Random blocking UDP packets when playing multiplayer games

Started by vlnc, October 11, 2025, 03:33:35 PM

Previous topic - Next topic
Hi everyone,

I'm running this version of OPNSense in a VM ESXi hosted:
OPNsense 25.7.5-amd64
FreeBSD 14.3-RELEASE-p4
OpenSSL 3.0.18

Since I don't really know when this is happening (I mean since which opnsense update), I got this side effect :
While playing online on a server on my favorite game (squad on pc as an example), I got huge lags for a limited time (dozen of seconds) with effects like no more VOIP, everyone running into walls ect... cause of UDP packets are blocked/not processed by OPNSense. Result is sometimes after the lag and UDP packets transmitted again, I'm disconnected from the server, sometimes I'm not.

My network setup is pretty simple :

My PC : 192.168.2.2/24 using 192.168.2.1/24 (opnsense) as default gateway
Opnsense : using my ISP router as main and only gateway / DNS server (I need to SNAT traffic from/to 192.168.2.0/24 by 192.168.2.1 to my ISP router to access Internet cause I can't setup a static route on my ISP router (which is in 192.168.1.0/24) like "ip route 192.168.2.0/24 via 192.168.2.1/32".

Firewall rules on User interface is : 192.168.2.0/24 any any allow

As drawing is better than writing :



For your understanding of my OPNSense current configuration, list of services (enabled/disabled) :

  • Captive portal -> Disabled
  • DHCRelay -> Disabled
  • Dnsmasq DNS & DHCP -> Disabled
  • Intrusion Detection -> Disabled
  • ISC DHCPv4 -> Enabled
  • ISC DHCPv6 -> Disabled
  • Kea DHCP -> Disabled
  • Monit -> Enabled
  • Network Time -> Enabled
  • OpenDNS -> Disabled
  • Unbound DNS -> Enabled

Start ask chatgpt, redirected me to :
-> bug in opnsense since switching to pf (XD)
-> flush state table (pfctl -F states)
-> UDP State timeout to short
-> Service IDS/IPS suricata (disabled as you seen)
-> Update Bogons / GeoIP (weird cause I shouldn't be able to connect to the game server at the first place no ?)
-> Normalization rules on WAN interface (timeout parameter is missing in GUI)
-> System > Settings > Tunables then add these parameters net.pf.udp_first to 120, net.pf.udp_single to 120 and net.pf.udp_multiple to 180

I don't really know where to look for right now and I don't want to change parameters that I don't really know it will have a good or bad effect without your advices.

Anyone as an idea ? I'm only using GUI, doesn't made in changes via CLI/SSH.

I will investigate if this impact TCP traffic too.

Thanks for your help.

Regards,
vlnc

While i don't have similar problems, first thoughts are its either one of the following:
- Bad/marginal cable. Replace some cables to see if it helps.
- Loss of ICMP / ICMPv6 packets at the WAN interface, similar to what is discussed in this topic: https://forum.opnsense.org/index.php?topic=46990.0
You could try the suggested solutions.
Deciso dec3840: EPYC Embedded 3101, 16GB RAM, 512GB NVMe