"Recent posts
#81
General Discussion / Re: ISC-DHCP to KEA Migration ...
Last post by nero355 - January 23, 2026, 04:59:40 PMThis is nice to have, but it's not really needed since you can Import/Export all Static DHCP Mappings by using the .csv files Import/Export option in the OPNsense webGUI ;)
#82
Hardware and Performance / Re: Multi Threaded PPPOE For M...
Last post by nero355 - January 23, 2026, 04:55:20 PMIt's something that needs fixing in FreeBSD in order to be multi-threaded in OPNsense so head over there and try to find the right mailing list or GitHUB webpage connected to it :)
Please also note that these two things are different :
- Multi-threading support.
- Multiple CPU/Cores support.
All software is multi-threaded in general, but in order to benefit from the processing power of multiple CPU's or Cores some software needs additional development ;)
And in this case it's the lack of 'Multiple CPU/Core support' that limits the PPPoE speeds in FreeBSD/OPNsense compared to Linux based distros.
Please also note that these two things are different :
- Multi-threading support.
- Multiple CPU/Cores support.
All software is multi-threaded in general, but in order to benefit from the processing power of multiple CPU's or Cores some software needs additional development ;)
And in this case it's the lack of 'Multiple CPU/Core support' that limits the PPPoE speeds in FreeBSD/OPNsense compared to Linux based distros.
#83
25.7, 25.10 Series / Re: After updating Opnsense fr...
Last post by TCMSLP - January 23, 2026, 04:54:25 PMSigned up to the forum to report exactly the same issue. The box appears stable until I login, then memory consumption quickly climbs to 100% and the UI becomes unresponsive. I've tried disabling host / neighbourhood discovery but this makes zero difference.
Update 1:
I've now identified the problem process:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 51727 0.1 58.8 11386908 2316112 - Ss 17:35 1:52.31 /usr/local/bin/suricata -D --netmap --pidfile /var/run/suricata.pid -c /usr/local/etc/suricata/suricata.yaml
After identifying this, I disabled intrusion detection and now everything is back to normal.
Update 2:
Re-enabling IDS (and IPS) immediately causes the issue again. However, I'm now wondering if new rules/changes may have increased memory usage; perhaps using the web UI is adding to this demand/exhaustion. Either way, disabling IDS has solved my immediate problem.
OPNsense 25.7.11_2, 4GB RAM, i5-4570.
Update 1:
I've now identified the problem process:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 51727 0.1 58.8 11386908 2316112 - Ss 17:35 1:52.31 /usr/local/bin/suricata -D --netmap --pidfile /var/run/suricata.pid -c /usr/local/etc/suricata/suricata.yaml
After identifying this, I disabled intrusion detection and now everything is back to normal.
Update 2:
Re-enabling IDS (and IPS) immediately causes the issue again. However, I'm now wondering if new rules/changes may have increased memory usage; perhaps using the web UI is adding to this demand/exhaustion. Either way, disabling IDS has solved my immediate problem.
OPNsense 25.7.11_2, 4GB RAM, i5-4570.
#84
25.7, 25.10 Series / Re: OPNsense 25.7.10 . Noti...
Last post by nero355 - January 23, 2026, 04:46:33 PMQuote from: meyergru on January 23, 2026, 11:37:37 AMYou can look at the actual NVME temps with "smartctl -a /dev/nvme0ns1" after having installed the os-smart plugin.Now I know why smartctl isn't available by default...
IMHO it should be :)
QuoteThese things tend to get very hot, especially with high usage.IMHO mainly the Samsung "Pro" Series NVMe SSD's have that issue and the rest not as much.
Their controller gets a lot hotter compared to other brands/solutions AFAIK.
#85
25.7, 25.10 Series / Re: Seting up Vlan
Last post by nero355 - January 23, 2026, 04:40:06 PMQuote from: JustSecure on January 23, 2026, 03:26:59 PMmy provider odido(NL).The same here : VLAN 300 assigned to WAN Interface and set to DHCP for IPv4 :)
They require i made a vlan with tag 300(vlan02 odido), i assigned that vlan to my WAN interface.
QuoteI also have the LAN interface (em0).Then you need to assign your new VLAN :
QuoteBut now i wanted to make a seperate vlan for my IOT/hacking adventures, my kid likes it alot.To that interface ;)
How does the rest of your network look like ?
Do you have managed Switches/Accesspoints that support VLAN a.k.a. 802.1q tagging protocol ?
And don't forget "Guest VLAN Firewall Rules" for your new VLAN : https://docs.opnsense.org/manual/how-tos/guestnet.html
You basically make sure all of it's traffic can only go to the WAN connection and never to any of your other networks.
However your networks will always be able to connect to the Guest network if needed, because they initialize the connection !!
For more information about Firewall Rules see : https://docs.opnsense.org/manual/firewall.html
OPNsense is pretty easy if you happen to be an IT guy or just a huge networking enthousiast/hobby dude ^_^
#86
26.1 Series / Re: Firewall rules migration
Last post by agh1701 - January 23, 2026, 04:11:33 PMWonderful, Thanks!
#87
26.1 Series / Re: Firewall rules migration
Last post by Monviech (Cedrik) - January 23, 2026, 03:48:54 PMThere is no automatic migration of firewall rules. Both new and old component are fully functional side by side.
So dont worry about upgrading, nothing will change.
After the upgrade there will be a migration assistant you can choose (or not yet choose) to follow. No rush.
So dont worry about upgrading, nothing will change.
After the upgrade there will be a migration assistant you can choose (or not yet choose) to follow. No rush.
#88
26.1 Series / Re: Firewall rules migration
Last post by agh1701 - January 23, 2026, 03:43:11 PMIs there a page of migration instructions that we can review prior to upgrade?
#89
25.7, 25.10 Series / Re: Seting up Vlan
Last post by meyergru - January 23, 2026, 03:42:23 PMThere are multiple purposes for VLANs, it seems you misunderstood the concept.
Basically, a VLAN, as its names suggests, is a vitual network that is created on top of an existing physical network connection, but logically separated from it.
This can be used in order to separate the logical WAN internet connection over a VLAN (potentially with PPPoE) from the connection to the media converter (DSL modem or ONT) web interface. That is the reason why many ISPs choose to use internet connections via a VLAN, like Odido with VLAN 300.
On the other hand, with a local manageable switch, you can connect to your router via a "trunk" port that carries multiple (tagged or untagged) VLANs. The switch can then be configured to split these (V)LANs out to different untagged ports that are set to one specific VLAN. That way, the switch can act like mutiple switches, one for each VLAN, effectively separating multiple local networks.
The latter is what you probably wanted, but you may see right now why it cannot be done when you create new VLANs on the WAN port - they must be set on the LAN port. There is no additonal VLAN on WAN, because your only got two:
a. VLAN 300 for your internet connection
b. The untagged WAN to access your media converter
You would not connect anything else to your WAN port, would you?
Basically, a VLAN, as its names suggests, is a vitual network that is created on top of an existing physical network connection, but logically separated from it.
This can be used in order to separate the logical WAN internet connection over a VLAN (potentially with PPPoE) from the connection to the media converter (DSL modem or ONT) web interface. That is the reason why many ISPs choose to use internet connections via a VLAN, like Odido with VLAN 300.
On the other hand, with a local manageable switch, you can connect to your router via a "trunk" port that carries multiple (tagged or untagged) VLANs. The switch can then be configured to split these (V)LANs out to different untagged ports that are set to one specific VLAN. That way, the switch can act like mutiple switches, one for each VLAN, effectively separating multiple local networks.
The latter is what you probably wanted, but you may see right now why it cannot be done when you create new VLANs on the WAN port - they must be set on the LAN port. There is no additonal VLAN on WAN, because your only got two:
a. VLAN 300 for your internet connection
b. The untagged WAN to access your media converter
You would not connect anything else to your WAN port, would you?
#90
25.7, 25.10 Series / Seting up Vlan
Last post by JustSecure - January 23, 2026, 03:26:59 PMHello everybody,
Im new on the forum, and new to opnsense in general. Im not new to tech tho.
So for my question, i have setup a opnsense router in this hardware.
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz (2 cores, 4 threads) 8GB. its a old optiplex 3020.
i sticked a extra nic in there, and setup everything for my provider odido(NL).
They require i made a vlan with tag 300(vlan02 odido), i assigned that vlan to my WAN interface.
I also have the LAN interface (em0).
Everything works as expected in have installed zenarmor adguard home. again this all works.
But no i wanted to make a seperate vlan for my IOT/hacking adventures, my kid likes it alot.
So i made a vlan which i pointed to my WAN interface, i thought everything worked, i did apply all changes. butafter some time all internet stopped working all together, it was late in the evening so i even had to drag a monitor and keyboard over since i didnt have ssh openend.
I did reset all the vlan's and re apply'd them.
Maybe somebody can explain when i did wrong? or maybe help me setup this extra vlan.
Thanks in advance.
Im new on the forum, and new to opnsense in general. Im not new to tech tho.
So for my question, i have setup a opnsense router in this hardware.
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz (2 cores, 4 threads) 8GB. its a old optiplex 3020.
i sticked a extra nic in there, and setup everything for my provider odido(NL).
They require i made a vlan with tag 300(vlan02 odido), i assigned that vlan to my WAN interface.
I also have the LAN interface (em0).
Everything works as expected in have installed zenarmor adguard home. again this all works.
But no i wanted to make a seperate vlan for my IOT/hacking adventures, my kid likes it alot.
So i made a vlan which i pointed to my WAN interface, i thought everything worked, i did apply all changes. butafter some time all internet stopped working all together, it was late in the evening so i even had to drag a monitor and keyboard over since i didnt have ssh openend.
I did reset all the vlan's and re apply'd them.
Maybe somebody can explain when i did wrong? or maybe help me setup this extra vlan.
Thanks in advance.
