"Recent posts
#81
General Discussion / Re: Where is TCP processed - C...
Last post by chemlud - January 20, 2026, 02:22:33 PMThanks for reading.
RE 2: Mirrors are "hardcoded" and identical on FAST and SLOW. The download of weekly packages on FAST and SLOW is simultaneously in the attachment of OP, so how/why only one client should be rate limited?
Congestion algorithm? Hmmm... ;-)
RE: BBR
I had in Tumbleweed:
Then I followed this:
https://www.techrepublic.com/article/how-to-enable-tcp-bbr-to-improve-network-speed-on-linux/
and did
Then I have after
RE 2: Mirrors are "hardcoded" and identical on FAST and SLOW. The download of weekly packages on FAST and SLOW is simultaneously in the attachment of OP, so how/why only one client should be rate limited?
Congestion algorithm? Hmmm... ;-)
RE: BBR
I had in Tumbleweed:
Code Select
sudo sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = reno cubic
Then I followed this:
https://www.techrepublic.com/article/how-to-enable-tcp-bbr-to-improve-network-speed-on-linux/
and did
Code Select
sudo nano /etc/sysctl.conf
-> and add the following two lines:
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
Then I have after
Code Select
sudo sysctl -pCode Select
sudo sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr #82
General Discussion / Re: (Newbie) Internet speeds h...
Last post by Seimus - January 20, 2026, 02:14:48 PMQuoteThe game I'm playing uses p2p (peer to peer) connections between players. Not a dedicated server, so connections are based on the "host" player with the other players feeding off the host's connection.
This is a common problem for such games. Most likely you fall into the NAT3 and lower category. Because NAT is by default setup-ed to NAT as well the port dynamical, you may hit such problems.
I would advice you create a new NAT rule for you PC and enable Static Port. This will keep the port generated by the source the same and will NAT only the IP. Usually this is enough to help the P2P games.
https://docs.opnsense.org/manual/nat.html#outbound
Regards,
S.
#83
Hardware and Performance / Re: OPNSense on Sophos XGS Har...
Last post by Seimus - January 20, 2026, 02:02:00 PMIf it has the Marvell chip you may hit a problem. OPNsense will run but no NICs will be identified.
I am not sure whats the state currently but the drivers for these Marvel chips are proprietary and weren't in fBSD.
Regards,
S.
I am not sure whats the state currently but the drivers for these Marvel chips are proprietary and weren't in fBSD.
Regards,
S.
#84
25.7, 25.10 Series / Re: Unbound + dnscrypt-proxy b...
Last post by opnessense - January 20, 2026, 01:55:35 PMAfter applying the hotfix 25.7.11_2 my Unbound + dnscrypt-proxy setup is now stable again.
For reference, this is what I did and what is currently working:
Backed up /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml before upgrading, since the plugin/GUI may touch it during upgrades.
Upgraded to 25.7.11_2 from the GUI and rebooted.
Verified that dnscrypt-proxy is running and listening on 127.0.0.1:xxxx:
From a LAN client I ran a DNS leak test (dnsleaktest.com) and only saw the encrypted resolvers configured in dnscrypt-proxy, no ISP DNS leaked.
The important points that made it stable for me:
Keep dnscrypt-proxy.toml under /usr/local/etc/dnscrypt-proxy/ clean and backed up, and avoid unnecessary changes from the GUI plugin if you manage it from the shell.
So far, after the upgrade to 25.7.11_2 and a couple of reboots, Unbound + dnscrypt-proxy continue to work reliably with this setup.
*************************************THANKS OPNSENSE TEAM*************************************************************
For reference, this is what I did and what is currently working:
Backed up /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml before upgrading, since the plugin/GUI may touch it during upgrades.
Upgraded to 25.7.11_2 from the GUI and rebooted.
Verified that dnscrypt-proxy is running and listening on 127.0.0.1:xxxx:
From a LAN client I ran a DNS leak test (dnsleaktest.com) and only saw the encrypted resolvers configured in dnscrypt-proxy, no ISP DNS leaked.
The important points that made it stable for me:
Keep dnscrypt-proxy.toml under /usr/local/etc/dnscrypt-proxy/ clean and backed up, and avoid unnecessary changes from the GUI plugin if you manage it from the shell.
So far, after the upgrade to 25.7.11_2 and a couple of reboots, Unbound + dnscrypt-proxy continue to work reliably with this setup.
*************************************THANKS OPNSENSE TEAM*************************************************************
#85
25.7, 25.10 Series / Re: IPv6 connectivity error af...
Last post by TDroenner - January 20, 2026, 01:38:55 PMThanks, nero355. Not a problem at all. I was just curious.
#86
Hardware and Performance / Re: (Solved) Internet speeds r...
Last post by nero355 - January 20, 2026, 01:38:18 PMQuote from: manki_09 on January 18, 2026, 02:35:47 AMFlow Control on the Aruba switch wasn't working even though it was enabled.So Aruba Instant On 1930 with Firmware 3.3.2 and "Shaping Settings" (What kind of ?/Which ones exactly ?) has issues with buffering traffic between the 10 Gbps and 1 Gbps ports ?
Did testing between 10gb links and 1 gig links and found the same 300mbps when sending data from the 10gb links to 1gb but fine in the opposite direction.
I think there was a glitch in the Aruba Switch (3.3.2) that seemed to not apply flow control.
I finally got it to work after testing Aruba shaping setting and when removed the shaping settings it seems to work just fine. Speeds on 1gb links are good and also good on 2.5 and 10gb links.
The reason I am asking is that I have seen similar reports on both a Netgear Switch and Ubiquiti UniFi Routers and Switches sadly and to read that Aruba has this issue too is very disappointing, because I expected them to do this kind of stuff a lot better...
#87
General Discussion / Re: Where is TCP processed - C...
Last post by Seimus - January 20, 2026, 01:36:59 PMI would definitely advice to disable ASPM, either via BIOS or in Linux.
ASPM enabled can do a lot of performance related problems and realtek is not excluded from this.
The NIC stats, look good, there is no errors or dirty packets seen.
In regards of your testing, you have here some interesting results;
1. Iperf > fast to slow = throughput limited
2. Linux package updates = throughput slow
3. Browser download = fast
For
1. Iperf > fast to slow
Can you try to restest this but set P2 at least to trigger multicore spread of iperf? And post the results
Try scenarios where the slow is the client as well server, and during scenario where its client try with and without the flag -R
2. Linux package updates
This one is curious, cause you can be rate limited, try to refresh your mirrors
3. Browser download
No clue about this, I would assume similar results as for Iperf, but maybe this can be due to the fact the browsers is using multiple cores to process the packets.
As well what kind of congestion algoritm are you using? Maybe you can try to switch it to BBR.
Regards,
S.
ASPM enabled can do a lot of performance related problems and realtek is not excluded from this.
The NIC stats, look good, there is no errors or dirty packets seen.
In regards of your testing, you have here some interesting results;
1. Iperf > fast to slow = throughput limited
2. Linux package updates = throughput slow
3. Browser download = fast
For
1. Iperf > fast to slow
Can you try to restest this but set P2 at least to trigger multicore spread of iperf? And post the results
Try scenarios where the slow is the client as well server, and during scenario where its client try with and without the flag -R
2. Linux package updates
This one is curious, cause you can be rate limited, try to refresh your mirrors
3. Browser download
No clue about this, I would assume similar results as for Iperf, but maybe this can be due to the fact the browsers is using multiple cores to process the packets.
As well what kind of congestion algoritm are you using? Maybe you can try to switch it to BBR.
Regards,
S.
#88
25.7, 25.10 Series / Re: Periodic interface reset -...
Last post by franco - January 20, 2026, 01:31:39 PMWell, we're talking about the documented cron job name "periodic interface reset":
https://docs.opnsense.org/manual/settingsmenu.html#cron
And not all interfaces use DHCP but can still be "periodically reset".
Please don't shoot the messenger. This terminology was invented before we started our project. :)
Cheers,
Franco
https://docs.opnsense.org/manual/settingsmenu.html#cron
And not all interfaces use DHCP but can still be "periodically reset".
Please don't shoot the messenger. This terminology was invented before we started our project. :)
Cheers,
Franco
#89
General Discussion / subdomains / haproxy not worki...
Last post by kasperski1868 - January 20, 2026, 01:27:22 PMSo after a lot of fidgeting I got my synology apps and some docker applications wan-accessible through subdomains (on a cloudflare domain) with ACME/haproxy/unboundDNS in Opnsense. It worked both from lan and wan initially, but recently I discovered that now it only works from wan. Changes I' ve made recently are DNS through PiHole instance (proxmox) which I have already reverted back to the IP of the router, and a couple of Opnsense updates.
To anyones knowledge: could my (quite possibly imperfect) setup now be failing because of recent Opnsense changes?
To anyones knowledge: could my (quite possibly imperfect) setup now be failing because of recent Opnsense changes?
#90
25.7, 25.10 Series / Re: Periodic interface reset -...
Last post by nero355 - January 20, 2026, 01:07:24 PMQuote from: clarknova on January 20, 2026, 04:16:06 AMinterface reset
Quote from: franco on January 20, 2026, 12:16:58 PMinterface resetWhy are we not talking about a nice and clean DHCP Release & DHCP Renew ?!
When someone says 'Interface Reset' it sounds to me like they are just Disabling/Enabling the Interface or doing some weird driver related stuff or just pulling the cable and those things are a last resort in general...
