Messages

I tried to enable basic auth in Caddy to protect from brute-force attacks; I have done so by enabling basic auth on the domain. When testing this, I noticed I need to re-enter my credentials on every webpage I browse to. Somehow it doesn't stick.
A chatgpt consultation finds issues with the generated config file, but because it's generated by the GUI I am not able to try out any of the suggestions which would require manual editing of the config file, or make the changes permanent after that.
What would be the best way to proceed here?

I noticed the associated rules inherit the desciption from their (D)NAT parent, when using 'register rule'. I didn't experiment with the other options though.

Thanks, ticket is here: https://github.com/opnsense/core/issues/9858

I have an IPv6-enabled system, and noticed that the automatically generated rule 'let out anything from firewall host itself' is IPv4 only, and I couldn't find a similar rule for IPv6. Are more people seeing this?

It looks like the search bar in Interfaces → Neighbors → Automatic Discovery does a partial match. Searching for 192.168.1.1 also shows 192.168.1.1xx. Is there any way to force an exact match search?

It's currently 150 MB on my home router, mostly caused by IPv6 addresses which appear to change frequently over time. I also see log entries going back to the initial activation. Is there any expiry or cleanup mechanism in place for HostWatch data (database and/or logs)?

If the result of the test isn't output anywhere, what is the best way to get notified when things go awry?

Well, that's the harder part. AFAIK, there is no GUI option where you can configure this in an if-this-than-that way. You'll probably need to write a script that parses the output from 'smartctl -a' or '-x', and acts accordingly, and run that from cron or Monit.

Have you verified the status page under Services → SMART → Info (type: All) whether the tests actually ran? Take a look at the Self-test logs section in the output. Or directly from the console by running 'smartctl -a /dev/nvme0'. Keep in mind that SMART test results aren't logged in the backend, so you'll need to check them manually as mentioned above. They also can't be monitored directly from cron jobs; for that, you'll likely need to set up Monit or a similar monitoring tool.

I received an email this morning regarding the release of ZenArmor 2.1. Could you please confirm whether any action is required on my part to install the update? It doesn't appear to have upgraded automatically.

Additionally, does this release include the long-awaited multi-core / multi-thread support?

The nvm update tool offers the -rd option to reset user settings. However, the documentation doesn't clearly explain what this does. Would using this option be beneficial? My assumption is that it might remove manufacturer-specific tweaks and return the device to a more stock configuration, but I'm not certain.

You can also enable the autotrim property in zfs itself:

Code Select Expand

zpool set autotrim=on zroot
Of course scheduling with cron has the benefit of being able to plan when it happens, away from other i/o-intensive jobs, although I have never seen it take more than a few minutes at the very most.

Have you tried rebooting after toggling udp/raw? I found out it sometimes didn't reload the associated firewall rules automatically after a change.

The new 2.0 release of ZenArmor contains bugs that make it unreliable for my setup. Is there a way to install an older version and prevent it from being upgraded automatically during system updates?

Same here. I have increased ring_num to 1024, not running Suricata, and ZA crashes within hours. Even sooner when I do any performance testing. I have temporarily uninstalled ZA as to have a fresh start when a fix is released (have been running 2.1 alpha releases as well).

I'm getting this sequence of warnings, and it's always the same duid:

Code Select Expand

WARN [kea-dhcp6.alloc-engine.0x1340fa505700] ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[00:03:00:01:da:c5:77:4c:86:f0], [no hwaddr info],
tid=0x41270a: Failed to allocate an IPv6 address for client with classes: ALL, UNKNOWN
WARN [kea-dhcp6.alloc-engine.0x1340fa505700] ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[00:03:00:01:da:c5:77:4c:86:f0], [no hwaddr info],
tid=0x41270a: no pools were available for the lease allocation
WARN [kea-dhcp6.alloc-engine.0x1340fa505700] ALLOC_ENGINE_V6_ALLOC_FAIL_SUBNET duid=[00:03:00:01:da:c5:77:4c:86:f0], [no hwaddr info],
tid=0x41270a: failed to allocate an IPv6 lease in the subnet 2a02:xxxx:xxxx::/64, subnet-id 1, shared network (none)

A ChatGPT consultation suggests the generated config has some kind of class restriction, because the client has both the classes ALL and UNKNOWN, hence it not being assigned a pool to distribute an address from. I looked in the generated config files, and it doesn't seem to use anything with classes or reservations.

This is my kea-dhcpd6.conf:

Code Select Expand

{
    "Dhcp6": {
        "valid-lifetime": 4000,
        "interfaces-config": {
            "interfaces": [
                "igc0"
            ]
        },
        "lease-database": {
            "type": "memfile",
            "persist": true
        },
        "control-socket": {
            "socket-type": "unix",
            "socket-name": "\/var\/run\/kea6-ctrl-socket"
        },
        "loggers": [
            {
                "name": "kea-dhcp6",
                "output_options": [
                    {
                        "output": "syslog"
                    }
                ],
                "severity": "INFO"
            }
        ],
        "subnet6": [
            {
                "id": 1,
                "subnet": "2a02:xxxx:xxxx::\/64",
                "option-data": [],
                "pools": [
                    {
                        "pool": "2a02:xxxx:xxxx::1000-2a02:xxxx:xxxx::2000"
                    }
                ],
                "pd-pools": [],
                "reservations": [],
                "interface": "igc0",
                "pd-allocator": "random",
                "allocator": "random"
            }
        ],
        "hooks-libraries": [
            {
                "library": "\/usr\/local\/lib\/kea\/hooks\/libdhcp_lease_cmds.so"
            }
        ]
    }

Any ideas what the issue could be, or what to try further?