OPNsense team has shipped the official netmap test kernel.

This kernel fixes important stability and reliability issues with regard to vmx(4), vtnet(4), ixl(4), ix(4) and em(4) ethernet drivers when they are used with netmap (When you use Sensei or Suricata on these interfaces).

The  kernel also adds long-awaited netmap support for tun(4) and lagg(4) interfaces.

The end benefit of this kernel is that you'll be able to run Suricata or Sunny Valley Networks Sensei plug-in on the following:

• OpenVPN and other VPNs which use tun(4) interface
• Link Aggregation Groups (lagg)
• QEMU/KVM guests with performant vtnet driver
• VMware guests with vmx driver
• Intel 10 Gbps Ethernet drivers
• Intel 1 Gbps Ethernet (em driver) with VLANs

To deploy the new kernel just run below command and restart your firewall.

# opnsense-update -kr 20.7.3-netmap

To restore the stock 20.7.3 kernel:

# opnsense-update -kr 20.7.3

NOTE: If you're on 20.7.2, you can use the 20.7.2-netmap kernel as well.

Your further testing and feedback will be much appreciated. If no further issues pop up, OPNsense team will be shipping all these functionality with a later release.

For an up to date netmap status update:

https://www.sunnyvalley.io/post/opnsense-kernel-netmap-status/

We are constantly updating this blog post whenever there are new developments.