Recent posts

#81

25.7, 25.10 Series / Re: ice driver (ddp) / latest ...

Last post by bugacha - December 29, 2025, 07:50:02 PM

They're not paired. The driver will work fine (and not complain) with a "later-than-recommended" NVM. I'd always go for the latest NVM, but the E810 has been around for long enough (2019?) that the major bugs should have been killed by now. I'd have to look at the release notes to be sure. At any rate, I'll update if convenient or necessary (I experienced the latter with some old X710s).

What issue were you having with the update? Your link is for Windows; I don't know what the package includes. (I use the EFI updater.)

Nah, the driver (I guess by driver I mean DDP which I care about) wouldn't work if it doesn't match the firmware. I learned it hard way

Code Select Expand

[1] ice0: <Intel(R) Ethernet Network Adapter E810-XXV-2 - 1.43.3-k> mem 0x380000000000-0x380001ffffff,0x380002000000-0x38000200ffff irq 16 at device 0.0 on pci1
[1] ice0: Loading the iflib ice driver
[1] ice0: Error configuring transmit balancing: ICE_ERR_AQ_ERROR
[1] ice0: An unknown error occurred when loading the DDP package.  Entering Safe Mode.
[1] ice0: fw 7.10.1 api 1.7 nvm 4.91 etid 800214ab netlist 4.4.5000-1.18.0.db8365cf oem 1.3909.0
[1] ice0: Using 1 Tx and Rx queues
[1] ice0: Using MSI-X interrupts with 2 vectors
[1] ice0: Using 1024 TX descriptors and 1024 RX descriptors
[1] ice0: Ethernet address: 50:7c:6f:79:ca:e8
[1] ice0: PCI Express Bus: Speed 16.0GT/s Width x8
[1] ice0: ice_init_dcb_setup: No DCB support
[1] ice0: link state changed to UP
[1] ice0: Link is up, 25 Gbps Full Duplex, Requested FEC: RS-FEC, Negotiated FEC: RS-FEC, Autoneg: False, Flow Control: None
[1] ice0: netmap queues/slots: TX 1/1024, RX 1/1024
[1] ice1: <Intel(R) Ethernet Network Adapter E810-XXV-2 - 1.43.3-k> mem 0x380800000000-0x380801ffffff,0x380802000000-0x38080200ffff irq 16 at device 0.0 on pci2
[1] ice1: Loading the iflib ice driver
[1] ice0: link state changed to DOWN
[1] ice1: Error configuring transmit balancing: ICE_ERR_AQ_ERROR
[1] ice1: An unknown error occurred when loading the DDP package.  Entering Safe Mode.
[1] ice1: fw 7.10.1 api 1.7 nvm 4.91 etid 800214ab netlist 4.4.5000-1.18.0.db8365cf oem 1.3909.0
[1] ice1: Using 1 Tx and Rx queues
[1] ice1: Using MSI-X interrupts with 2 vectors
[1] ice1: Using 1024 TX descriptors and 1024 RX descriptors
[1] ice1: Ethernet address: 50:7c:6f:79:ca:e9
[1] ice1: PCI Express Bus: Speed 16.0GT/s Width x8
[1] ice1: ice_init_dcb_setup: No DCB support
[1] ice1: link state changed to UP
[1] ice1: Link is up, 25 Gbps Full Duplex, Requested FEC: RS-FEC, Negotiated FEC: FC-FEC/BASE-R, Autoneg: False, Flow Control: None
[1] ice1: netmap queues/slots: TX 1/1024, RX 1/1024
[1] ice1: link state changed to DOWN
[9] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[10] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[11] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[12] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[14] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[15] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[19] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[20] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[21] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[22] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[24] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[25] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[26] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[27] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[28] ice1: Failed to set LAN Tx queue 0 (TC 0, handle 0) context, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[28] ice1: Unable to configure the main VSI for Tx: ENODEV
[29] ice1: Failed to add VLAN filters:
[29] ice1: - vlan 2, status -105
[29] ice1: Failure adding VLAN 2 to main VSI, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[30] ice1: Failed to set LAN Tx queue 0 (TC 0, handle 0) context, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[30] ice1: Unable to configure the main VSI for Tx: ENODEV
[31] ice1: Failed to add VLAN filters:
[31] ice1: - vlan 2, status -105
[31] ice1: Failure adding VLAN 2 to main VSI, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[32] ice1: Failed to set LAN Tx queue 0 (TC 0, handle 0) context, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[32] ice1: Unable to configure the main VSI for Tx: ENODEV
[34] ice1: Failed to add VLAN filters:
[34] ice1: - vlan 20, status -105
[34] ice1: Failure adding VLAN 20 to main VSI, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[35] ice1: Failed to set LAN Tx queue 0 (TC 0, handle 0) context, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[35] ice1: Unable to configure the main VSI for Tx: ENODEV
[36] ice1: Failed to add VLAN filters:
[36] ice1: - vlan 20, status -105
[36] ice1: Failure adding VLAN 20 to main VSI, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[37] ice1: Failed to set LAN Tx queue 0 (TC 0, handle 0) context, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[37] ice1: Unable to configure the main VSI for Tx: ENODEV
[38] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[39] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[40] ice0: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_TIMEOUT aq_err OK
[41] ice1: ice_read_sff_eeprom: Error reading I2C data: err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[42] ice1: Could not add new MAC filters, err ICE_ERR_AQ_FW_CRITICAL aq_err OK
[42] ice1: Failed to synchronize multicast filter list: EIO

Both ports would be offline, only revert to 4.50 nvm helped. 4.60 didn't work as well.

I didn't try to compile Intel's FreeBSD driver, which is much newer than what 14.3-p5 comes with.

#82

German - Deutsch / Re: Hetzner Cloud Server Wire...

Last post by Peter68 - December 29, 2025, 07:22:57 PM

Danke für eure Antworten. Hat sich erledigt

#83

General Discussion / Re: FIB/VRF support in OPNsens...

Last post by pfry - December 29, 2025, 06:34:16 PM

[...]it should be a priority[...]

Heh. Whose confirmation bias is justified? (Does that matter?)

I'd implement it, as I come from a routing background. (Note that I started with firewalls at the same time.) I'm a lousy persuader; money talks, but I don't have enough for this one.

#84

German - Deutsch / Re: ISC DHCP - neu angelegte N...

Last post by mkreu - December 29, 2025, 06:30:56 PM

Hi observing0436,

danke für den Tipp. Funktioniert tatsächlich so. Habe es gerade auf meiner Testmaschine ausprobiert, da ich die produktive OPNsense in meiner Verzweiflung schon auf Dnsmasq umgebaut habe...   
Super, dass es so klappt, aber das kann doch eigentlich nicht der gewünschte Weg sein, oder..?

Wünsche dann noch einen "Guten Rutsch" und viele Grüße,
mkreu

#85

25.7, 25.10 Series / Re: LAN unreachble from OPNSen...

Last post by TheAutomationGuy - December 29, 2025, 06:23:58 PM

What is the IP address that your computer is assigned?  Is it is something like 169.254.x.x?  That would indicate a connection problem between the computer and firewall where the computer failed to get a DHCP address because of this connection problem.  I would suggest that you connect the computer directly to the LAN port of the firewall.  If you are already doing this, change the network cable to a known working cable.  If that still fails, then it is likely a hardware or driver problem with the LAN port on the firewall.

If you can access OPNsense's  command line interface, you should be able to confirm what your LAN subnet is set to.  It's possible that you originally had changed it to something other than the stock configuration and when you reset the box it set the LAN subnet back to the stock configuration (which is 192.168.1.0/24 with the firewall getting the 192.168.1.1 address).  You can always reassign the LAN interface to another physical port (if available), choose a different LAN subnet address if desired, and also make sure that DHCP is turned on for that LAN subnet.

#86

General Discussion / Re: TUI for viewing and analys...

Last post by patient0 - December 29, 2025, 06:14:21 PM

Jumping to the beginning/end would require checking the view length on every render ... I looked at how less handles it to get an idea, and even there you can scroll infinitely...

Fair point and you can plant an easter egg if someone scroll for 10000 characters the OPNsense maskot jumps up :)

Does your terminal support formatting/colors? I haven't updated the screenshot in the repo yet since the view may still change a bit, but I've added formatting that makes it easy to see the difference between IPs and ports:

Yep, the formatting work, 'block' is red and the IPs are in bold, that work well. Did you experiment with the ports being in color and/or the direction being bold or in color?

#87

25.7, 25.10 Series / Re: DNS failures after upgrade...

Last post by ESClaus76 - December 29, 2025, 06:05:58 PM

Not wanting to take over this post. Here is my issues.

I was running OPNsense for about a year and had my hard drive crash and lost everything. My setup was simple as it could get. No VLANs or segmented networks. Just serving as a DHCP server and DNS server. I would create static IPs for various things on my network and a couple of firewall rules for reverse proxy.

I replaced my hard drive and was starting over and saw that ISC DHCPv4 wasn't default DHCP anymore. Reading on the forums and reddit I found that ISC is depreciated and recommendations are to use DNSmasq or KEA DHCP. Along with that it is recommended to use Unbound.

This is where my issues start. I noticed that my PCs sometimes can't resolve DNS. It is random but I know it is something with my OPNsense because if manually change DNS on my PC to a public DNS like 8.8.8.8 it works everytime.

I have no idea where to even troubleshoot. I know I can go back to ISC DHCPv4 but with it eventually going away I should use the recommended.

#88

Zenarmor (Sensei) / Re: Provide firm date on multi...

Last post by FullyBorked - December 29, 2025, 06:04:08 PM

Just a quick glance at a home user, with 10G backbone, but currently nearly pinning a core with only ~600Mbps file transfer.  This is a Intel i3-9100  Please @Zenarmor re-consider this decision.  I've promoted this product since inception, this is a big thorn I'm struggling with. 

#89

General Discussion / Re: Why I am retiring from con...

Last post by trasz@ - December 29, 2025, 05:14:14 PM

FWIW, core team is not responding to emails from FreeBSD committers anymore either.  They know they screwed up badly by trying to kick me out at request of certain youtuber, then were forced to (partially) confess to developers@.  I guess they have learned they can just ignore the developer community.

#90

25.7, 25.10 Series / Re: ice driver (ddp) / latest ...

Last post by pfry - December 29, 2025, 04:21:30 PM

They're not paired. The driver will work fine (and not complain) with a "later-than-recommended" NVM. I'd always go for the latest NVM, but the E810 has been around for long enough (2019?) that the major bugs should have been killed by now. I'd have to look at the release notes to be sure. At any rate, I'll update if convenient or necessary (I experienced the latter with some old X710s).

What issue were you having with the update? Your link is for Windows; I don't know what the package includes. (I use the EFI updater.)