"Recent posts
#81
25.7, 25.10 Series / ipv6 - HE tunnelbroker - high ...
Last post by GreenMatter - January 17, 2026, 03:46:09 PMI'm not sure when it started but at least for the last couple of days I see in ipv6 gateway monitoring:
RTT used to be 15-25 ms and RTTd around 10 ms.
gif interface has same MTU as is on tunnel broker's side: 1480. gif MSS is also set as 1480 and system automatically subtracts 60b and reaches 1420. It is checked by http://pmtud.enslaves.us :
So, is it something related to opnsense (latest 25.7.11) or more on HE tunnel broker's side?
Code Select
RTT: 191.5 ms
RTTd: 123.9 ms
Loss: 3.0 %RTT used to be 15-25 ms and RTTd around 10 ms.
gif interface has same MTU as is on tunnel broker's side: 1480. gif MSS is also set as 1480 and system automatically subtracts 60b and reaches 1420. It is checked by http://pmtud.enslaves.us :
| Direction | Maximum Size Segment | Client Sent MSS | Notes |
| Server to Client IPv4 | 1460 | 1460 | OK |
| Client to Server IPv4 | unlimited | n/a | OK |
| Server to Client IPv6 | 1420 | 1420 | OK |
| Client to Server IPv6 | unlimited | n/a | OK |
So, is it something related to opnsense (latest 25.7.11) or more on HE tunnel broker's side?
#82
25.7, 25.10 Series / Re: Hostwatch - high disk writ...
Last post by GreenMatter - January 17, 2026, 03:18:05 PMQuote from: franco on January 17, 2026, 02:31:13 PMThese typical UFS issues mainly are from unclean shutdowns regardless of where the corruption occurs.It is freshly installed system (UFS, because of VM's disk is on ZFS) with restored config and updated to 25.7.11. It didn't experience any unclean shutdowns... BTW, I couldn't finalized installation (was stuck at "preparing target system") if I imported config during installation. I had to install Opnsense, configure lan interface and restore config using webgui...
If you have a process that is writing while the power goes off there will be an error for it. And if the process is writing all the time the chances are pretty high it's going to catch that one.
#83
Zenarmor (Sensei) / Re: Latest Zenarmor update bre...
Last post by Irishfluter - January 17, 2026, 03:05:43 PMQuote from: sy on January 17, 2026, 07:00:18 AMHi,
Can you share the some of the domains which is blocked as malware and IPs of them?
Best regards
There are over 8000 entries over the past 72 hours. Can you please tell me how to generate this information in a form that's useful to you?
Thanks.
#84
25.7, 25.10 Series / Re: DEC2752 - How to check har...
Last post by pfry - January 17, 2026, 02:56:40 PMQuote from: Seimus on January 17, 2026, 12:56:46 PM[...]Stress-ng[...]
Does stress-ng generate enough load? I use good old mprime, but I boot Linux to run it (more CPU/sensor info). Even it will not load all CPUs effectively (e.g. low-turbo non-SMT Skylakes, and earlier version did not detect AVX support in Ryzens).
#85
General Discussion / Re: Kea Not Populating Hostnam...
Last post by stanps - January 17, 2026, 02:51:50 PMUnchecking "Auto collection option data" in the Kea config for the subnet, worked for me.
#86
25.7, 25.10 Series / 25.7.11_1 os-cpu-microcode-amd
Last post by MoonbeamFrame - January 17, 2026, 02:44:51 PMI updated a firewall from 25.7.10 yesterday only to find the firewall would no longer boot.
Rebuilding from scratch to 25.7.11_1 and then re-installing plugins led to the same result.
Rebuilding and iterating through the plugins led to os-cpu-microcode-amd being the cause.
The hardware is a Minisforum Ryzen 9 9955HX MS-A2.
Rebuilding from scratch to 25.7.11_1 and then re-installing plugins led to the same result.
Rebuilding and iterating through the plugins led to os-cpu-microcode-amd being the cause.
The hardware is a Minisforum Ryzen 9 9955HX MS-A2.
#87
25.7, 25.10 Series / Re: Hostwatch - high disk writ...
Last post by pfry - January 17, 2026, 02:44:14 PMQuote from: franco on January 17, 2026, 07:48:43 AMWe're recording the last MAC address for any IPv4 and IPv6 we see. If the MAC changes that's considered a "movement". In some environments this happens very rapidly and thus the service constantly registers the changes.
OK, thanks. This is just for virtual interface setup/teardown? Interesting. The behavior sounds... less than ideal. Not something I (and apparently others) would expect.
(The overall issue reminds me to always control information rate, unless a spew is intended.)
#88
25.7, 25.10 Series / Re: Hostwatch - high disk writ...
Last post by franco - January 17, 2026, 02:31:13 PMThese typical UFS issues mainly are from unclean shutdowns regardless of where the corruption occurs.
If you have a process that is writing while the power goes off there will be an error for it. And if the process is writing all the time the chances are pretty high it's going to catch that one.
Cheers,
Franco
If you have a process that is writing while the power goes off there will be an error for it. And if the process is writing all the time the chances are pretty high it's going to catch that one.
Cheers,
Franco
#89
25.7, 25.10 Series / Interfaces: Neighbors: Automat...
Last post by Rene78 - January 17, 2026, 02:18:18 PMHi all,
Just upgraded to 25.7.11_1 from 25.7.10. Everything works as normal. Fiddling around with the new feature Interfaces: Neighbors: Automatic Discovery. Noticed that it works, but only with All interfaces selected. Any other subselection of interfaces, including Select All, prevents the service from starting.
See below for examples. When looking at the log (when using All) shows that the adds capture for the various interface devices. I have bridges configured (multiple eth-devices into different LANs (IOT and NET for example) and have pppoe0 as WAN (VLAN6 on physical interface - KPN FttH).
One error always shows up, and does not seem related. Is there when it works, and when the service does not start. No other logs are available in the GUI that show the reason for the service failing. Using promiscuous mode does not make a difference, nor does verbose logging for figuring out what is going wrong. All my interface types can be captured apparently...
Successful when All:
2026-01-17T13:10:02.890816Z INFO hostwatch: Added capture for device: pppoe0 (WAN_INET (wan))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.890344Z INFO hostwatch: Added capture for device: bridge1 (LAN_IOT (opt12))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.889866Z INFO hostwatch: Added capture for device: bridge0 (LAN_INET (lan))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.889356Z INFO hostwatch: Added capture for device: wg0 (ViperWG (opt13))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.888815Z INFO hostwatch: Added capture for device: vlan03 (LAN_IPTV (opt10))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.888242Z INFO hostwatch: Added capture for device: vlan02 (WAN_IPTV (opt8))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.887692Z INFO hostwatch: Added capture for device: vlan01 (No description)
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.887166Z INFO hostwatch: Added capture for device: igb7 (ETH8 (opt9))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.886684Z INFO hostwatch: Added capture for device: igb6 (ETH7 (opt11))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.886156Z INFO hostwatch: Added capture for device: igb5 (ETH6 (opt6))
Error always visible (regardless if the service does or does not start):
2026-01-17T13:10:02.914762Z WARN hostwatch: Failed to initialize capture for device: pfsync0
Edit: Found some logs in the general log in settings.
At failure to start:
2026-01-17T14:15:15Noticekernel <6>[1488] pid 81926 (hostwatch), jid 0, uid 0: exited on signal 6 (no core dump - bad address)
2026-01-17T14:15:15Noticeroot /usr/local/etc/rc.d/hostwatch: WARNING: failed to start hostwatch
2026-01-17T14:14:54Noticekernel <6>[1467] pid 29596 (hostwatch), jid 0, uid 0: exited on signal 6 (no core dump - bad address)
2026-01-17T14:14:54Noticeroot /usr/local/etc/rc.d/hostwatch: WARNING: failed to start hostwatch
At successful start: no logs related to the service in General. Only the change in config XML file (enabled check).
Just upgraded to 25.7.11_1 from 25.7.10. Everything works as normal. Fiddling around with the new feature Interfaces: Neighbors: Automatic Discovery. Noticed that it works, but only with All interfaces selected. Any other subselection of interfaces, including Select All, prevents the service from starting.
See below for examples. When looking at the log (when using All) shows that the adds capture for the various interface devices. I have bridges configured (multiple eth-devices into different LANs (IOT and NET for example) and have pppoe0 as WAN (VLAN6 on physical interface - KPN FttH).
One error always shows up, and does not seem related. Is there when it works, and when the service does not start. No other logs are available in the GUI that show the reason for the service failing. Using promiscuous mode does not make a difference, nor does verbose logging for figuring out what is going wrong. All my interface types can be captured apparently...
Successful when All:
2026-01-17T13:10:02.890816Z INFO hostwatch: Added capture for device: pppoe0 (WAN_INET (wan))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.890344Z INFO hostwatch: Added capture for device: bridge1 (LAN_IOT (opt12))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.889866Z INFO hostwatch: Added capture for device: bridge0 (LAN_INET (lan))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.889356Z INFO hostwatch: Added capture for device: wg0 (ViperWG (opt13))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.888815Z INFO hostwatch: Added capture for device: vlan03 (LAN_IPTV (opt10))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.888242Z INFO hostwatch: Added capture for device: vlan02 (WAN_IPTV (opt8))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.887692Z INFO hostwatch: Added capture for device: vlan01 (No description)
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.887166Z INFO hostwatch: Added capture for device: igb7 (ETH8 (opt9))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.886684Z INFO hostwatch: Added capture for device: igb6 (ETH7 (opt11))
2026-01-17T14:10:02Noticehostwatch 2026-01-17T13:10:02.886156Z INFO hostwatch: Added capture for device: igb5 (ETH6 (opt6))
Error always visible (regardless if the service does or does not start):
2026-01-17T13:10:02.914762Z WARN hostwatch: Failed to initialize capture for device: pfsync0
Edit: Found some logs in the general log in settings.
At failure to start:
2026-01-17T14:15:15Noticekernel <6>[1488] pid 81926 (hostwatch), jid 0, uid 0: exited on signal 6 (no core dump - bad address)
2026-01-17T14:15:15Noticeroot /usr/local/etc/rc.d/hostwatch: WARNING: failed to start hostwatch
2026-01-17T14:14:54Noticekernel <6>[1467] pid 29596 (hostwatch), jid 0, uid 0: exited on signal 6 (no core dump - bad address)
2026-01-17T14:14:54Noticeroot /usr/local/etc/rc.d/hostwatch: WARNING: failed to start hostwatch
At successful start: no logs related to the service in General. Only the change in config XML file (enabled check).
#90
General Discussion / Re: Wireless Access Points
Last post by vimage22 - January 17, 2026, 02:16:13 PMI have been very happy with Zyxel NWA130BE (WiFi 7). I actually get 2.5gbs performance over WiFi.
