"Recent posts
#31
Hardware and Performance / Re: (Solved) Internet speeds r...
Last post by nero355 - Today at 01:38:18 PMQuote from: manki_09 on January 18, 2026, 02:35:47 AMFlow Control on the Aruba switch wasn't working even though it was enabled.So Aruba Instant On 1930 with Firmware 3.3.2 and "Shaping Settings" (What kind of ?/Which ones exactly ?) has issues with buffering traffic between the 10 Gbps and 1 Gbps ports ?
Did testing between 10gb links and 1 gig links and found the same 300mbps when sending data from the 10gb links to 1gb but fine in the opposite direction.
I think there was a glitch in the Aruba Switch (3.3.2) that seemed to not apply flow control.
I finally got it to work after testing Aruba shaping setting and when removed the shaping settings it seems to work just fine. Speeds on 1gb links are good and also good on 2.5 and 10gb links.
The reason I am asking is that I have seen similar reports on both a Netgear Switch and Ubiquiti UniFi Routers and Switches sadly and to read that Aruba has this issue too is very disappointing, because I expected them to do this kind of stuff a lot better...
#32
General Discussion / Re: Where is TCP processed - C...
Last post by Seimus - Today at 01:36:59 PMI would definitely advice to disable ASPM, either via BIOS or in Linux.
ASPM enabled can do a lot of performance related problems and realtek is not excluded from this.
The NIC stats, look good, there is no errors or dirty packets seen.
In regards of your testing, you have here some interesting results;
1. Iperf > fast to slow = throughput limited
2. Linux package updates = throughput slow
3. Browser download = fast
For
1. Iperf > fast to slow
Can you try to restest this but set P2 at least to trigger multicore spread of iperf? And post the results
Try scenarios where the slow is the client as well server, and during scenario where its client try with and without the flag -R
2. Linux package updates
This one is curious, cause you can be rate limited, try to refresh your mirrors
3. Browser download
No clue about this, I would assume similar results as for Iperf, but maybe this can be due to the fact the browsers is using multiple cores to process the packets.
As well what kind of congestion algoritm are you using? Maybe you can try to switch it to BBR.
Regards,
S.
ASPM enabled can do a lot of performance related problems and realtek is not excluded from this.
The NIC stats, look good, there is no errors or dirty packets seen.
In regards of your testing, you have here some interesting results;
1. Iperf > fast to slow = throughput limited
2. Linux package updates = throughput slow
3. Browser download = fast
For
1. Iperf > fast to slow
Can you try to restest this but set P2 at least to trigger multicore spread of iperf? And post the results
Try scenarios where the slow is the client as well server, and during scenario where its client try with and without the flag -R
2. Linux package updates
This one is curious, cause you can be rate limited, try to refresh your mirrors
3. Browser download
No clue about this, I would assume similar results as for Iperf, but maybe this can be due to the fact the browsers is using multiple cores to process the packets.
As well what kind of congestion algoritm are you using? Maybe you can try to switch it to BBR.
Regards,
S.
#33
25.7, 25.10 Series / Re: Periodic interface reset -...
Last post by franco - Today at 01:31:39 PMWell, we're talking about the documented cron job name "periodic interface reset":
https://docs.opnsense.org/manual/settingsmenu.html#cron
And not all interfaces use DHCP but can still be "periodically reset".
Please don't shoot the messenger. This terminology was invented before we started our project. :)
Cheers,
Franco
https://docs.opnsense.org/manual/settingsmenu.html#cron
And not all interfaces use DHCP but can still be "periodically reset".
Please don't shoot the messenger. This terminology was invented before we started our project. :)
Cheers,
Franco
#34
General Discussion / subdomains / haproxy not worki...
Last post by kasperski1868 - Today at 01:27:22 PMSo after a lot of fidgeting I got my synology apps and some docker applications wan-accessible through subdomains (on a cloudflare domain) with ACME/haproxy/unboundDNS in Opnsense. It worked both from lan and wan initially, but recently I discovered that now it only works from wan. Changes I' ve made recently are DNS through PiHole instance (proxmox) which I have already reverted back to the IP of the router, and a couple of Opnsense updates.
To anyones knowledge: could my (quite possibly imperfect) setup now be failing because of recent Opnsense changes?
To anyones knowledge: could my (quite possibly imperfect) setup now be failing because of recent Opnsense changes?
#35
25.7, 25.10 Series / Re: Periodic interface reset -...
Last post by nero355 - Today at 01:07:24 PMQuote from: clarknova on Today at 04:16:06 AMinterface reset
Quote from: franco on Today at 12:16:58 PMinterface resetWhy are we not talking about a nice and clean DHCP Release & DHCP Renew ?!
When someone says 'Interface Reset' it sounds to me like they are just Disabling/Enabling the Interface or doing some weird driver related stuff or just pulling the cable and those things are a last resort in general...
#36
Tutorials and FAQs / Re: [HOWTO] Sonos speaker in m...
Last post by fastboot - Today at 01:02:54 PMSorry, I have no clue about Harmony Hub. I never used it. From what I found is, it uses SSDP and some cloud functions.
As I cannot reproduce this setup, its kinda hard to explain. At least without you giving the correct input.
Therefore I propose: If you need help, I guess its best to open another thread for this. And perhaps write later a tutorial for the others? ;)
It shouldn't be a big deal to move HA to your IOT Network. If the Harmony Hub is also placed there, there is no need to do any ingress filtering on the IOT side as they remain in the same broadcast domain. You can easily control HA itself from any other network.
As I cannot reproduce this setup, its kinda hard to explain. At least without you giving the correct input.
Therefore I propose: If you need help, I guess its best to open another thread for this. And perhaps write later a tutorial for the others? ;)
It shouldn't be a big deal to move HA to your IOT Network. If the Harmony Hub is also placed there, there is no need to do any ingress filtering on the IOT side as they remain in the same broadcast domain. You can easily control HA itself from any other network.
#37
25.7, 25.10 Series / Re: How to increase a proxmox ...
Last post by nero355 - Today at 01:01:49 PMQuote from: meyergru on Today at 12:18:00 PMActually, it would also work for disk cloning on physical installs which often becomes neccessary with cheap SSD disks or when replacing them with larger ones.Considering the fact that SSD's are very sensitive to poor alignment of the partitions I am not a big fan of cloning them like we did with HDD's in the past to be honest :)
IMHO it should probably be the default.
Quotebut I wonder who needs OpnSense other than as a 24/7 appliance?Totally agree!
#38
25.7, 25.10 Series / Re: IPv6 connectivity error af...
Last post by nero355 - Today at 12:57:02 PMQuote from: TDroenner on Today at 12:42:29 PMIs there any timeframe for the release of this fix?The release of OPNsense 26.1 is planned for the end of January according to a message in another thread and according to @franco's reply the fix should be in that release so I guess you will have to wait another 8 to 11 days :)
#39
German - Deutsch / Re: Merkwürdiges Verhalten der...
Last post by viragomann - Today at 12:53:32 PMQuote from: Strubbi on Today at 11:37:41 AMDas ist eine komplizierte GeschichteIch stimme zu. Jedenfalls verstehe ich nicht den Sinn der Sache.
Quote from: Strubbi on Today at 11:37:41 AMWenn du einen anderen Lösungsansatz hast bin ich ganz Ohr.Dafür wäre es vielleicht besser, die Herausforderung zu erklären, denn die versuchte Umsetzung.
Quote from: Strubbi on Today at 12:14:53 PMDer OpenVPN Server läuft bei uns nicht auf der Firewall, sondern auf einem eigenen virtuellen Rechner. Mein Chef will, dass das so bleiben soll.Das verkompliziert die Sache gewiss, warum auch immer man das so haben möchte, es sollte aber dennoch umsetzbar sein.
#40
25.7, 25.10 Series / Re: What is the official migra...
Last post by nero355 - Today at 12:52:01 PMQuote from: +DS_DV+ on January 19, 2026, 02:07:33 PMthank you for your input <3And thank you for the link to the guide which answered some minor questions that I had about some options and the workflow that I had planned :)
looks like a manual migration is necessary
for others researching this here is a guide i found in the web:
https://homenetworkguy.com/how-to/migrate-from-isc-dhcp-to-dnsmasq-or-kea-dhcp-in-opnsense/
Now running KEA DHCP instead of ISC DHCP and everything seems to work fine after a quick 10 minute or so migration thanks to the beautiful Import/Export option for DHCP IPv4 Reservations via .csv files!
