"Recent posts
#81
25.7, 25.10 Series / Transparent Filtering Bridge +...
Last post by OpnsenseNewbie123 - November 19, 2025, 05:07:49 PMHi Folks,
I have been trying to configure traffic shaping to limit bandwidth to clients on my transparent filtering bridge setup and have been noticing significant speed drop while testing with speed tests.
I do remember it being mentioned that traffic shaping is not possible on a transparent filtering bridge due to issues with pf and ipfw . But I did note another article mentioning this is now possible with the latest version of opnsense and shaping pipes/queues can be tagged within fw rules instead
So my question is, can anyone confirm if this is indeed supported - Any examples of config will be appreciated. If not what alternate ways are available for bandwidth limit to clients. Do note clients connect via eero wireless in bridged mode to the network that passes through the transparent filtering bridge.
I have been trying to configure traffic shaping to limit bandwidth to clients on my transparent filtering bridge setup and have been noticing significant speed drop while testing with speed tests.
I do remember it being mentioned that traffic shaping is not possible on a transparent filtering bridge due to issues with pf and ipfw . But I did note another article mentioning this is now possible with the latest version of opnsense and shaping pipes/queues can be tagged within fw rules instead
So my question is, can anyone confirm if this is indeed supported - Any examples of config will be appreciated. If not what alternate ways are available for bandwidth limit to clients. Do note clients connect via eero wireless in bridged mode to the network that passes through the transparent filtering bridge.
#82
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by franco - November 19, 2025, 04:20:15 PMQuote from: Maurice on September 02, 2025, 04:28:58 PMCorrect, opnsense-bootstrap only works on amd64. I thought about adapting it for aarch64 before, but that's currently very low priority.
So, yes, here is what I think is needed from our end:
https://github.com/opnsense/update/commit/b637c8b819
However, I've not pushed it to master yet because when I use
# opnsense-bootstrap -br 25.7 -A maurice-w -R opnsense-core
There's nothing to bootstrap against: no stable branch, no CORE_PACKAGESITE, no fingerprints.
I thought about other means to handle this but to me this is the most convenient and integrated.
Cheers,
Franco
#83
25.7, 25.10 Series / Re: [SOLVED] NOOB - Is This ...
Last post by Jensen - November 19, 2025, 04:13:25 PMHi Patrick,
Thanks for your reply.
No I am not using OpenVPN and I dont know what "API for crypto hardware" is so I guess I will not be using that either.
I will ignore for now while I am learning, and then as you suggested, wait for the updates in due course
Thanks for your help
Jensen
Thanks for your reply.
No I am not using OpenVPN and I dont know what "API for crypto hardware" is so I guess I will not be using that either.
I will ignore for now while I am learning, and then as you suggested, wait for the updates in due course
Thanks for your help
Jensen
#84
General Discussion / Re: does anyone currently have...
Last post by Greg_E - November 19, 2025, 03:51:42 PMDo you work from home (and can prove it) or need internet for work purpose (company can prove it)? If so you might be able to get them to change you to a business account and still sell you a static IP. This is the process if you are using their 5G Cellular internet, business is able to buy a static IP.
Worth a try.
If you talk to the right person, they won't care about proving business and still set you up, I hear this happens a lot at the physical stores so you might want to walk in to your nearest and ask them.
As far as the fiber resources go, I'm not sure. The 5G accounts are all behind CGNAT and your streaming media accounts may give you fits with the constantly changing egress address and the multiple users egressing from the same address. Hulu basically won't work for me and getting ready to drop it.
Worth a try.
If you talk to the right person, they won't care about proving business and still set you up, I hear this happens a lot at the physical stores so you might want to walk in to your nearest and ask them.
As far as the fiber resources go, I'm not sure. The 5G accounts are all behind CGNAT and your streaming media accounts may give you fits with the constantly changing egress address and the multiple users egressing from the same address. Hulu basically won't work for me and getting ready to drop it.
#85
Zenarmor (Sensei) / Re: Zenarmor heavily relies on...
Last post by Greg_E - November 19, 2025, 03:44:34 PMI don't use the cloud threat option and did not see any slowdowns. I did try to go to several sites that said cloudflare was down and some of the tools we use at work did not function (due to cloudflare).
Starting to see the all eggs in one (few) basket theory happening, AWS, Microsoft, Google, and now Cloudflare. The cloud is great, until it stops working or you lose internet. What we need another good Crowdstrike bug to bring down a huge number of computers again, that was fun times for a lot of people!
Starting to see the all eggs in one (few) basket theory happening, AWS, Microsoft, Google, and now Cloudflare. The cloud is great, until it stops working or you lose internet. What we need another good Crowdstrike bug to bring down a huge number of computers again, that was fun times for a lot of people!
#86
German - Deutsch / Re: Wie geht ihr in der Praxis...
Last post by meyergru - November 19, 2025, 03:24:01 PMIst aber echt eine Notlösung. Die quasi "zufällige" Reihenfolge in der Auswahl fand ich schon immer schlecht. Und bei >1000 Aliasen praktisch nicht handhabbar. Kategorisierung und alphabetische Sortierung wäre da wirklich hilfreich - sollte man vielleicht mal einen Feature Request für machen.
#87
German - Deutsch / Re: Wie geht ihr in der Praxis...
Last post by Patrick M. Hausen - November 19, 2025, 03:19:35 PMQuote from: meyergru on November 19, 2025, 03:07:01 PMMan kann allerdings den Präfix eingeben und bekommt dann eine eingeschränkte Liste
Genau! 🙂
#88
German - Deutsch / Re: Wie geht ihr in der Praxis...
Last post by meyergru - November 19, 2025, 03:07:01 PM"Namen sind nicht das, was sie bedeuten" - sonst könntest Du ja gleich den Inhalt hinschreiben.
Was die o.a. Übersicht angeht: Dort könnte man ja auch nach Typ filtern, aber bei der Auswahl von Aliasen in Firewall-Regeln gibt es diese Möglichkeit leider nicht. Die Aliase sind nicht einmal alphabetisch sortiert, nur anhand der "möglichen" Typen eingeschränkt. Man kann allerdings den Präfix eingeben und bekommt dann eine eingeschränkte Liste - insofern ist die Präfizierung mit dem Typ hilfreich.
Schöner wäre es, wenn die Auswahlliste selbst nach Typ strukturiert wäre - aktuell ist bei einer Quelle oder bei einem Ziel nur "Alias" und "Netzwerk" getrennt.
Was die o.a. Übersicht angeht: Dort könnte man ja auch nach Typ filtern, aber bei der Auswahl von Aliasen in Firewall-Regeln gibt es diese Möglichkeit leider nicht. Die Aliase sind nicht einmal alphabetisch sortiert, nur anhand der "möglichen" Typen eingeschränkt. Man kann allerdings den Präfix eingeben und bekommt dann eine eingeschränkte Liste - insofern ist die Präfizierung mit dem Typ hilfreich.
Schöner wäre es, wenn die Auswahlliste selbst nach Typ strukturiert wäre - aktuell ist bei einer Quelle oder bei einem Ziel nur "Alias" und "Netzwerk" getrennt.
#89
25.7, 25.10 Series / Re: NOOB - Is This something I...
Last post by Patrick M. Hausen - November 19, 2025, 02:58:18 PMQuote from: Jensen on November 19, 2025, 02:21:41 PMDoes this show I have done something wrong, or do I have to do something to fix these two problems
Just wait for the next update to fix these two issues. Happens all the time - you cannot patch a complex product the day a vulnerability is discovered.
If you want to be cautious - go read the CVE entries and try to decide if they apply to you or not and if yes, if they pose a risk.
E.g. the first one is easy: are you running OpenVPN? No? No risk.
Second one is more difficult. It's about an API for crypto hardware. Most probably also not attackable in the context of OPNsense.
HTH,
Patrick
#90
German - Deutsch / Re: Wie geht ihr in der Praxis...
Last post by Patrick M. Hausen - November 19, 2025, 02:51:22 PMBei mir haben Alias semantische Prefixe. Und ich versuche wo möglich Gruppen anzulegen. Den Inhalt nochmal in den Namen zu schreiben halte ich spontan für überflüssig - habe ich noch nie getan. Man legt Aliase ja genau deshalb an, damit man sich nicht mit Adressen und Ports beschäftigen muss sondern mit benannten Systemen und Funktionen.
Das mit den Prefixen habe ich angefangen, weil bei der Sidewinder die unterschiedlichen Alias-Typen unterschiedliche Symbole hatten und man im UI gleich Netze, Ports, etc. auseinanderhalten konnte.
Das mit den Prefixen habe ich angefangen, weil bei der Sidewinder die unterschiedlichen Alias-Typen unterschiedliche Symbole hatten und man im UI gleich Netze, Ports, etc. auseinanderhalten konnte.
