"Recent posts
#21
General Discussion / IPv6 and Android Google play s...
Last post by NetworkNitwit - January 24, 2026, 06:01:31 PMNot long configured my first proxmox opnsense firewall router(newbie). Using v25.7.x and its been working well. Last night I noticed my Samsung phone had 20 odd apps that needed to updated ,bit surprised ,so I tried & they all kept failing with pending...timeout.
After a lot of wailing and gnashing of teeth I gave the samsung a static IPv4 with DNS 8.8.8.8 and updates started to work.
So google told me its a IPV6 issue and I turned it off on the interaces and put the samsung back on DHCP and yes it works.
Now I dont really know why but I would like IPV6 working maybe its the future!
I'm using .internal as my domain is this ok & how can I see where its falling down when I try to update apps? I looked in firewall logs and couldn't see an issue, during the process I turned off my firewall & IPS completely.
I'm using DNSmasq and Unbound as OPNsense documentation suggests for default install 2026. Any pointers to other logs which could highlight a DNS/DHCP issue I would be appreciative.
Dan
After a lot of wailing and gnashing of teeth I gave the samsung a static IPv4 with DNS 8.8.8.8 and updates started to work.
So google told me its a IPV6 issue and I turned it off on the interaces and put the samsung back on DHCP and yes it works.
Now I dont really know why but I would like IPV6 working maybe its the future!
I'm using .internal as my domain is this ok & how can I see where its falling down when I try to update apps? I looked in firewall logs and couldn't see an issue, during the process I turned off my firewall & IPS completely.
I'm using DNSmasq and Unbound as OPNsense documentation suggests for default install 2026. Any pointers to other logs which could highlight a DNS/DHCP issue I would be appreciative.
Dan
#22
General Discussion / Re: ISC-DHCP to KEA Migration ...
Last post by Sheridan Computers - January 24, 2026, 05:42:42 PMQuote from: franco on January 24, 2026, 11:15:44 AMSince Sam mentioned it we've made the GUI consistent https://github.com/opnsense/plugins/commit/14a130188
But more tools are certainly nice :)
Thanks,
Franco
It was a good learning experience at least 😀
#23
25.7, 25.10 Series / Re: New site PPPoE PMTU woes
Last post by meyergru - January 24, 2026, 05:21:26 PMI would probably first try to make sure that the problematic downstream devices also use an MTU of 1492 bytes.
#24
25.7, 25.10 Series / Re: New site PPPoE PMTU woes
Last post by ToasterPC - January 24, 2026, 05:16:59 PMQuote from: meyergru on January 24, 2026, 09:26:09 AMI cannot test this, because I neither have the OpnSense VM on PVE nor an MTU of 1492, sorry.Don't worry
So far, you've helped me narrow down the issue a lot, so thanks for everything either way.
However, I'm not sure if this problem has gotten to a point where perhaps a bug report or a different thread would be more appropriate.
MTU, MSS and PMTU do seem to be working correctly now, it's just the downstream devices that seem to still need something to get in line, and I'm honestly not sure where to begin looking for alternate solutions.
Assuming that either of those other options were viable, where would you begin and with which one would you pick?
#25
26.1 Series / Re: Kea IPv6, random allocatio...
Last post by franco - January 24, 2026, 05:07:35 PMHi again,
In subnets under advanced settings, see https://github.com/opnsense/core/commit/65bd273b33
It was added in 25.1.7 so many months ago :)
Cheers,
Franco
In subnets under advanced settings, see https://github.com/opnsense/core/commit/65bd273b33
It was added in 25.1.7 so many months ago :)
Cheers,
Franco
#26
26.1 Series / Re: Track interface / Identity...
Last post by franco - January 24, 2026, 05:03:26 PMHi,
I'm not entirely sure what config you use and what the scripting looks like but I'm working on better PD selection, see
https://github.com/opnsense/core/commit/52018a0260
Patch does not readily apply at the moment but once 26.1 comes out I want to make another round of testing.
If you can privately dump the output of "pluginctl -g interfaces" for your config that produces the error I can try to see if that is expected given the constraints or if there is a new bug with the validation.
That being said in the new patch you can (optionally) select different PDs for each interface. The author of the ticket https://github.com/opnsense/core/issues/7647 also uses AT&T.
Cheers,
Franco
I'm not entirely sure what config you use and what the scripting looks like but I'm working on better PD selection, see
https://github.com/opnsense/core/commit/52018a0260
Patch does not readily apply at the moment but once 26.1 comes out I want to make another round of testing.
If you can privately dump the output of "pluginctl -g interfaces" for your config that produces the error I can try to see if that is expected given the constraints or if there is a new bug with the validation.
That being said in the new patch you can (optionally) select different PDs for each interface. The author of the ticket https://github.com/opnsense/core/issues/7647 also uses AT&T.
Cheers,
Franco
#27
German - Deutsch / Re: Intel i226-V + OPNsense: W...
Last post by meyergru - January 24, 2026, 04:50:30 PMIch wiederhole es: Diese Systeme (mit I226V) haben normalerweise keine Probleme mit Handshakes o.ä. - abgesehen davon würden die unter allen OSen auftreten. Am Rande: Meine Hardware ist ganz ähnlich. Es geht hier nur darum, wie der Provider mit gepufferten Daten umgeht und wie groß diese Puffer sind. Bei anderen Router-OSen ist oft schon intern ein Traffic-Shaping aktiv, steht alles auf der verlinkten Seite.
Die Tatsache. dass Du vom Client zur OpnSense das volle Gigabit bekommst, illustriert dies: keine Hardwareprobleme.
Die angeführten Tuneables ändern nichts daran, weil beispielsweise die aufgeführten TCP-Parameter ausschließlich für TCP-Verbindungen von der OpnSense selbst wirken, nicht für geroutete TCP-Pakete von angeschlossenen Clients.
Das ist genau der Bereich, den Du mit Traffic-Shaping beeinflussen kannst. Bezeichnenderweise wird genau das auf der von Zapad verlinkten Seite auch gezeigt, nämlich: https://github.com/nightcomdev/opnsense/blob/main/QoS/README.md
Ich höre aber jetzt hier auf. Alles ist gesagt: Test (mit OpnSense) für Bufferbloat durchführen - meine Erwartung: schlechte Ergebnisse. Dann die verlinkten TS-Einstellungen vornehmen, sehen ob es hilft.
Die Tatsache. dass Du vom Client zur OpnSense das volle Gigabit bekommst, illustriert dies: keine Hardwareprobleme.
Die angeführten Tuneables ändern nichts daran, weil beispielsweise die aufgeführten TCP-Parameter ausschließlich für TCP-Verbindungen von der OpnSense selbst wirken, nicht für geroutete TCP-Pakete von angeschlossenen Clients.
Das ist genau der Bereich, den Du mit Traffic-Shaping beeinflussen kannst. Bezeichnenderweise wird genau das auf der von Zapad verlinkten Seite auch gezeigt, nämlich: https://github.com/nightcomdev/opnsense/blob/main/QoS/README.md
Ich höre aber jetzt hier auf. Alles ist gesagt: Test (mit OpnSense) für Bufferbloat durchführen - meine Erwartung: schlechte Ergebnisse. Dann die verlinkten TS-Einstellungen vornehmen, sehen ob es hilft.
#28
General Discussion / WAN failover DNS problem
Last post by pinpoint - January 24, 2026, 04:31:17 PMWAN1 is my main fiber and WAN2 is netgeaer MR5200 mobile router (in passover mode)
I have also setup Unbound DNS, query forwarding is disabled, and dns server in system-settings-general are empty. Gateway switching is checked.
DNS works over WAN1, but when I disconnect WAN1 and WAN2 takes over, i can access external webpages for about 10 sec, then all new pages times out. I am able to ping external ip adresses as well as ip tv is still streaming seamlessly.
I have now spent several hours for many weeks trying to fix this but nothing seems to help. I suspect that the problem lies with Unbound DNS. When I manually change dns on my laptop to 8.8.8.8, DNS finally works but I don`t want to change to 8.8.8.8 on all may clients. I want to use my firewall DNS 192.168.50.1.
I also use Dnsmasq DNS & DHCP where DNS and gateway are directed to CARP IP on my firewall 192.168.50.1.
I setup failover by using the guide on https://docs.opnsense.org/manual/how-tos/multiwan.html as well as troubleshooting using chatgpt. I have read multiple posts here where people seem to have simlar problem.
OPNsense 25.7.11_2-amd64.
Anyone know what might be the problem?
I have also setup Unbound DNS, query forwarding is disabled, and dns server in system-settings-general are empty. Gateway switching is checked.
DNS works over WAN1, but when I disconnect WAN1 and WAN2 takes over, i can access external webpages for about 10 sec, then all new pages times out. I am able to ping external ip adresses as well as ip tv is still streaming seamlessly.
I have now spent several hours for many weeks trying to fix this but nothing seems to help. I suspect that the problem lies with Unbound DNS. When I manually change dns on my laptop to 8.8.8.8, DNS finally works but I don`t want to change to 8.8.8.8 on all may clients. I want to use my firewall DNS 192.168.50.1.
I also use Dnsmasq DNS & DHCP where DNS and gateway are directed to CARP IP on my firewall 192.168.50.1.
I setup failover by using the guide on https://docs.opnsense.org/manual/how-tos/multiwan.html as well as troubleshooting using chatgpt. I have read multiple posts here where people seem to have simlar problem.
OPNsense 25.7.11_2-amd64.
Anyone know what might be the problem?
#29
German - Deutsch / Re: Intel i226-V + OPNsense: W...
Last post by Zapad - January 24, 2026, 04:26:23 PMich meinte auf der seite unter:
Hardware & Driver Settings
dev.igc.0.fc 0 1 Disable flow control on igc0 0=disabled 1=enabled
dev.igc.1.fc 0 1 Disable flow control on igc1 0=disabled 1=enabled
dev.igc.2.fc 0 1 Disable flow control on igc2 0=disabled 1=enabled
dev.igc.3.fc 0 1 Disable flow control on igc3 0=disabled 1=enabled
dev.igc.0.eee_control 0 1 Disable Energy Efficient Ethernet 0=disable 1=enabled
dev.igc.1.eee_control 0 1 Disable Energy Efficient Ethernet 0=disable 1=enabled
dev.igc.2.eee_control 0 1 Disable Energy Efficient Ethernet 0=disable 1=enabled
dev.igc.3.eee_control 0 1 Disable Energy Efficient Ethernet 0=disable 1=enabled
hw.igc.max_interrupt_rate 20000 8000 Max interrupts per second (10k). 8000 is also good and keep latency low. You can test with higher values if you have better ethernet card
hw.igc.enable_aim 2 1 Adaptive interrupt moderation. 2=low latency Adaptive Interrupt Moderation (AIM) — dynamically adjusts interrupt rate based on load., 1=normal Static interrupt moderation — not adaptive. (Fixed delay intervals), 0=disabled Every packet (or small
group) triggers immediate interrupt. Lowest latency, highest CPU interrupt rate
du kannst mal die Werte unter
System>einstellungen>optimierung testen.
Hardware & Driver Settings
dev.igc.0.fc 0 1 Disable flow control on igc0 0=disabled 1=enabled
dev.igc.1.fc 0 1 Disable flow control on igc1 0=disabled 1=enabled
dev.igc.2.fc 0 1 Disable flow control on igc2 0=disabled 1=enabled
dev.igc.3.fc 0 1 Disable flow control on igc3 0=disabled 1=enabled
dev.igc.0.eee_control 0 1 Disable Energy Efficient Ethernet 0=disable 1=enabled
dev.igc.1.eee_control 0 1 Disable Energy Efficient Ethernet 0=disable 1=enabled
dev.igc.2.eee_control 0 1 Disable Energy Efficient Ethernet 0=disable 1=enabled
dev.igc.3.eee_control 0 1 Disable Energy Efficient Ethernet 0=disable 1=enabled
hw.igc.max_interrupt_rate 20000 8000 Max interrupts per second (10k). 8000 is also good and keep latency low. You can test with higher values if you have better ethernet card
hw.igc.enable_aim 2 1 Adaptive interrupt moderation. 2=low latency Adaptive Interrupt Moderation (AIM) — dynamically adjusts interrupt rate based on load., 1=normal Static interrupt moderation — not adaptive. (Fixed delay intervals), 0=disabled Every packet (or small
group) triggers immediate interrupt. Lowest latency, highest CPU interrupt rate
du kannst mal die Werte unter
System>einstellungen>optimierung testen.
#30
German - Deutsch / Re: Intel i226-V + OPNsense: W...
Last post by Joey78 - January 24, 2026, 04:15:35 PM@meyergru Entschuldige, ich wollte nicht zum ausdruck bringen das ich dir das nicht glaube. Mir geht es mehr darum das ich in dem Thema neu und etwas Überfordert bin. Mit der Sophos hat das halt über viele Jahre von Sich aus funktioniert und jetzt habe ich mit dem neuen Produkt Anlaufschwierigkeiten die ich nicht einordnen kann. Mit den Ausdrücken Bufferbloat kann ich nicht viel anfangen. Ich habe deine Zwei links natürlich ausgeführt aber die zeigen mir Werte die mir halt nichts weiter für mein Problem sagen. Cloudflare zeigt auch bei Network Quality Score video Stream Good Online Game Great video Chattin Good an Speed ist dann aber 87Mbit und up 21,5,.... Das jetzt über ein Windowsnotebook hinter der Opnsense die hinter der Sophos hängt.
@Zapad was meinst du mit Hardwaresparte? was da bei mir eingestellt ist? Und ja ich habe da mal rumexperimentiert aber nicht mit der Githubseite von dir. eher mit KI Fragen und Empfehlungen.
Also ich bin echt froh das ihr mir helft, Ich bitte euch um Nachsicht, ich bin hier nicht so dick in der Materie sonst würde ich nicht um Hilfe bitten.
Kann ich euch irgendwelche Daten zur Verfügung stellen mit denen ihr mir hier vielleicht helfen könntet?
@Zapad was meinst du mit Hardwaresparte? was da bei mir eingestellt ist? Und ja ich habe da mal rumexperimentiert aber nicht mit der Githubseite von dir. eher mit KI Fragen und Empfehlungen.
Also ich bin echt froh das ihr mir helft, Ich bitte euch um Nachsicht, ich bin hier nicht so dick in der Materie sonst würde ich nicht um Hilfe bitten.
Kann ich euch irgendwelche Daten zur Verfügung stellen mit denen ihr mir hier vielleicht helfen könntet?
