"Recent posts
#1
Hardware and Performance / Re: DEC3920 / DEC3940 / DEC396...
Last post by sopex - Today at 09:56:29 AMQuote from: spaceharrier on May 22, 2026, 06:18:34 PMI just installed a 3920 on my home 10Gbit connection, upgrading from a DEC750. Doing casual speed tests with my provider (Sonic.com) and using just my normal firewall rules the 3920 has no problem saturating the connection. Enabling Zenarmor the download speed caps at a little below 3.5Gb/s, showing about 20% CPU utilization. That's using the default policy with Moderate Control settings.
(The DEC750 couldn't fully saturate the 10Gbit connection with just firewall rules, and dropped to a little below 2Gb/s running the same Zenarmor config.)
The Zenarmor engine is not multi-core, so this is to be expected.
#2
Hardware and Performance / Re: cpu-microcode-intel: no ma...
Last post by newsense - Today at 09:09:18 AMYou've gone way too deep into the rabbit hole.
By and large OPNsense follows closely Freshports.
CPU Microcode AMD
As long as Freshports doesn't move you'll get the same files from December 2025 repackaged for each 26.1.x release.
By and large OPNsense follows closely Freshports.
CPU Microcode AMD
As long as Freshports doesn't move you'll get the same files from December 2025 repackaged for each 26.1.x release.
#3
25.7, 25.10 Legacy Series / Re: Opnsense somehow blocks ip...
Last post by bitbln - Today at 08:42:37 AMQuote from: newizard1 on May 08, 2026, 10:13:22 AMI Had the same issue
What I did:
1. On the LAN interface I left both MTU/MSS empty (using default MTU 1500)
2. On the WAN interface I used: MTU=1492 (using PPPoE connection) and MSS=1492. According to OPNsense help, having MSS set to that value will clamp MSS both for IPV4 and IPV6. For IPV4 it will be MSS value minus 40, and for IPV6 it will be MSS value minus 60 (1452, 1432 correspondly)
For me that solved that issue.
Oh! Thank you! Thank you! Thank you!
I looked for 3 days for the answer, why my connection was not working properly. Setting the MSS value corrected the issues I was having with OPNSense and Telekom.
#4
General Discussion / Building a Tor Gateway
Last post by ohthisis - Today at 07:18:32 AMHello,
I am a newbie in OPNsense. I want to set up a Tor gateway. I found an article that did this with pfSense. I tried to do the same with pfSense but I got the following error:
I found that the new version of pfSense is not suitable for this task.I would be grateful if someone could guide me on implementing the above article in OPNsense.
Thank you.
I am a newbie in OPNsense. I want to set up a Tor gateway. I found an article that did this with pfSense. I tried to do the same with pfSense but I got the following error:
Code Select
ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pkg"
I found that the new version of pfSense is not suitable for this task.I would be grateful if someone could guide me on implementing the above article in OPNsense.
Thank you.
#5
Virtual private networks / Re: Cannot delete OpenVPN inst...
Last post by pankaj - Today at 04:42:34 AMI solved it little differently by logging into the OPNSense console with following steps:
1. grep -n openvpn-server /conf/config.xml | sed 's/:/ /' --> this will give you the line number where OpenVPN server specific line numbers
2. cat -n /conf/config.xml | sed -n '6478,6500p' --> replace line numbers with your machine specific details, this will show you the entire block
3. nano +6478 /conf/config.xml -> this will open nano at the specified line number
4. CTRL+K --> deletes the line at cursor position, delete the entire block between <openvpn-server> </openvpn-server>
5. Exit from shell and reload all services from command line, you should be able to see from GUI that the openvpn-server instance that you wanted to delete is no longer there.
And before you do any of the above, backup your config.xml file!
1. grep -n openvpn-server /conf/config.xml | sed 's/:/ /' --> this will give you the line number where OpenVPN server specific line numbers
2. cat -n /conf/config.xml | sed -n '6478,6500p' --> replace line numbers with your machine specific details, this will show you the entire block
3. nano +6478 /conf/config.xml -> this will open nano at the specified line number
4. CTRL+K --> deletes the line at cursor position, delete the entire block between <openvpn-server> </openvpn-server>
5. Exit from shell and reload all services from command line, you should be able to see from GUI that the openvpn-server instance that you wanted to delete is no longer there.
And before you do any of the above, backup your config.xml file!
#6
General Discussion / Re: NUT is Broken After Udatin...
Last post by ubu - Today at 02:42:03 AMQuote from: Patrick M. Hausen on May 16, 2026, 07:16:40 PMthis fixed my issue as well. THANKS!!! Interesting when trying to figure out why my NUT status was no longer working, Claude informed me that a UI bug has been around since 2021. Not sure if that's related or what but thanks for this temp fix anyway.Code Selectopnsense-revert -r 26.1.7 nut
pkg lock nut
#7
Hardware and Performance / Re: cpu-microcode-intel: no ma...
Last post by BrandyWine - Today at 12:06:52 AMSo, I am not sure if it's a mistake or not. For the AMD ucode pkg the MANIFEST files say this, note what I bolded.
So the package was compiled down in May 2026, but it's version is 2025 ?? I assume you would simply see a newer rev of "20251202" pkg in repo ?
{"name":"cpu-microcode-amd","origin":"sysutils/cpu-microcode-amd","version":"20251202","comment":"AMD CPU microcode updates","maintainer":"jrm@FreeBSD.org","www":"UNKNOWN","abi":"FreeBSD:14:*","arch":"freebsd:14:*","prefix":"/usr/local","flatsize":614136,"licenselogic":"single","licenses":["EULA"],"desc":"Processor microcode updates provide bug fixes, which can be critical to\nthe security and stability of your system. This port uses the cpuctl(4)\nmicrocode update facility to keep your AMD processor's firmware\nup-to-date.","deps":{"cpu-microcode-rc":{"origin":"sysutils/cpu-microcode-rc","version":"1.0_2"}},"categories":["sysutils"],"annotations":{"build_timestamp":"2026-05-02T02:00:01+0000","built_by":"poudriere-git-3.4.8","port_checkout_unclean":"no","port_git_hash":"ffb64ba4a0596d34072290d9ffe016f317664a1c","ports_top_checkout_unclean":"no","ports_top_git_hash":"4731beeec6f8dad167fa3b3ff8d4848aea26c2fc"},"messages":[{"message":"Refer to the cpu-microcode-rc installation notes to enable AMD microcode\nupdates.","type":"install"}]}
So the package was compiled down in May 2026, but it's version is 2025 ?? I assume you would simply see a newer rev of "20251202" pkg in repo ?
{"name":"cpu-microcode-amd","origin":"sysutils/cpu-microcode-amd","version":"20251202","comment":"AMD CPU microcode updates","maintainer":"jrm@FreeBSD.org","www":"UNKNOWN","abi":"FreeBSD:14:*","arch":"freebsd:14:*","prefix":"/usr/local","flatsize":614136,"licenselogic":"single","licenses":["EULA"],"desc":"Processor microcode updates provide bug fixes, which can be critical to\nthe security and stability of your system. This port uses the cpuctl(4)\nmicrocode update facility to keep your AMD processor's firmware\nup-to-date.","deps":{"cpu-microcode-rc":{"origin":"sysutils/cpu-microcode-rc","version":"1.0_2"}},"categories":["sysutils"],"annotations":{"build_timestamp":"2026-05-02T02:00:01+0000","built_by":"poudriere-git-3.4.8","port_checkout_unclean":"no","port_git_hash":"ffb64ba4a0596d34072290d9ffe016f317664a1c","ports_top_checkout_unclean":"no","ports_top_git_hash":"4731beeec6f8dad167fa3b3ff8d4848aea26c2fc"},"messages":[{"message":"Refer to the cpu-microcode-rc installation notes to enable AMD microcode\nupdates.","type":"install"}]}
#8
Hardware and Performance / Re: quad interface fierwall PC...
Last post by BrandyWine - May 22, 2026, 11:58:25 PMThe N97 has those pros/cons. The cpu itself is better than N150, but the 97 chews up approx 2.5x more watts !
Those Supe-u items also come with heavy graphics, which wont be used for FW purposes.
Those Supe-u items also come with heavy graphics, which wont be used for FW purposes.
#9
German - Deutsch / Re: "Lahmes" Internet seit Upd...
Last post by cottec - May 22, 2026, 11:41:50 PMokay hab ich jetzt eingestellt mit WAN MTU 1400 und die anderen Interfaces MSS 1400
jetzt kriege ich bei mehr als 1344 ein "message too long"
ist das richtig so?
You cannot view this attachment.
hilft das hier?
und by the way: was sollte man eigentlich schwärzen und was nicht? :D
You cannot view this attachment.
jetzt kriege ich bei mehr als 1344 ein "message too long"
ist das richtig so?
You cannot view this attachment.
hilft das hier?
und by the way: was sollte man eigentlich schwärzen und was nicht? :D
You cannot view this attachment.
#10
General Discussion / Re: [SOLVED] serial console co...
Last post by nero355 - May 22, 2026, 11:39:52 PMQuote from: silke61 on May 22, 2026, 09:23:55 AMYou could add a Desktop VM to your OPNsense VM Network and connect to it via SPICE from your Laptop or PC and have pretty much the same experience as you were actually using a real desktop to manage everything! :)Quote from: franco on May 22, 2026, 08:42:28 AMFor VMs one mostly starts with a VGA image which doesn't have serial enabled.That's why I enabled it after installation.
The standard VGA based console in Proxmox has a few disadvantages, e.g. it doesn't support cut & paste (at least not easily), that is why I used the serial based xterm.js console.
As I said, it works, but only after I changed 'onifconsole' to 'on'.
Did this once in the past and even my triple monitor setup was completely useable with it !!
