"Recent posts
#1
26.1 Series / Re: Pointers on how to manuall...
Last post by allenlook - Today at 02:57:47 AMThank you for the replies!
#2
Hardware and Performance / Re: Drowning in (old) hardware...
Last post by OPNenthu - Today at 02:49:41 AMQuote from: nero355 on Today at 01:59:22 AMI hope you see now what I was trying to say in my previous reply ?Got it... thanks for the examples.
Also, my earlier point about CPU frequency being the limiting factor is based on the idea that when limited to a single core then performance only scales with clock speed (assuming all other optimizations have been exhausted). This seems to be the limiting factor for the home license version of ZA.
For Suricata (and here I think you're correct- it has a setting for "Listeners," but I don't know much about it), I think we can use the Deciso specs for "Threat Protection Throughput" as a guide. This is cut and dry because the footnote of the specsheet says:
QuoteIPS performance is measured using ET Open and standard 1500 byte package size.
#3
26.1 Series / Re: Track Interface with 26.1
Last post by nero355 - Today at 02:09:25 AMQuote from: franco on February 04, 2026, 08:33:27 PMWhy not. It's probably the smarter approach. :)I thought so too :)
Thank you for the full reply!
#4
Hardware and Performance / Re: Drowning in (old) hardware...
Last post by nero355 - Today at 01:59:22 AMQuote from: OPNenthu on February 04, 2026, 07:48:20 PMI am referring to this: https://forum.opnsense.org/index.php?topic=41295.0Ahh, OK :)
QuoteI don't know what you mean by this:I am not a programmer/developer but let me put it this way =>Quotethere are always multiple threads within any application that is just one big single thread,
If I wrote a simple C program with just an infinite control loop, it would peg a single hardware thread if I'm not mistaken?
A simple browser comparison :
- Mozilla Firefox
- Pale Moon
Pale Moon is a piece of software that will never use more than 1 CPU/Core to render a website.
However, it is multi-threaded because otherwise it would be extremely slow/unusable as a browser.
It also runs as one thread that is spread amongst the cores of your CPU but it will in total never use more than 1 Core.
Mozilla Firefox is a piece of software that can use as much CPU's or Cores as you allow it to basically.
It is extremely multi-threaded and a lot faster on older multi-Cored CPU's than Pale Moon.
It starts multiple threads spread over all the cores of your CPU and does a lot of things at the same time when rendering a website.
The same comparison can be made for example for PPPoE connections handled by FreeBSD vs. Linux which is one of the drawbacks using OPNsense/pfSense for such a connection instead of let's say OpenWRT or so...
In that case Linux is Mozilla Firefox and FreeBSD is Pale Moon when it comes to their PPPoE modules/libraries:)
I hope you see now what I was trying to say in my previous reply ?
#5
26.1 Series / Re: Management Interface openi...
Last post by niwmik - Today at 01:34:33 AMThanks, I set it to 10.10.60.0/24 and now it's working.
#6
26.1 Series / Re: Firewall log live view - o...
Last post by pseudonym3k - Today at 01:12:47 AMI've used multiple machines and multiple browsers. Auto refresh is on.
Firewall just updated to 26.1.1 and I still have the same problem.
Did you try the specific example I gave? It looks like that might be the only one that doesn't work. I tried a query src_port contains and that one worked.
I tried the above specific criteria (address, is, <value>) with multiple LAN and public IPs and none of them worked for me.
Firewall just updated to 26.1.1 and I still have the same problem.
Did you try the specific example I gave? It looks like that might be the only one that doesn't work. I tried a query src_port contains and that one worked.
I tried the above specific criteria (address, is, <value>) with multiple LAN and public IPs and none of them worked for me.
#7
General Discussion / Yet another Shaper question (U...
Last post by stanps - Today at 12:49:22 AMHey everyone. I've got high and low priority download pipes/queues/rules that APPEAR to be working just how I expect and want.
But I've got upload pipes/queues/rules that don't seem to be passing any information at all. I'm generating download and upload traffic using speedtest.net.
I've attached pics of my pipe, queue and rules, as well as the Status showing no activity after a couple full runs of speedtest.net download and upload measurements. What am I missing?
But I've got upload pipes/queues/rules that don't seem to be passing any information at all. I'm generating download and upload traffic using speedtest.net.
I've attached pics of my pipe, queue and rules, as well as the Status showing no activity after a couple full runs of speedtest.net download and upload measurements. What am I missing?
#8
26.1 Series / Re: DNAT auto firewall [Regist...
Last post by TheSHAD0W - Today at 12:44:21 AMI should also mention that my setup is rather complex and that would complicate picking out the issue. I could maybe set up a test rig but then there's still so much that needs to be passed around.
If you really need it, I can set up said test rig, but it would be best if we could communicate more directly.
If you really need it, I can set up said test rig, but it would be best if we could communicate more directly.
#9
26.1 Series / Re: DNAT auto firewall [Regist...
Last post by TheSHAD0W - Today at 12:38:15 AMYou should be able to do a dual wan test just by plugging both interfaces into the same source network with dhcp, then watching packets out of both using tcpdump.
#10
25.7, 25.10 Series / Re: OpenVPN connection causes ...
Last post by adv - Today at 12:32:41 AMQuote from: nero355 on February 04, 2026, 07:18:33 PMSome questions =>Quote from: adv on February 04, 2026, 06:50:45 PMFrom my local Windows 11 computer:Who is this IP address ?
Local network:Code Selectping -n 1 192.168.1.24
Pinging 192.168.1.24 with 32 bytes of data:
Reply from 192.168.1.24: bytes=32 time=22ms TTL=64
Ping statistics for 192.168.1.24:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 22ms, Average = 22ms
Another PC ? Your Router ? Something else ?
192.168.1.24 is another PC on the local network.
QuoteQuoteRemote network:Code Selectping -n 1 192.168.90.17
Pinging 192.168.90.17 with 32 bytes of data:
Reply from 192.168.90.17: bytes=32 time=23ms TTL=63
Ping statistics for 192.168.90.17:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 23ms, Average = 23ms
This is the subnet on the OpenVPN connection and the IP address of the Remote Desktop PC ?!
No, 192.168.90.0/24 is a subnet at the remote location and 192.168.90.17 is a device on that subnet.
QuoteQuoteInternet:You ping without DNS resolving, but is the VPN active ? On which Client/Server ?Code Selectping -n 1 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=19ms TTL=114
Ping statistics for 8.8.8.8:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 19ms, Average = 19ms
Yes, VPN was active then and it did ping Google.
QuoteQuotePing of local network, remote network, and Google get quick replies. So, there is some Internet connectivity but I am still unable to browse.On the Remote Desktop PC or your Local PC ?
On the local PC. Browsing on the remote PC works fine.
QuoteQuoteWho is :Code Selecttracert 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.1.1
2 10 ms 12 ms 10 ms 10.61.193.35
3 12 ms 13 ms 10 ms 162.151.216.241
4 12 ms 9 ms 18 ms po-2-rur201.exeter.nh.boston.comcast.net [68.86.224.229]
5 38 ms 19 ms 124 ms po-200-xar01.exeter.nh.boston.comcast.net [96.110.22.29]
6 109 ms 16 ms 23 ms be-301-arsc1.needham.ma.boston.comcast.net [162.151.150.125]
7 23 ms 28 ms 18 ms 96.110.42.9
8 25 ms 22 ms 20 ms 96.110.34.26
9 * * * Request timed out.
10 25 ms 18 ms 19 ms 142.251.225.89
11 25 ms 19 ms 21 ms 142.251.60.235
12 20 ms 18 ms 18 ms dns.google [8.8.8.8]
Trace complete.Code Select2 10 ms 12 ms 10 ms 10.61.193.35Exactly ?
No idea who 10.61.193.35 is nor 162.151.216.241. I was guessing they were part of my ISP's infrastructure???
QuoteQuoteThis should tell you dns.google as answer, but usually you nslookup opnsense.org for example and then it gives you an IP address.Code Selectnslookup 8.8.8.8
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 207.172.3.9
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
That is the reason you "Have no internet" in your browser I think.
So you are saying there is no DNS? Is that the cause of all of this. My thought is that it could be. So, what I want to do is to have the local computer runs its Internet traffic and its DNS through its own Internet connection and NOT through the tunnel. That is known as Split-Horizon, right? I just can't find a good how-to article on the most recent version of OpenVPN.
