Topics

I am using OPNsense 24.10.11_2 on bare metal as my router, with ISC (DHCPv4) as my DHCP server and built-in Unbound as my DNS server. For my NAS I have configured a static IP address at 192.168.101.20 with hostname diskstation in ISC. The corresponding subnet 192.168.101.0/24 is a VLAN on the LAN port of my router.

In Unbound's General settings I checked "Register DHCP Static Mappings" and "Do not register system A/AAAA records" and in Unbound's Overrides I configured the following entry:

Code Select Expand

host:   diskstation
domain: <mydomain.net>
Type:   A (IPv4 address)
Value:  192.168.101.20
That works fine for the most part, except every couple of days Unbound suddenly starts resolving the host name "diskstation" to my WAN address on my Windows 10 client, as if the override didn't exist. In other words, when I ping "diskstation" I get my WAN address in return, but I can still ping 192.168.101.20 and receive a response from my NAS. But the override is still there, at least in the OPNsense UI.

When I disable (+save) and then reenable (+save) the Unbound override in the OPNsense UI, the problem goes away and - once again - the host name "diskstation" will resolve to 192.168.101.20, at least until the next time Unbound goes a bit senile. Still this is a bit of a nuisance, so I'm wondering, what information from my network and/or OPNsense I should gather the next time this happens, so the issue can be tracked down properly (and hopefully resolved in the future).

Thanks in advance for any guidance on this.

I am using Chrome on Android 14 (Google Pixel Tablet) to occasionally monitor or change my OPNsense settings and FWIW I have the option "Desktop site" enabled in my Chrome browser.

When I go to "Zenarmor : Policies" and tap on the "Default" policy's name, it will not show the Policy Settings. A current workaround is to long-press on the policy name and then select "Open in new tab"; the UI in the new tab will then show the policy settings. Still, it would be better, if the UI would just respond properly to a simple tap on the policy name.

[know]

Since I wanted to install Adguard on my bare-metal OPNsense 24.7.1 installation, I just added the repository for mimugmail with the commands

Code Select Expand

fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
pkg update (as described at https://github.com/mimugmail/opn-repo ).

I didn't install any packages from that repository, but - after adding the repository - I ran an update check at "System: Firmware: Status" and it showed me that there were several new packages that needed to be installed. I clicked the "Update" button on the "Update" tab and OPNsense installed several packages, however it also apparently uninstalled them immediately afterwards (e.g. lerc: 4.0.0).

Here's the Update log:

Code Select Expand


***GOT REQUEST TO UPDATE***
Currently running OPNsense 24.7.1 at Sat Aug 17 17:46:21 PDT 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Checking for upgrades (10 candidates): .......... done
Processing candidates (10 candidates): .......... done
The following 19 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
alsa-lib: 1.2.11 [mimugmail]
brotli: 1.1.0,1 [SunnyValley]
fontconfig: 2.15.0_2,1 [SunnyValley]
freetype2: 2.13.2 [SunnyValley]
giflib: 5.2.2 [SunnyValley]
graphite2: 1.3.14 [mimugmail]
jbigkit: 2.1_2 [SunnyValley]
jpeg-turbo: 3.0.3 [SunnyValley]
lcms2: 2.16_2 [mimugmail]
lerc: 4.0.0 [OPNsense]
libXext: 1.3.6,1 [mimugmail]
libXfixes: 6.0.0_1 [mimugmail]
libXi: 1.8_1,1 [mimugmail]
libXrender: 0.9.10_2 [mimugmail]
libdeflate: 1.20 [SunnyValley]
libfontenc: 1.1.8 [SunnyValley]
png: 1.6.43 [SunnyValley]
tiff: 4.6.0 [OPNsense]
zstd: 1.5.6 [SunnyValley]

Number of packages to be installed: 19

The process will require 18 MiB more space.
4 MiB to be downloaded.
[1/19] Fetching png-1.6.43.pkg: .......... done
[2/19] Fetching freetype2-2.13.2.pkg: .......... done
[3/19] Fetching jpeg-turbo-3.0.3.pkg: .......... done
[4/19] Fetching lcms2-2.16_2.pkg: .......... done
[5/19] Fetching libdeflate-1.20.pkg: .......... done
[6/19] Fetching libXfixes-6.0.0_1.pkg: .. done
[7/19] Fetching giflib-5.2.2.pkg: ......... done
[8/19] Fetching libXrender-0.9.10_2.pkg: .... done
[9/19] Fetching libXi-1.8_1,1.pkg: .......... done
[10/19] Fetching graphite2-1.3.14.pkg: .......... done
[11/19] Fetching alsa-lib-1.2.11.pkg: .......... done
[12/19] Fetching libfontenc-1.1.8.pkg: ... done
[13/19] Fetching zstd-1.5.6.pkg: .......... done
[14/19] Fetching brotli-1.1.0,1.pkg: .......... done
[15/19] Fetching libXext-1.3.6,1.pkg: .......... done
[16/19] Fetching fontconfig-2.15.0_2,1.pkg: .......... done
[17/19] Fetching jbigkit-2.1_2.pkg: .......... done
[18/19] Fetching tiff-4.6.0.pkg: .......... done
[19/19] Fetching lerc-4.0.0.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/19] Installing png-1.6.43...
[1/19] Extracting png-1.6.43: .......... done
[2/19] Installing jpeg-turbo-3.0.3...
[2/19] Extracting jpeg-turbo-3.0.3: .......... done
[3/19] Installing libdeflate-1.20...
[3/19] Extracting libdeflate-1.20: .......... done
[4/19] Installing zstd-1.5.6...
[4/19] Extracting zstd-1.5.6: .......... done
[5/19] Installing brotli-1.1.0,1...
[5/19] Extracting brotli-1.1.0,1: .......... done
[6/19] Installing jbigkit-2.1_2...
[6/19] Extracting jbigkit-2.1_2: .......... done
[7/19] Installing lerc-4.0.0...
[7/19] Extracting lerc-4.0.0: ........ done
[8/19] Installing freetype2-2.13.2...
[8/19] Extracting freetype2-2.13.2: .......... done
[9/19] Installing libXfixes-6.0.0_1...
[9/19] Extracting libXfixes-6.0.0_1: ....... done
[10/19] Installing libXext-1.3.6,1...
[10/19] Extracting libXext-1.3.6,1: .......... done
[11/19] Installing tiff-4.6.0...
[11/19] Extracting tiff-4.6.0: .......... done
[12/19] Installing lcms2-2.16_2...
[12/19] Extracting lcms2-2.16_2: .......... done
[13/19] Installing giflib-5.2.2...
[13/19] Extracting giflib-5.2.2: .......... done
[14/19] Installing libXrender-0.9.10_2...
[14/19] Extracting libXrender-0.9.10_2: .......... done
[15/19] Installing libXi-1.8_1,1...
[15/19] Extracting libXi-1.8_1,1: .......... done
[16/19] Installing graphite2-1.3.14...
[16/19] Extracting graphite2-1.3.14: .......... done
[17/19] Installing alsa-lib-1.2.11...
[17/19] Extracting alsa-lib-1.2.11: .......... done
[18/19] Installing libfontenc-1.1.8...
[18/19] Extracting libfontenc-1.1.8: ......... done
[19/19] Installing fontconfig-2.15.0_2,1...
[19/19] Extracting fontconfig-2.15.0_2,1: .......... done
Running fc-cache to build fontconfig cache...
=====
Message from freetype2-2.13.2:

--
The 2.7.x series now uses the new subpixel hinting mode (V40 port's option) as
the default, emulating a modern version of ClearType. This change inevitably
leads to different rendering results, and you might change port's options to
adapt it to your taste (or use the new "FREETYPE_PROPERTIES" environment
variable).

The environment variable "FREETYPE_PROPERTIES" can be used to control the
driver properties. Example:

FREETYPE_PROPERTIES=truetype:interpreter-version=35 \
cff:no-stem-darkening=1 \
autofitter:warping=1

This allows to select, say, the subpixel hinting mode at runtime for a given
application.

If LONG_PCF_NAMES port's option was enabled, the PCF family names may include
the foundry and information whether they contain wide characters. For example,
"Sony Fixed" or "Misc Fixed Wide", instead of "Fixed". This can be disabled at
run time with using pcf:no-long-family-names property, if needed. Example:

FREETYPE_PROPERTIES=pcf:no-long-family-names=1

How to recreate fontconfig cache with using such environment variable,
if needed:
# env FREETYPE_PROPERTIES=pcf:no-long-family-names=1 fc-cache -fsv

The controllable properties are listed in the section "Controlling FreeType
Modules" in the reference's table of contents
(/usr/local/share/doc/freetype2/reference/index.html, if documentation was installed).
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 19 packages:

Installed packages to be REMOVED:
alsa-lib: 1.2.11
brotli: 1.1.0,1
fontconfig: 2.15.0_2,1
freetype2: 2.13.2
giflib: 5.2.2
graphite2: 1.3.14
jbigkit: 2.1_2
jpeg-turbo: 3.0.3
lcms2: 2.16_2
lerc: 4.0.0
libXext: 1.3.6,1
libXfixes: 6.0.0_1
libXi: 1.8_1,1
libXrender: 0.9.10_2
libdeflate: 1.20
libfontenc: 1.1.8
png: 1.6.43
tiff: 4.6.0
zstd: 1.5.6

Number of packages to be removed: 19

The operation will free 18 MiB.
[1/19] Deinstalling lcms2-2.16_2...
[1/19] Deleting files for lcms2-2.16_2: .......... done
[2/19] Deinstalling fontconfig-2.15.0_2,1...
[2/19] Deleting files for fontconfig-2.15.0_2,1: .......... done
[3/19] Deinstalling freetype2-2.13.2...
[3/19] Deleting files for freetype2-2.13.2: .......... done
[4/19] Deinstalling libXi-1.8_1,1...
[4/19] Deleting files for libXi-1.8_1,1: .......... done
[5/19] Deinstalling tiff-4.6.0...
[5/19] Deleting files for tiff-4.6.0: .......... done
[6/19] Deinstalling png-1.6.43...
[6/19] Deleting files for png-1.6.43: .......... done
[7/19] Deinstalling jpeg-turbo-3.0.3...
[7/19] Deleting files for jpeg-turbo-3.0.3: .......... done
[8/19] Deinstalling libfontenc-1.1.8...
[8/19] Deleting files for libfontenc-1.1.8: ......... done
[9/19] Deinstalling zstd-1.5.6...
[9/19] Deleting files for zstd-1.5.6: .......... done
[10/19] Deinstalling brotli-1.1.0,1...
[10/19] Deleting files for brotli-1.1.0,1: .......... done
[11/19] Deinstalling libdeflate-1.20...
[11/19] Deleting files for libdeflate-1.20: .......... done
[12/19] Deinstalling libXext-1.3.6,1...
[12/19] Deleting files for libXext-1.3.6,1: .......... done
[13/19] Deinstalling libXfixes-6.0.0_1...
[13/19] Deleting files for libXfixes-6.0.0_1: ....... done
[14/19] Deinstalling giflib-5.2.2...
[14/19] Deleting files for giflib-5.2.2: .......... done
[15/19] Deinstalling libXrender-0.9.10_2...
[15/19] Deleting files for libXrender-0.9.10_2: .......... done
[16/19] Deinstalling jbigkit-2.1_2...
[16/19] Deleting files for jbigkit-2.1_2: .......... done
[17/19] Deinstalling graphite2-1.3.14...
[17/19] Deleting files for graphite2-1.3.14: .......... done
[18/19] Deinstalling alsa-lib-1.2.11...
[18/19] Deleting files for alsa-lib-1.2.11: .......... done
[19/19] Deinstalling lerc-4.0.0...
[19/19] Deleting files for lerc-4.0.0: ........ done
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/p5-NetAddr-IP-4.079.pkg
/var/cache/pkg/jna-5.7.0_1~fd296c07d1.pkg
/var/cache/pkg/py311-boto3-1.34.153~5e9e7e0afb.pkg
/var/cache/pkg/py311-jmespath-1.0.1_1.pkg
/var/cache/pkg/py311-jmespath-1.0.1_1~faa1697ff9.pkg
/var/cache/pkg/java-zoneinfo-2021.e.pkg
/var/cache/pkg/libXdmcp-1.1.5~9acc7cee03.pkg
/var/cache/pkg/libxcb-1.16.1~e3a4da7a4a.pkg
/var/cache/pkg/javavmwrapper-2.7.10.pkg
/var/cache/pkg/libSM-1.2.3_1,1.pkg
/var/cache/pkg/p5-NetAddr-IP-4.079~240b826cbe.pkg
/var/cache/pkg/openjdk8-8.402.06.1_1.pkg
/var/cache/pkg/libICE-1.1.0_2,1~dbf45c85fe.pkg
/var/cache/pkg/fontconfig-2.15.0_2,1~bf23c56c96.pkg
/var/cache/pkg/tiff-4.6.0~03aee41964.pkg
/var/cache/pkg/elasticsearch8-8.11.3.pkg
/var/cache/pkg/libXi-1.8_1,1~c75b3a3b76.pkg
/var/cache/pkg/javavmwrapper-2.7.10~7bf11c05e6.pkg
/var/cache/pkg/libICE-1.1.0_2,1.pkg
/var/cache/pkg/ddclient-3.11.2_1~3048b1a69f.pkg
/var/cache/pkg/p5-Data-Validate-IP-0.27.pkg
/var/cache/pkg/libXfixes-6.0.0_1~112ddedf00.pkg
/var/cache/pkg/libXfixes-6.0.0_1.pkg
/var/cache/pkg/libXt-1.3.0,1.pkg
/var/cache/pkg/py311-boto3-1.34.153.pkg
/var/cache/pkg/py311-botocore-1.34.153~c92e9feb69.pkg
/var/cache/pkg/libinotify-20211018_1~06839f03ba.pkg
/var/cache/pkg/jpeg-turbo-3.0.3~2b2514f810.pkg
/var/cache/pkg/lcms2-2.16_2~d0fd020876.pkg
/var/cache/pkg/libfontenc-1.1.8~c32e4188e2.pkg
/var/cache/pkg/libXext-1.3.6,1.pkg
/var/cache/pkg/tiff-4.6.0.pkg
/var/cache/pkg/libXau-1.0.9_1~269e3bd687.pkg
/var/cache/pkg/libXt-1.3.0,1~279730e2bd.pkg
/var/cache/pkg/jbigkit-2.1_2.pkg
/var/cache/pkg/libdeflate-1.20.pkg
/var/cache/pkg/libxcb-1.16.1.pkg
/var/cache/pkg/lcms2-2.16_2.pkg
/var/cache/pkg/elasticsearch8-8.11.3~ce17c6fcf3.pkg
/var/cache/pkg/os-ddclient-1.23~1e36470ba1.pkg
/var/cache/pkg/libXau-1.0.9_1.pkg
/var/cache/pkg/ddclient-3.11.2_1.pkg
/var/cache/pkg/java-zoneinfo-2021.e~1866fc49e3.pkg
/var/cache/pkg/libX11-1.8.7_1,1~bd42b7d5ae.pkg
/var/cache/pkg/libX11-1.8.7_1,1.pkg
/var/cache/pkg/xorgproto-2023.2.pkg
/var/cache/pkg/bash-5.2.26_1.pkg
/var/cache/pkg/openjdk17-17.0.10+7.1_1~cbfcd42d5b.pkg
/var/cache/pkg/libXi-1.8_1,1.pkg
/var/cache/pkg/freetype2-2.13.2~76fa19cd6b.pkg
/var/cache/pkg/lerc-4.0.0.pkg
/var/cache/pkg/os-ddclient-1.23.pkg
/var/cache/pkg/jpeg-turbo-3.0.3.pkg
/var/cache/pkg/libXdmcp-1.1.5.pkg
/var/cache/pkg/libXrender-0.9.10_2.pkg
/var/cache/pkg/alsa-lib-1.2.11.pkg
/var/cache/pkg/giflib-5.2.2~61b06a0d8a.pkg
/var/cache/pkg/zstd-1.5.6~e14bb59e2e.pkg
/var/cache/pkg/jna-5.7.0_1.pkg
/var/cache/pkg/libfontenc-1.1.8.pkg
/var/cache/pkg/py311-s3transfer-0.10.2.pkg
/var/cache/pkg/brotli-1.1.0,1.pkg
/var/cache/pkg/graphite2-1.3.14.pkg
/var/cache/pkg/bash-5.2.26_1~7d19e7a1ea.pkg
/var/cache/pkg/libinotify-20211018_1.pkg
/var/cache/pkg/zstd-1.5.6.pkg
/var/cache/pkg/libSM-1.2.3_1,1~82735b4476.pkg
/var/cache/pkg/libdeflate-1.20~1df5782c2a.pkg
/var/cache/pkg/png-1.6.43.pkg
/var/cache/pkg/fontconfig-2.15.0_2,1.pkg
/var/cache/pkg/libXext-1.3.6,1~30005c79a9.pkg
/var/cache/pkg/brotli-1.1.0,1~8e55295843.pkg
/var/cache/pkg/freetype2-2.13.2.pkg
/var/cache/pkg/jbigkit-2.1_2~4b5c73fda2.pkg
/var/cache/pkg/giflib-5.2.2.pkg
/var/cache/pkg/libXrender-0.9.10_2~020f4558f9.pkg
/var/cache/pkg/p5-Data-Validate-IP-0.27~c6d994fa31.pkg
/var/cache/pkg/xorgproto-2023.2~774aecc8ab.pkg
/var/cache/pkg/py311-botocore-1.34.153.pkg
/var/cache/pkg/graphite2-1.3.14~d2a11600d5.pkg
/var/cache/pkg/openjdk8-8.402.06.1_1~2760de3ee0.pkg
/var/cache/pkg/openjdk17-17.0.10+7.1_1.pkg
/var/cache/pkg/alsa-lib-1.2.11~67ac8ae257.pkg
/var/cache/pkg/py311-s3transfer-0.10.2~5eaadca94c.pkg
/var/cache/pkg/png-1.6.43~e10fcb01ca.pkg
/var/cache/pkg/lerc-4.0.0~c20e4a3f69.pkg
The cleanup will free 395 MiB
Deleting files: .......... done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***


When I ran an Update check again, I once again got the message that 19 packages need to be installed:

Code Select Expand


***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.7.1 at Sat Aug 17 18:01:06 PDT 2024
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 838 packages processed.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: ......... done
Processing entries: ..... done
SunnyValley repository update completed. 66 packages processed.
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: ........ done
Processing entries: .......... done
mimugmail repository update completed. 202 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (10 candidates): .......... done
Processing candidates (10 candidates): .......... done
The following 19 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
alsa-lib: 1.2.11 [mimugmail]
brotli: 1.1.0,1 [SunnyValley]
fontconfig: 2.15.0_2,1 [SunnyValley]
freetype2: 2.13.2 [SunnyValley]
giflib: 5.2.2 [SunnyValley]
graphite2: 1.3.14 [mimugmail]
jbigkit: 2.1_2 [SunnyValley]
jpeg-turbo: 3.0.3 [SunnyValley]
lcms2: 2.16_2 [mimugmail]
lerc: 4.0.0 [OPNsense]
libXext: 1.3.6,1 [mimugmail]
libXfixes: 6.0.0_1 [mimugmail]
libXi: 1.8_1,1 [mimugmail]
libXrender: 0.9.10_2 [mimugmail]
libdeflate: 1.20 [SunnyValley]
libfontenc: 1.1.8 [SunnyValley]
png: 1.6.43 [SunnyValley]
tiff: 4.6.0 [OPNsense]
zstd: 1.5.6 [SunnyValley]

Number of packages to be installed: 19

The process will require 18 MiB more space.
4 MiB to be downloaded.
***DONE***


It seems that the package manager is inconsistent re. the packages it actually needs to install. Even a reboot of OPNsense didn't help. I should note that I don't know that adding the mimugmail repository is related to this problem, the inconsistency might have been there before this (but I didn't check for updates before adding the mimugmail repository).

Could someone please advise me how to fix this inconsistency or how to further diagnose the root cause of this? (Since I'm an OPNsense and FreeBSD newbie, don't hesitate to be pretty specific  ;) )

[only on the physical interface]

I am currently in the process of configuring my first OPNSense bare metal system, which - once completed - will replace my current router, an Arista Untangle NGFW system in my home.

The only WAN port I will have open will be for an incoming remote Wireguard connection, so I can log into my home network, when on the road. I have configured GeoIP to block incoming remote connection attempts from most countries and I have also installed CrowdSec to block connection attempts from (and to) rogue IPs.

Re. the latter (CrowdSec) I have two questions:

1. CrowdSec (and various other tutorials) suggest that - in addition to the automatically generated rules for incoming connection attemps -  one should also manually create outgoing (in) rules on the LAN interface to block connection attempts from malware that is already inside our home network to remote servers.

Do I need to create such rules only on the physical interface (LAN, OPT1, OPT2, etc) or also on the virtual intefaces (e.g. VLANs and VPNs)?

I am asking because the documentation for ZenArmor states to only select physical interfaces for monitoring, since that will include monitoring on all associated virtual interfaces as well. I don't know, if the same logic would apply to CrowdSec as well.

2. After signing up and registering my unit on the CrowdSec website I saw that I can subscribe to 3 free 3rd party blocklists.  At the moment I am not quite sure which ones are best for my use-case (only port open is for Wireguard).

For now I subscribed to the "Firehol cruzit.com" list and the "Firehold cybercrime tracker" list. Perhaps the "Firehold SSL proxies" list would make sense as well (to counter circumvention of GeoIP and other block lists)?
I'm not sure at all, so I'd appreciate any advice on this matter, even if it's just to make sure that I'm asking the right questions, when picking a blocklist.

Thank you very much in advance for your advice and help.

[in]

Hi all,

I'm new to OPNsense and still trying to learn the ropes, particularly with regards to firewall rules.

It is my current understanding that the "in" and "out" directions for rules are from the view of the firewall.

• Thus a request originating on a computer in my LAN to the outside world, would be checked against "in" rules on the LAN interface and (if allowed to pass) against "out" rules on the WAN interface. (I also understand that "in" rules are generally more efficient and thus preferable.)
• Conversely a request originating on the internet to a computer on my LAN would be checked against "in" rules on my WAN interface and - if allowed to pass - against "out" rules on the LAN interface.
  

Assuming my understanding is correct, here's my question: At https://www.zenarmor.com/docs/network-security-tutorials/how-to-install-and-configure-crowdsec-on-opnsense#adding-firewall-rules zenarmor provides a guide to installing and configuring CrowdSec on OPNsense.

In the section "Adding Firewall Rules" they talk about blocking connections originating on the LAN side to malevolent IP Addresses on the WAN side and they show a Floating Rule assigned to the LAN interface for that purpose. However the rule they show is an "out" rule and I would have expected it to be an "in" rule, since traffic originating on LAN and going to the internet would be inbound on the LAN interface.

I don't have CrowdSec installed yet, but I tried an equivalent rule scenario in OPNsense with a homegrown floating rule assigned to my LAN interface, blocking ICMP access to destination 1.1.1.1. As an IN-rule it works as expected and blocks a ping request, but as an OUT-rule the ping goes through (also expected).

So, I'm wondering, if I am missing something very essential here regarding floating rules or did they simply make a small mistake in their guide by defining this as an "out" rule?
(Note: I'm not trying to pick on them, the fact that they provide those guides is great. But before pointing this out to them, I'd rather ensure, that the problem isn't the guy in front of the computer.)

Thanks in advance for any clarification you can provide.