"Recent posts
#91
General Discussion / Re: How to set limited bandwif...
Last post by meyergru - January 26, 2026, 10:30:22 PMIsn't that exactly what the documentation shows? https://docs.opnsense.org/manual/how-tos/shaper_limit_per_user.html
#92
Hardware and Performance / Re: SFP+ to RJ45 slow WAN spe...
Last post by pfry - January 26, 2026, 10:16:11 PMQuote from: Seimus on January 26, 2026, 08:31:00 PM[...]SFPs have often a MON[...]
Grr. Good point:
Code Select
root@fw:/home/user # ifconfig -v ixl3
ixl3: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: x710p3 (opt4)
options=4800028<VLAN_MTU,JUMBO_MTU,HWSTATS,MEXTPG>
ether 3c:fd:fe:e7:2d:8b
media: Ethernet autoselect (10Gbase-SR <full-duplex>)
status: active
nd6 options=9<PERFORMNUD,IFDISABLED>
drivername: ixl3
plugged: SFP/SFP+/SFP28 10G Base-SR (LC)
vendor: Intel Corp PN: AFBR-709DMZ-IN3 SN: AA202830LM3 DATE: 2020-07-11
module temperature: 27.90 C voltage: 3.35 Volts
lane 1: RX power: 0.51 mW (-2.92 dBm) TX bias: 5.46 mA
root@fw:/home/user # #93
General Discussion / How to set limited bandwifth f...
Last post by Arno - January 26, 2026, 10:10:46 PMHi,
Sometimes a computer on my LAN uses all the available bandwidth.
How do I setup Shaper?
Goal: Max bandwidth as default accept for some computers.
Now I have: Four Pipes: Down/Up for Max and Limited.
No queues.
Four rules: Down/Up for Computer to limit first (Limited pipes) followed by rules for LAN (Max pipes)
At the Status page there are stats for the max pipes but none for the limited pipes.
Sometimes a computer on my LAN uses all the available bandwidth.
How do I setup Shaper?
Goal: Max bandwidth as default accept for some computers.
Now I have: Four Pipes: Down/Up for Max and Limited.
No queues.
Four rules: Down/Up for Computer to limit first (Limited pipes) followed by rules for LAN (Max pipes)
At the Status page there are stats for the max pipes but none for the limited pipes.
#94
26.1 Series / Re: 26.1.rc1 -> 26.1 rc2 ........
Last post by Cljackhammer - January 26, 2026, 09:56:41 PMI upgraded as well and it went smoothly. Additionally, the latest version of hostwatch is a massive improvement in terms of disk writes. I can leave it enabled now.
#95
25.7, 25.10 Series / Re: New site PPPoE PMTU woes
Last post by ToasterPC - January 26, 2026, 09:42:11 PMQuote from: meyergru on January 24, 2026, 10:22:34 PMIf reducing the MTU size on your Windows client does not fix the problem, them maybe the MTU size is not the problem after all?Honestly that's quite likely, though I'm still unsure on how to test for such a scenario.
Quote from: meyergru on January 24, 2026, 10:22:34 PMDid you try the ping to your OpnSense instance itself, too?Yes, and it seems getting to the firewall itself has no issues with employing packets way above the interface MTU
Code Select
Pinging 10.10.1.1 with 10000 bytes of data:
Reply from 10.10.1.1: bytes=10000 time=2ms TTL=64
Reply from 10.10.1.1: bytes=10000 time=32ms TTL=64
Reply from 10.10.1.1: bytes=10000 time=14ms TTL=64
Reply from 10.10.1.1: bytes=10000 time=2ms TTL=64
Reply from 10.10.1.1: bytes=10000 time=2ms TTL=64
Ping statistics for 10.10.1.1:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 32ms, Average = 10msQuote from: meyergru on January 24, 2026, 10:22:34 PMFor modern Windows versions, I think they automagically set the MTU size - IDK how they do that exactly, however. I do not have the problem, as both my WAN and LAN MTUs are 1500 bytes.Tbh neither do I, but I do know how to set it manually if it's ever needed (thanks to this GitHub Gist):
From an Administrative Command Prompt/PowerShell session, use the following command to list the system's available interfaces and their current MTU values:
Code Select
netsh interface ipv4 show subinterfacesWhich in my case outputs the following:
Code Select
MTU MediaSenseState Bytes In Bytes Out Interface
---------- --------------- ------------ ------------ -------------
4294967295 1 0 169774 Loopback Pseudo-Interface 1
1500 5 0 0 Onboard GbE
1464 1 1872595478 40841253 WiFi
1500 5 0 0 Local Area Connection* 1
1500 5 0 0 USB 2.5GbE
1280 1 0 17580 Tailscale
1500 5 0 0 Local Area Connection* 2
65535 5 0 0 Local Area Connection
1500 1 0 120046 vEthernet (Default Switch)
1500 1 189514 974851 vEthernet (WSL (Hyper-V firewall))
1500 1 1968 151879 VMware Network Adapter VMnet1
1500 1 1968 150820 VMware Network Adapter VMnet8
1500 5 0 0 Bluetooth Network ConnectionAs such, after identifying the interface needing the change, the MTU can be set by using this other command:
Code Select
netsh interface ipv4 set subinterface "WiFi" mtu=1464If everything went as expected, the output will be:
Code Select
Ok. #96
Tutorials and FAQs / Re: HOWTO - Redirect all DNS R...
Last post by JavierĀ® - January 26, 2026, 09:36:20 PMHi, the best option for redirecting DNS is to use rdr on the same interface.
rdr pass in quick on $if_lan proto { udp tcp } from any to any port domain -> lo0 port domain
I use it on OpenBSD
pass in quick on $if_lan proto { udp tcp } from any to any port domain rdr-to lo0 port domain
rdr pass in quick on $if_lan proto { udp tcp } from any to any port domain -> lo0 port domain
I use it on OpenBSD
pass in quick on $if_lan proto { udp tcp } from any to any port domain rdr-to lo0 port domain
#97
High availability / Re: CARP OS-FRR timeout after ...
Last post by franco - January 26, 2026, 09:03:56 PMWasn't it this one? https://github.com/opnsense/plugins/commit/2cc2215bb
If so we're hotfixing this for the last update of 25.7.11_x shortly after 26.1 is out this week.
Cheers,
Franco
If so we're hotfixing this for the last update of 25.7.11_x shortly after 26.1 is out this week.
Cheers,
Franco
#98
26.1 Series / Re: 26.1.rc1 -> 26.1 rc2 ........
Last post by PoMpIs - January 26, 2026, 09:02:33 PMI've also upgraded from RC1 to RC2 and everything works perfectly. I've ported the old rules to the new rules.
I also really like the categories in the new rules. 👌
Cheers 😊
I also really like the categories in the new rules. 👌
Cheers 😊
#99
26.1 Series / Re: New rule system
Last post by Monviech (Cedrik) - January 26, 2026, 08:57:24 PMAnother way to force priority changes:
- Fake Floating: Add a random loopback interface additionally to any single interface rule
- Fake Group: Add a new firewall group with a single interface
Or you change the approach how you build your ruleset.
- Fake Floating: Add a random loopback interface additionally to any single interface rule
- Fake Group: Add a new firewall group with a single interface
Or you change the approach how you build your ruleset.
#100
26.1 Series / Re: New rule system
Last post by franco - January 26, 2026, 08:54:32 PMIt kind of depends what parameters you're targeting the traffic on. You can just use a floating rule without an interface selected while select the source or destination of the traffic in an "in" direction rule correctly. There's no apparent need for an interface and routing domains don't exist so networks don't overlap in a routing setup.
Cheers,
Franco
Cheers,
Franco
