Messages

@both: Strange reincarnation...
@Avery: If there is virtualisation option in OPNsense in some scenarios will be good to spare one OS layer(PVE or ESXi etc...) it it's a lighweight case.
@chemlud: Explane what is not clear and i will try to make you understand :D

Hi @deibit,

I think every Intel Core with AES and 4 or more cores @3GHz or more is OK for OPNsense with Sensei and Elastic. In the incoming 1.5 you will have the option to choose backend database manually and this misunderstanding will be solved. May be it's good to upgrade cpu to non-L Haswell or Broadwell cpu for better VPN throughput. Also you have to know that for some strange reason Ubench rates Haswell Xeons way lower than non-xeon i5 on same clocks...

Hi @Antaris,

This looks good and should've worked. But with 1.5 database selection will be optional if the device has enough memory but weak cpu (e.g. 200.000<>300.000 cpu score).

We hope to release 1.5 late this month.

By the way, I think this was your request, you can now request re-classification for a web site through Sunny Valley website ;)

https://www.sunnyvalley.io/site-classification/

Hi @mb,

Looking forward to 1.5 and thx for the classification option. :)

Hi faisal,

Than it must be the cpu score. There is a 300.000 minimum cpu score requirement for Elasticsearch.

Here's  a quick hack:

1. Remove /usr/local/sensei/etc/.configdone

Code Select Expand

rm /usr/local/sensei/etc/.configdone

3. Edit /usr/local/opnsense/scripts/OPNsense/Sensei/check_hardware.sh file and locate these lines:

Code Select Expand

if [ $CPU_SCORE -le 300000 ]; then
       CPU_PROPER="false"
else
       CPU_PROPER="true"
fi


Change 300000 to a lower value, like 200000. 

4. Do a browser refresh on the OPNsense UI, and click on any sensei menu. It'll re-run the config wizard. Now it should select Elasticsearch.

Now I'm thinking: for cpu scores between 200K and 300K and if there is enough memory (>=8GB) I think we should let the user decide on the database backend.

This solution no longer works on fresh install today. And i can't find from where to choose Elastic engine...

It's good to know that there will be second live for overpriced Sophos routers after initial licenses expired...

Most of us that runs OPNsense and have such needs using Sensei from SunnyValley Networks now. I'm not sure they can work simultaneously...

I like to see and try another NGFW complex solution, especially with integrated QOS, so - go on :)

Dude, i feel you... There is more up-to-date non-DNS method of filtration called Sensei here:
https://forum.opnsense.org/index.php?topic=9521.0
It's way wider, faster and easier to use it. The free version works at glance way better in any means.

In short you can use integrated Realteks on your mobo as WANs if they needed at all...
If you will not use them better disable them in BIOS.

@mb, may be is a good idea to implement report form in the web filtration page, where we can report sites that pass through blocked specific category.

Hi @Antaris, is this the landing page which gets displayed when a block happens or the Web Controls menu?

Nope. I mean a form where we can report porn sites URLs to your company that loads when pornography category is restricted.

Hi Petrus,

Sensei protect internal interface(s). If you want to protect tagged and untagged networks, try to put them on different physical ports.

@mb, may be is a good idea to implement report form in the web filtration page, where we can report sites that pass through blocked specific category.

"o HardenedBSD 12.1 has been postponed to the next major release"
...

@mb,

Sent for this one and replied for the one from 24-th...

From the last update (1.3_1) my widget won't show info: