum.opnsense.org/index.php?topic=42985.0, point 23, or more specifically: https://forum.opnsense.org/index.php?topic=48343.msg244891#msg244891
The microcode updates by themselves do no harm, but rather help. There are known instabilities with newer FreeBSD kernels with certain Intel generations (i.e. Alder Lake, Twin Lake and Nxxx).
The problems turn up mostly on UFS installs. They can be avoided by certain tuneables that are explained in the postings above.
And this thread was about a VM install where microcode updates have been applied inside the VM - which is wrong and will probably not work (or cause problems). All of this is mentioned in the READ ME FIRST post as well.
#9
25.7, 25.10 Series / Re: Unable to boot after updat...
Last post by kweetwel - November 27, 2025, 10:45:12 PMI have the same issue on a Qotom box Q1076GE. On bare metal, so no VM's.
Uninstalling the 'os-cpu-microcode-intel' plugin fixed it. Thanks for the suggestion @AnnaRenee87!
Now searching for logs to see why it failed with the plugin installed... hmmm...
Uninstalling the 'os-cpu-microcode-intel' plugin fixed it. Thanks for the suggestion @AnnaRenee87!
Now searching for logs to see why it failed with the plugin installed... hmmm...
#10
General Discussion / Re: Plex Server Setup in 2024 ...
Last post by SenseX - November 27, 2025, 10:41:31 PMQuote from: meyergru on October 10, 2024, 08:44:27 AMI think, it will only work if you are able to access the remote port via IPv4, e.g. you are not behind CG-NAT or any type of double NAT, for that matter.Hi,
Also, my firewall optimization is set to "normal", see attached pictures. Obviously, you will need a plex account and have outbound access for your Plex server as well such that the plex network can make your external IPv4 be found. This server may not use a VPN connection, and obviously, you need a static or reserved internal IPv4.
There are instructions on how to test this (see sections "manual port forwarding" and "common problems"). For example, Zenarmor or AdGuardHome could also interfere.
Still offline, even when I follow your settings. What is your NAT outbound settings.?
I have been using Hybrid outbound NAT rule generation (automatically generated rules are applied after manual rules)"
I'm not behind CG-NAT. But I do use another public port. Running OPNsense 25.7.8
But for some reason, friends can still connect even when it says "Not available outside your network"
