"Recent posts
#21
General Discussion / Re: OpnSense SFP+ connection t...
Last post by cologuy - November 20, 2025, 11:11:44 PMIn case anyone finds this thread this has been resolved by swapping the router.
I installed Opnsense 25.7 on a Sophos XG310 with a 4 port fiber expansion module and restored the settings from the M470. I had to adjust the interface assignments but it just took a few minutes and I was up and running.
I used all the same RJ45 -> SFP+ module/cables and I get a full 2g+ up/down through the box. I also tested four different brands of SFP+->RJ45 adapters and they all push 2g+ through the XG310 router.
So the problem appears to be with the Watchguard M470 limiting traffic to 1g for some reason. The XG310 also has a i3-6100 desktop CPU which is about half the CPU power of the E3-1260Lv5 in the M470 so it was definitely not a CPU issue. I'm going to install a E3-1275v5 Xeon just because they are so cheap and we should be good as we step up to 5g or even 10g internet as it drops in price.
I installed Opnsense 25.7 on a Sophos XG310 with a 4 port fiber expansion module and restored the settings from the M470. I had to adjust the interface assignments but it just took a few minutes and I was up and running.
I used all the same RJ45 -> SFP+ module/cables and I get a full 2g+ up/down through the box. I also tested four different brands of SFP+->RJ45 adapters and they all push 2g+ through the XG310 router.
So the problem appears to be with the Watchguard M470 limiting traffic to 1g for some reason. The XG310 also has a i3-6100 desktop CPU which is about half the CPU power of the E3-1260Lv5 in the M470 so it was definitely not a CPU issue. I'm going to install a E3-1275v5 Xeon just because they are so cheap and we should be good as we step up to 5g or even 10g internet as it drops in price.
#22
25.7, 25.10 Series / Re: Unable to get Multiwan Loa...
Last post by rajivdr - November 20, 2025, 11:09:56 PMHi, Anyone able to get it working ?
#23
Hardware and Performance / Re: OPNsense on VMware
Last post by Jose - November 20, 2025, 10:42:48 PMQuote from: spetrillo on November 15, 2025, 06:52:45 PMHello all,
My client runs an OPNsense firewall on VMware. It runs really well and takes no real resources. I am building a replacement 25.7 firewall. As I got to the storage config I stopped thinking...should I allocate two disks and run these in a ZFS raid 1 pair. Well can someone comment if this makes any sense under VMware?
Thanks,
Steve
Hi spetrillo, I could not speak for VMWare Hypervisor or cloud based but I'm using OPNsense under FreeBSD Bhyve with underlying ZFS, I've just installed OPNsense on a single RAW image(can also be a ZVOL) formatted as single/stripe ZFS disk from the OPN installer.
Whit ZFS even on a single disk the system will take advantages of the ZFS compression/snapshots/Boot Environments etc, despite it being on a single disk the ZFS filesystem is resilient/superior to any other filesystem and bulletproof wen installed on two or more drives, but as mentioned completely unnecessary to be installed on two vdisks on the top level unless for testing/development purposes.
And speaking on "Boot Environments" this is a must have feature especially if you upgrade often, with a ZFS installation the OPNsense UI will enable a feature called "System:Snapshots" and this will benefit the average users with little to no command-line experience to easily revert back to a previous working OPNsense state, or to create a new Boot Environment and reboot into it to experiment with system wide changes, here is a screenshot of such feature:
You cannot view this attachment.
Also with ZFS there are additional advantages such as scheduled system snapshots, export/import but not the case here, between I've been using OPNsense with ZFS way before it was experimentally introduced and later officially added to the installer and I can tell you it is rock solid/stable on any modern hardware and/or VM with decent resources.
Also I've been doing something similar on another system with Qemu/KVM for quite some time but with BTRFS on the host data store for development/testing with no issues at all.
Regards
#24
General Discussion / Re: Trouble with VLAN setup on...
Last post by User074357 - November 20, 2025, 10:29:45 PMQuote from: pfry on November 20, 2025, 09:07:17 PMRouting issues? Your PC would normally use the firewall as its gateway in order to route to the NAS subnet. In the other direction, the NAS would also use the firewall as its gateway to reach your PC. And, of course, if you use it to route, the firewall would need a default gateway to the Internet. You have the option of routing directly on the bridge, e.g. use a static route on your PC to route to the NAS through the firewall. If it's not routing, you'll likely need to provide more detailed information.
I use bridges for everything, as I can conveniently assign interfaces to whatever bridge I need them on at any given time, with no address or rule changes. It's not for everyone, but it works.
Routing seems to be fine. I can see the OPNsense sending outbound packets on the VLAN interface.
Just did a packet capture on both ends. There are ARP requests outgoing on the VLAN interface which never get responded to by TrueNAS.
When attempting to ping the OPNsense box from the NAS with "ping 192.168.20.1" the NAS also sends ARP requests which are never responded to.
Not sure what's going on there.
#25
25.7, 25.10 Series / Re: High CPU on Dashboard
Last post by senseOPN - November 20, 2025, 10:15:22 PMQuote from: cyberfarer on November 20, 2025, 09:51:57 PMI am seeing these log entries, but I'm not clear if they're a result of the high CPU:Code Select2025-11-20T12:07:38-05:00
Error
lighttpd
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi.socket-1: Connection refused
That may well be the reason for the high CPU usage!
This is a socket:
root@OPNsense:~ # ls /var/lib/php/tmp/php-fastcgi.socket-1
srwxr-xr-x 1 root wheel 0 Nov 17 22:12 /var/lib/php/tmp/php-fastcgi.socket-1=
Does it exist?
What are the permissions?
#26
25.7, 25.10 Series / Re: High CPU on Dashboard
Last post by cyberfarer - November 20, 2025, 09:51:57 PMI am seeing these log entries, but I'm not clear if they're a result of the high CPU:
Code Select
2025-11-20T12:07:38-05:00
Error
lighttpd
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi.socket-1: Connection refused #27
General Discussion / Unbound DNS and Adguard and sy...
Last post by tdukes - November 20, 2025, 09:51:17 PMHello,
I have been wondering about this for a while but can't find an answer.
I'm running Unbound DNS with OPNsense. OpNsense sits behind my internet providers modem/router and setup as a transparent filter bridge. I also have another PC running AdguardHome.
In System > Settings > General , what should I be using for the DNS servers? Should I use the PC running Adguard? If so, would Unbound be bypassed? I'd like to use both.
Thanks
I have been wondering about this for a while but can't find an answer.
I'm running Unbound DNS with OPNsense. OpNsense sits behind my internet providers modem/router and setup as a transparent filter bridge. I also have another PC running AdguardHome.
In System > Settings > General , what should I be using for the DNS servers? Should I use the PC running Adguard? If so, would Unbound be bypassed? I'd like to use both.
Thanks
#28
25.7, 25.10 Series / Re: High CPU on Dashboard
Last post by senseOPN - November 20, 2025, 09:28:55 PMYes, that does not look sane!
I made a test, had "top" running and then logged in to the dashboard.
I saw just a small spike and then it went down to normal:
last pid: 62529; load averages: 0.24, 0.15, 0.09 up 12+02:08:11 21:27:58
64 processes: 1 running, 63 sleeping
CPU: 0.0% user, 0.0% nice, 0.4% system, 0.0% interrupt, 99.6% idle
Mem: 117M Active, 629M Inact, 2067M Wired, 104K Buf, 59G Free
ARC: 1198M Total, 815M MFU, 244M MRU, 1046K Anon, 17M Header, 118M Other
873M Compressed, 2131M Uncompressed, 2.44:1 Ratio
Swap: 8192M Total, 8192M Free
I made a test, had "top" running and then logged in to the dashboard.
I saw just a small spike and then it went down to normal:
last pid: 62529; load averages: 0.24, 0.15, 0.09 up 12+02:08:11 21:27:58
64 processes: 1 running, 63 sleeping
CPU: 0.0% user, 0.0% nice, 0.4% system, 0.0% interrupt, 99.6% idle
Mem: 117M Active, 629M Inact, 2067M Wired, 104K Buf, 59G Free
ARC: 1198M Total, 815M MFU, 244M MRU, 1046K Anon, 17M Header, 118M Other
873M Compressed, 2131M Uncompressed, 2.44:1 Ratio
Swap: 8192M Total, 8192M Free
#29
25.7, 25.10 Series / Captive-Portal Museum Applicat...
Last post by JimBob - November 20, 2025, 09:27:49 PMHi! Help! I'm using OPNsense 25.7-amd64 FreeBSD 14.3-RELEASE-p1 OpenSSL 3.0.17 on an Intel NUK11PAH to serve, via Captive Portal, a museum "assistant". The idea is to have an offline 10x10 matrix of buttons, so that the visitor can press buttons (e.g. "37") shown next to a display and receive audio, audio/video, or web page information for that exhibit. Although offline and unprotected by password, I want the visitor to be connected to the button matrix, without warnings of being offline (by spoofing the sites browsers check to verify online status) or warnings that unpassword-protected access is risky (I believe the Captive Portal process takes care of that), and have the browser immediately go to the button matrix, which is the landing page for the captive portal. I'm well on my way to having this operational, thanks to ChatGPT, but one issue has us both stumped. GPT directs me to upload my landing page by going to Sidebar -> Services -> Captive Portal -> Administration -> Templates (tab) and click the red "+" (Add) icon, bringing up a popup. I'm told to provide a name in the "Template name" textbox (I provide "A") and browse to my HTML file containing the 10X10 matrix of buttons (I do: it is called "index.html"). But when I click the "Upload" button, the popup disappears, but no template is added to the list, and no file is added to /usr/local/etc/captiveportal or anywhere else I can find. It's as if the popup did nothing. Once I have a template defined, I think my next step is to go to the "Zones" tab, create/edit a zone, and place the template file's name in the "Custom template box.
Where am I going wrong?
Where am I going wrong?
#30
25.7, 25.10 Series / Re: SSD get's massively writte...
Last post by senseOPN - November 20, 2025, 09:25:54 PMroot@OPNsense:~/smart # diff collect_mb_2025-11-19 collect_mb_2025-11-20
1c1
< 4026285 MB
---
> 4026453 MB
root@OPNsense:~/smart # python3
Python 3.11.14 (main, Oct 21 2025, 21:38:48) [Clang 19.1.7 (https://github.com/llvm/llvm-project.git llvmorg-19.1.7-0-gcd7080 on freebsd14
Type "help", "copyright", "credits" or "license" for more information.
>>> 4026453 - 4026285
168
So, we are down to 168 MB in about 20 hours.
Good enough for me :-)
Thanks!
1c1
< 4026285 MB
---
> 4026453 MB
root@OPNsense:~/smart # python3
Python 3.11.14 (main, Oct 21 2025, 21:38:48) [Clang 19.1.7 (https://github.com/llvm/llvm-project.git llvmorg-19.1.7-0-gcd7080 on freebsd14
Type "help", "copyright", "credits" or "license" for more information.
>>> 4026453 - 4026285
168
So, we are down to 168 MB in about 20 hours.
Good enough for me :-)
Thanks!
