Recent posts

#21
Hardware and Performance / Re: N150 / N355 good fits?
Last post by Seimus - Today at 11:32:16 AM
Quote from: Billy2010 on November 24, 2025, 09:26:29 PMAre there good alternatives to Zenarmor?
Or are there better solutions offering this kind of configuration.
A dream machine pro max also has 5G with ids. And thats not even per core it seems on first glance

Well ZA is mainly a NGFW, the closest alternative or better to say the only alternative is Suricata. And I have a feeling Suricata supports multicore... But you would have to check. However Suricata is without the nice reporting that ZA provides on Device.

Unify solution for IDS is done bit differently from ZA, it reaches higher throughput thats true. But its not vendor agnostic.

Quote from: Billy2010 on November 24, 2025, 09:26:29 PMWould you suggest the i5 1335u (1334u was a typo).
They also have a H155 (6P+8E+2le cores).

If your use case and deployment requires an IDS/NGFW, I would target a system that can deliver the highest possible performance per CORE.

Regards,
S.


#22
That missing commands translation seems to be a small oversight here:

https://github.com/opnsense/core/pull/9453
#23
25.7, 25.10 Series / Re: VPN: IPsec: Status Overvie...
Last post by dstr - Today at 11:23:00 AM
therese also a checkbox without description:
#24
Go to 25.7.7_4 and try again
#25
25.7, 25.10 Series / VPN: IPsec: Status Overview
Last post by dstr - Today at 11:17:18 AM
OPNsense 25.7.7_2-amd64
FreeBSD 14.3-RELEASE-p4
OpenSSL 3.0.18


Phase2 table is missing
#26
25.7, 25.10 Series / Re: Can't update 25.7
Last post by Jboy4 - Today at 10:26:01 AM
That was the fix. Thank you.
#27
General Discussion / Re: GUI/Shell crashing
Last post by meyergru - Today at 09:51:19 AM
Quote from: Mattps on Today at 08:37:05 AMI've looked and couldn't find any microcode updates AMD only deliver these for this CPU via bios updates and the bios update for this model is only delivered by HP.


That is only partially correct. AMD may deliver what they want. The updates contained in BIOSes are being extracted and put into separate packages, such as os-cpu-microcode-amd for OpnSense, to be applied apart from BIOS updates. BTW: There are similar packages for Linux / Proxmox as well using the same extracted firmwares.

I repeatedly tried to tell you. Had you looked at https://forum.opnsense.org/index.php?topic=42985.0, point 23 and followed the link to the official docs there, you should have noticed.

The only question is if there is actually an update available in that package for you specific CPU and if it fixes your problem. You will find out only if you try, not by discussing if this is possible at all, so please do as Patrick said.


#28
https://github.com/opnsense/core/issues/8181#issuecomment-2571634803

https://github.com/opnsense/core/issues/5238#issuecomment-927822469

I doubt it works in pfsense if its unsupported by FreeBSD in general.

If not, whats the configuration magic for that? It would need multiple FIBs (aka virtual routing instances)
#29
General Discussion / Multi-wan with PPPoE not worki...
Last post by charles - Today at 09:08:44 AM
Hi,

I have 5 PPPoE lines from the same ISP.

After binding them to different interfaces on OPNsense and dialing each up separately, they obtain different IP addresses (all with 32-bit subnets) but the same gateway.

I configured unique monitor IPs for each gateway in the Gateway settings, and now the gateway status (including probe latency and packet loss) shows normal for all.

I also set up individual SNAT rules for each interface—with source/destination addresses set to "any", IPv4 protocol, and translation to the outgoing interface's IP.

However, when I create rules in Firewall -> Rules -> LAN and specify a gateway, only the rule pointing to the first PPPoE gateway works; the others fail to connect.

I've been using this exact setup on pfSense without issues for years. The key was just setting unique monitor IPs. But it seems this doesn't work on OPNsense?

Did I miss something crucial, or is this not supported on OPNsense? Are there any alternative workarounds?

Thanks!
#30
25.7, 25.10 Series / Re: Using Adguard Home and DNS...
Last post by scatman75 - Today at 09:03:00 AM
I'm using this configuration (AdGuard Home on port 53) and dnsmasq also on port 53053, after previously abandoning a combination of ISC DHCP, Unbound, and AdGuard.

DNS resolution works perfectly. However, I'm experiencing significant problems with DHCP. After a complete system reboot (without any old leases), everything works as expected. After some time, presumably after the lease expires, the DHCP devices lose their connection and cannot reconnect. Unfortunately, I haven't been able to determine the cause of this behavior.

I've tried all available options in dnsmasq, but haven't found a stable solution yet. If you find a stable configuration, it would be great if you could share it here, especially the setting under "Services: Dnsmasq DNS & DHCP: General". My current settings are attached.