Recent posts

[proxmox]

#71

Hardware and Performance / Re: Throughput on WAN took a n...

Last post by nullspace - March 31, 2026, 02:13:36 AM

post #3 I state that I'm using proxmox also I noted the NIC hardware I was using which is all intel, i266V and X553. No realtek. It has 8GBs of RAM. All suggested tunables were configured on this more than a year ago. This is system has run very well for around 2+ years and I kept it up to date weekly.

Please note I'm now fully on X553 NICs for WAN and LAN. They are shared to the VM via passthrough on proxmox (host). It is still slow for incoming bandwidth... upload looks to be back to normal. ( ~300 Mbps Down ( this should be 2000 Mbps) , ~280 Mbps up). I changed nothing on the device all last year except the firmware and only some where in the 4th quarter of 2025 did it drop off a cliff.

#72

26.1 Series / DHCRelay Configuration

Last post by hanzs - March 31, 2026, 01:28:15 AM

I have spent hours trying to configure dhcrelay so I need some help.  I am using Kea as my DHCP server and would like to forward dhcp requests to all the other vlans - 8 in all.  Could someone point me to a tutorial (which I haven't been able to find) that will give me info on how this works.
Opnsense is connected to an L3 switch - the switch has dhcp relay set - I may be configuring DHCRelay incorrectly since I don't completely understand how it works.  Thanks for your help.

~H

#73

General Discussion / Re: Port OPNsense to Linux?

Last post by pfry - March 31, 2026, 01:16:35 AM

[...]Can the functions be added to Linux's kernel, and would it make sense, if someone was to convince Linus about the importance of it?

Heh. Even the reprogrammed, sensitive and politically correct Linus would have some choice words about that.

Why not get serious and add a pf (filter) and IPFW (shaper compatibility layer) plugin to VPP? No kernel mods required. Porting OPNsense (and maintaining the port) would be a bit of a nightmare. And VPP itself is a moving target - there's a reason it's not packaged for any distro (that is, available via a package manager [Edit: standard repository. I knew what I meant.]).

#74

General Discussion / Re: Port OPNsense to Linux?

Last post by pfry - March 31, 2026, 01:06:33 AM

It's not exactly a one VLAN limit but a four zones total limit as I found out. For whatever reasons. Seems silly.[...]

IPFire (or its progenitor) actually implemented very limited VLAN support (one VLAN per interface/zone...?) before Ben Greear's VLAN code was upstreamed, and they kept that model for historical reasons. From "Zone Configuration":

Code Select Expand

Please note that:
- Due to backwards compatibility reasons, you can't assign more than one VLAN to a zone
- One NIC can't be accessed natively by more than one zone
- You can't use the same VLAN tag more than once per NIC
[...]

IPFire is definitely its own thing.

#75

Zenarmor (Sensei) / Re: Zenarmor performance @ Int...

Last post by Seimus - March 31, 2026, 01:05:17 AM

With the 2.5g, Microtik doesn't really have any choices or I might have bought one. Knock the POE requirement away and the crs326-24s+2q+ and some 2.5g modules would do the trick. 2.5g modules are around $20 from Wiitek (I have a couple of these in service right now, not hot at all), hard to say if I'm getting real 2.5g speeds, but I'm getting more than 1.5g speeds through a Moca 2.5 pair of converters and about 100 feet of RG6, average 4ms ping times which is right in line with what the manufacturer says.

This is not a bad idea at all.

There are some Extreme Networks switches that fit your needs, but you are going to want to wait until you see a bounced of the truck sale. That's how I got my 5420m-48w-4ye (48 gigabit ports with 90 watts POE each port, and 4x25g, with 2x stacking that can be 2x10g, and dual 900 watt supplies) at $400 I couldn't resist. Was brand new in box, but I'm not going to register it.

I totally forgot there is as well Extreme. I had the pleasure with their switches 5-7years ago and I was not so pleased... That 5420m-48w-4ye how loud/noisy it is?

Also look at some of the FS switches, again wait for a bounced off the truck sale on ebay.

Not a bad idea as well will check FS too.

Regards,
S.

#76

Tutorials and FAQs / Re: IPv6 Control Plane with FQ...

Last post by OPNenthu - March 31, 2026, 12:31:21 AM

To Mr. Täht, who tamed our networks.  🥃

#77

Zenarmor (Sensei) / Re: Zenarmor performance @ Int...

Last post by OPNenthu - March 31, 2026, 12:21:20 AM

Podman is just an alternative to Docker and something I don't feel like maintaining either :)

That's the beauty of it: you don't manage anything.  It manages itself, including updates.  You don't touch a thing on the OS.  From the user perspective it's just an app installer.  You run it.  It installs UOS.  Done.

That wasn't the case in the past.  You needed to install and maintain Docker yourself, as well as each container (MongoDB, Network) and their connections.

#78

General Discussion / Re: Port OPNsense to Linux?

Last post by drosophila - March 31, 2026, 12:14:54 AM

It's not exactly a one VLAN limit but a four zones total limit as I found out. For whatever reasons. Seems silly.

AFAICS this is a legacy concept that originated from SmoothWall, before it became IPCop, before it became IPFire. Or somesuch as I didn't follow the development closely.
They had originally "colored" the physical interfaces, which made perfect sense back in the day as there aren't too many even now. Probably the simplicity of the concept kept it around, even though with VLANs it should be updated to at least "8 bit colors". :)

#79

General Discussion / Which trigger for new IPv6 PE ...

Last post by drosophila - March 31, 2026, 12:00:53 AM

I'm stuck trying to react to the WAN interface getting a new IPv6 privacy extensions address. I've found the "newwanipv6" trigger but that only triggers when the main IPv6 address / prefix has changed. It does, however, not trigger when privacy extension addresses expire / new ones are generated. I need to react to both these events. A cron job would be possible but running that every minute is both wasteful and slow to react. There must be a better way, can somebody please point me in the right direction?

#80

Zenarmor (Sensei) / Re: Zenarmor performance @ Int...

Last post by nero355 - March 30, 2026, 11:00:56 PM

No, no Docker needed.

I meant that I used to use Docker for hosting the legacy Network controller but it was a bit cumbersome, especially under Proxmox. 

With UOS you just run the installer and it sets up its own environment with podman, which it installs from the OS repo.

Podman is just an alternative to Docker and something I don't feel like maintaining either :)

https://ui.com/download/software/unifi-os-server

has an arm64 build, which installs on raspiberry pi without AXV, obviously.

That's not how it works my guy :)

where is the AVX is required? maybe for x86?

100% This =>

For MongoDB since version 5.0:  https://www.mongodb.com/docs/manual/administration/production-notes/

And for ARM you need at least ARMv8.2-A.

This change effectively rendered both my Intel NUC7PJYH (J5005) and RPi 3B+ incapable of running the Network controller with any still-supported version of Mongo.  Neither can my OPNsense box (N5105).

You can cheat it all for a while (I have got the UniFi Controller 9.x.x running on an old Intel Atom NUC 2820 FYKH) but one day you will have to upgrade to something newer !!

For now I am leaning towards some AARCH64 product with A55 Cores like the Odroid C4 Series.

AVX2 was 2013, haswell, so even that isn't really a concern at this point.

You want something that is Intel Atom/Celeron/Pentium like and the price of the models with AVX/AVX2 is still pretty high compared to older models...

i have no love for unifi and its lottery / gamble of software updates

100% Agree! :)

but this thread seems like it has a lot of misinformation in it

So far I haven't seen anything that isn't true in the sense that it's a total lie ?!

Yes, I was only talking about x64 as VM, which seems like the obvious choice for self-hosting.

Not always the case :)

I know you can use a Raspberry, yet I found it to have a high power envelope for what it can do

The Raspberry Pi models were compared against each other at the time when the Raspberry Pi 3B+ was released and it turned out that the Pi 2B and 3B had the best Power to Performance ratio of all models !! ;)

Sadly the specific Blog article was removed by the Raspberry Pi Foundation on their website so I can't give you a link to it.
In the Pi 4B and 5B years there were also no new articles with similar tests so I can't say anything about those models in this regard.

That AVX requirement on x64 platforms is mostly irrelevant anyway, because even an N100 has AVX2. Any fairly modern x64 CPU should have it.

Intel Atom/Celeron/Pentium NUCs and all similar models have gone up in price a lot over the years so a Odroid with A55 Cores or Raspberry Pi with A76 Cores could be the better alternative for some people...

I use an old unifi cloud key gen2

The problem with those things is that once they are declared EOL you can't use them for anything else...

Or at least so far I have not read about it anyway.

and then i dont have think about it and move on with my life and not make homelab a 2nd full time job.

It's a hobby, not a job for me :)

i assume either that is arm64 is 8.2+ or unifi will figure it out, one way or the other.

Yeah, they will figure it out for you by making you buy a new one! LOL! ^_^