Messages

Better idea, thanks again!

"OPNsense Additions", but let me fix that for 17.7.9 to be more selective. This is a historic limitation, we added a vendor namespace in the config.xml but the old restore code only supports a flat node model, which is our entire vendor space.

https://github.com/opnsense/core/issues/1951


Cheers,
Franco

Hi,

Likely a USB 3.0 stick issue. 2.0 works ok and kern.cam.boot_delay is in the images.

Nano is the same as full install, it expands after boot so you don't lose any disk space, but you will want to enable the swap file under System: Settings: Misc.


Cheers,
Franco

Yup, thanks for mentioning this. I don't know if we will update the BETA kernel at this point or wait for RC.


Cheers,
Franco

Glad to hear!  ;D


Cheers,
Franco

It takes a bit for the mirror to sync, that's all. :)


Cheers,
Franco

Hi everyone,

A shiny new update is available, addressing the recent security advisories from FreeBSD, OpenSSL, Sudo and a number of minor bugs.

To all our 18.1-BETA testers we say this: thank you! The results have been thoroughly positive. If you would like to participate as well, please take a closer look:

https://forum.opnsense.org/index.php?topic=6257.0

And here are the full patch notes:

o firewall: when CARP is disabled it should enable the "Block CARP traffic"
o firewall: isAlias() should return false when an empty name is provided
o firewall: support non-whitespace field separators for URL table alias (contributed by shonjir)
o firewall: table plugin support (contributed by Evgeny Bevz)
o firewall: properly skip L2TP and PPTP interfaces in IPFW
o firmware: add mirror courtesy of Ventura Systems, Columbia
o firmware: crash report file size limit for upload
o interfaces: prevent reconfigure of wireless device on rc.linkup
o reporting: clear tooltip in health graphs
o intrusion detection: prevent UI lockups by closing server sessions early
o intrusion detection: add advanced payload log option
o intrusion detection: improved alert inspection dialog
o ipsec: add passthrough networks support
o ipsec: add support for elliptical curve DH groups
o router advertisements: fix DHCPv6 start in "unmanaged" mode
o installer: limit swap partition size to 8 GB (contributed by Frank Wall)
o web proxy: add update cache support for Linux and Windows (contributed by Fabian Franz)
o web proxy: add support UTF-8 domain names (contributed by Alexander Shursha)
o web proxy: improved IPv6 alias support
o ui: make "full help" state sticky in client session
o lang: Japanese updates (contributed by Chie and Takeshi Taguchi)
o lang: German updates (contributed by Fabian Franz)
o lang: Russian updates (contributed by Smart-Soft)
o lang: Czech updates (contributed by Pavel Borecki)
o plugins: os-siproxd 1.2.1 with fix for RTP high port (contributed by mrpace2)
o plugins: os-smart 1.2 now indicates if no devices have been found (contributed by Larry Meaney)
o plugins: os-telegraf 1.1 adds network input setting (contributed by nycaleksey)
o plugins: os-tor 1.2 adds hidden service onion service client support (contributed by Fabian Franz)
o plugins: os-web-proxy 2.1 makes Kerberos hostname configurable (contributed by Evgeny Bevz)
o src: properly bzero kldstat structure to prevent information leak [1]
o src: fix kernel data leak via ptrace(PT_LWPINFO) [2]
o src: only refresh bsnmpd device table on a device add or remove event
o src: unclog reply-to to avoid default route in shared forwarding
o src: update timezone database information
o ports: phalcon 3.2.4[3]
o ports: php 7.0.25[4]
o ports: sqlite 3.21.0[5]
o ports: openssl 1.0.2m[6]
o ports: ca_root_nss 3.34
o ports: sudo 1.8.21p2_1[7]


Stay safe,
Your OPNsense team

--
[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc
[2] https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc
[3] https://github.com/phalcon/cphalcon/releases/tag/v3.2.4
[4] http://de2.php.net/ChangeLog-7.php#7.0.25
[5] https://sqlite.org/changes.html
[6] https://www.openssl.org/news/secadv/20171102.txt
[7] https://bugzilla.sudo.ws/show_bug.cgi?id=807

FWIW, your modifications will not be overwritten by the 17.7.8 upgrade. I tested this to make sure. :)


Cheers,
Franco

The code does not write itself, that's all I'm trying to convey.

Okay, added Intrusion detection and Web Proxy board and seeded these with a post so they are not empty, archived (read-only) 15.x and 16.x boards and now everything is shiny... :)


Thanks,
Franco

I would say LAN is our default and acts as a good quality settings. Nobody ever came to us and said "this doesn't work" and Suricon last week would have been a good time for the experts to say that. :)

From your logs, the problem seems to be a physical drop. You could try two things:

1. Add a small plastic switch to WAN so that the link to the NIC does not go down. Maybe the drop is coming from the device in front of your NIC, which can't cope with the full traffic.

2. Change the WAN to a different NIC port, worst case where your LAN resides so that you can make sure the port is not damaged. Do this with and without 1. to see if that changes things.


Cheers,
Franco

Hi Maurice,

Thanks, I totally forgot about 97c4edf. Nice catch.

Just let me know what we are still missing and then we can ship the whole batch of improvements in a subsequent 17.7.x.


Cheers,
Franco

Hi magnust,

The update is not in 17.7.8 today, but will follow in 17.7.9, so you may need to apply the patch manually again.

Thank you for the report and testing!


Cheers,
Franco

That not so easy stuff to figure out was already part of a larger overhaul of the plugin itself. We will also have documentation based on this new plugin version 2, but it takes time to get there. Fraenki, the maintainer, works on this quite relentlessly, so please bear with us. :)


Cheers,
Franco

It seems the only thing that is truly free is choice. :)


Cheers,
Franco