Recent posts

#81

Hardware and Performance / Re: Drowning in (old) hardware...

Last post by OPNenthu - February 04, 2026, 07:48:20 PM

I am referring to this: https://forum.opnsense.org/index.php?topic=41295.0

- Multi CPU a.k.a. Multi Core Support.
- Single-threaded vs. Multi-threaded Support.

My latest programming work was in Python and in that environment I would refer to these as multiprocessing and threading, respectively (though earlier Pythons used a GIL so there could be no true concurrency in threading, but still parallelism is achieved).

I don't know what you mean by this:

there are always multiple threads within any application that is just one big single thread,

If I wrote a simple C program with just an infinite control loop, it would peg a single hardware thread if I'm not mistaken?

#82

26.1 Series / Re: [Solved] DNS port forwardi...

Last post by Roberto - February 04, 2026, 07:34:36 PM

If "Home" is the name of your interface then "Home address" is all addresses assigned to that interface, not only the "primary" one configured in the interface setup form.

Thanks a lot for the explanation. That's frankly unexpected: I disabled IPv6 and assigned a static IPv4 address to that interface, so I expected this to be a single address. I use it in a few firewall rules and they work as expected.

Is there a way to see the value(s) of "Home address"?

By the way, why is it possible to select it as target address in a forwarding rule if its value is not a single address?

#83

26.1 Series / Re: Need to select "Prefer to ...

Last post by trdeal - February 04, 2026, 07:28:56 PM

Thanks for the feedback, however I never had a problem with IPv6 connectivity in 11 years except with pfsense and now Opnsense (same problem with major upgrades), while upgrades within a major release never cause an issue with "Prefer to use IPv4 even if IPv6 available" disabled.
 

#84

German - Deutsch / Regel old/new dnat

Last post by wirehire - February 04, 2026, 07:23:33 PM

 In den alten regel war ja, das wenn man blocklisten fährt, beim port forward/dnat den haken bei regel anlegen machen musste, damit die blocklisten vor dem , pass für die nat regel kommt.
Wie läuft da sjetzt mit den neuen regeln ab ( in der doku steht , manuelle als satndard) bloß dann würde doch nat vor den normalen regeln gelten und die blocklisten die auf den interfaces sind nicht mehr greifen.

[Some questions =>]

#85

25.7, 25.10 Series / Re: OpenVPN connection causes ...

Last post by nero355 - February 04, 2026, 07:18:33 PM

Some questions =>

From my local Windows 11 computer:
Local network:

Code Select Expand

ping -n 1 192.168.1.24

Pinging 192.168.1.24 with 32 bytes of data:
Reply from 192.168.1.24: bytes=32 time=22ms TTL=64

Ping statistics for 192.168.1.24:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 22ms, Average = 22ms

Who is this IP address ?

Another PC ? Your Router ? Something else ?

Remote netowrk:

Code Select Expand

ping -n 1 192.168.90.17

Pinging 192.168.90.17 with 32 bytes of data:
Reply from 192.168.90.17: bytes=32 time=23ms TTL=63

Ping statistics for 192.168.90.17:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms

This is the subnet on the OpenVPN connection and the IP address of the Remote Desktop PC ?!

Internet:

Code Select Expand

ping -n 1 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=19ms TTL=114

Ping statistics for 8.8.8.8:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms

You ping without DNS resolving, but is the VPN active ? On which Client/Server ?

Ping of local network, remote network, and Google get quick replies.  So, there is some Internet connectivity but I am still unable to browse.

On the Remote Desktop PC or your Local PC ?

Code Select Expand

tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     1 ms     1 ms     1 ms  192.168.1.1
  2    10 ms    12 ms    10 ms  10.61.193.35
  3    12 ms    13 ms    10 ms  162.151.216.241
  4    12 ms     9 ms    18 ms  po-2-rur201.exeter.nh.boston.comcast.net [68.86.224.229]
  5    38 ms    19 ms   124 ms  po-200-xar01.exeter.nh.boston.comcast.net [96.110.22.29]
  6   109 ms    16 ms    23 ms  be-301-arsc1.needham.ma.boston.comcast.net [162.151.150.125]
  7    23 ms    28 ms    18 ms  96.110.42.9
  8    25 ms    22 ms    20 ms  96.110.34.26
  9     *        *        *     Request timed out.
 10    25 ms    18 ms    19 ms  142.251.225.89
 11    25 ms    19 ms    21 ms  142.251.60.235
 12    20 ms    18 ms    18 ms  dns.google [8.8.8.8]

Trace complete.

Who is :

Code Select Expand

  2    10 ms    12 ms    10 ms  10.61.193.35Exactly ?

Code Select Expand

nslookup 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  207.172.3.9

DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

This should tell you dns.google as answer, but usually you nslookup opnsense.org for example and then it gives you an IP address.

That is the reason you "Have no internet" in your browser I think.

#86

25.7, 25.10 Series / Re: OpenVPN connection causes ...

Last post by nero355 - February 04, 2026, 07:08:30 PM

Again, not sure what this really means for me.

I would say you have no DNS Server on the OpenVPN connection ?

It has been a while for me that I have done anything with OpenVPN so I can't help you that much, but in general for any VPN there is for example the option to have so called 'Split-Horizon' connections via a tunnel.

You can then decide :
- If there should be a Internet Connection via the Tunnel.
It will then replace your Local Internet Connection.
- If there should be a DNS Server available inside the Tunnel.
If not, then the Client uses it's Local DNS Server.

When you use the OpenVPN connection just like a shortcut to the Remote Desktop and for nothing else then both sides are connected as 'Split-Horizon' and not a so called 'Full Tunnel' :)

Basically check your Routing & DNS Options you have applied to the OpenVPN connection and make sure they do exactly what you want them to do !!

#87

Hardware and Performance / Re: Drowning in (old) hardware...

Last post by nero355 - February 04, 2026, 06:57:01 PM

IDS/IDP is CPU bound and in many cases they are single-threaded applications.

I am 100% sure Suricata has a config option where you assign the amount of Cores/CPU's it is allowed to use : Ubiquiti made a mess with that one on their UniFi UDM models :P

Also please understand the difference between :
- Multi CPU a.k.a. Multi Core Support.
- Single-threaded vs. Multi-threaded Support.

And the fact that there are always multiple threads within any application that is just one big single thread, because otherwise a lot of applications would perform and work very poorly !! :)

#88

25.7, 25.10 Series / Re: OpenVPN connection causes ...

Last post by adv - February 04, 2026, 06:50:45 PM

What did ping/tracert/traceroute/nslookup/dig had to say about this ?? ;)

Thanks for your help.

From my local Windows 11 computer:
Local network:

Code Select Expand

ping -n 1 192.168.1.24

Pinging 192.168.1.24 with 32 bytes of data:
Reply from 192.168.1.24: bytes=32 time=22ms TTL=64

Ping statistics for 192.168.1.24:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 22ms, Average = 22ms
Remote netowrk:

Code Select Expand

ping -n 1 192.168.90.17

Pinging 192.168.90.17 with 32 bytes of data:
Reply from 192.168.90.17: bytes=32 time=23ms TTL=63

Ping statistics for 192.168.90.17:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms
Internet:

Code Select Expand

ping -n 1 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=19ms TTL=114

Ping statistics for 8.8.8.8:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms
Ping of local network, remote network, and Google get quick replies.  So, there is some Internet connectivity but I am still unable to browse.

Code Select Expand

tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     1 ms     1 ms     1 ms  192.168.1.1
  2    10 ms    12 ms    10 ms  10.61.193.35
  3    12 ms    13 ms    10 ms  162.151.216.241
  4    12 ms     9 ms    18 ms  po-2-rur201.exeter.nh.boston.comcast.net [68.86.224.229]
  5    38 ms    19 ms   124 ms  po-200-xar01.exeter.nh.boston.comcast.net [96.110.22.29]
  6   109 ms    16 ms    23 ms  be-301-arsc1.needham.ma.boston.comcast.net [162.151.150.125]
  7    23 ms    28 ms    18 ms  96.110.42.9
  8    25 ms    22 ms    20 ms  96.110.34.26
  9     *        *        *     Request timed out.
 10    25 ms    18 ms    19 ms  142.251.225.89
 11    25 ms    19 ms    21 ms  142.251.60.235
 12    20 ms    18 ms    18 ms  dns.google [8.8.8.8]

Trace complete.
I just don't know enough to interpret those results.

Code Select Expand

nslookup 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  207.172.3.9

DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
Again, not sure what this really means for me.

#89

26.1 Series / Re: upgrade from 25.7.11_9 an...

Last post by nero355 - February 04, 2026, 06:49:58 PM

If you upgrade NOW to 26.1.1 you should be able to do it error free since they have fixed a lot of upgrading issues like the ISC-DHCP plug-in related ones for example.

26.1.0 had some upgrade issues, but 26.1.1 should not have any.

#90

German - Deutsch / Anderes Gateway für den Squid ...

Last post by bamf - February 04, 2026, 06:47:46 PM

Hallo,

aufgrund der Peering-Problematik der Telekom mache ich Policy-Based-Routing zum Cloudflare CDN über mein VPS via Wireguard VPN. Dafür habe ich Firewall-Regeln implementiert, die den Traffic dorthin über das Gateway meiner VPN-Verbindung schicken.

Was muss ich konfigurieren, damit auch der Squid dieses Gateway nutzt? Die OPNSense selbst soll weiterhin das Default Gateway nutzen.