"
Sorry if this is a stupid question, but i've noticed my WAN's external IP addr is included as a route in the loopback address... is that to be expected?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
General Discussion / Re: v.high wired memory
May 09, 2023, 04:40:06 PM
Disabling IOMMU in the BIOS has brought it way down
#3
General Discussion / v.high wired memory
May 09, 2023, 03:02:04 PM
This expected memory usage with ZenArmor running? (APU2c4)
I can't really remember what is was prior to the issue with 1.13, but I don't remember it being this high.
I can't really remember what is was prior to the issue with 1.13, but I don't remember it being this high.
#4
Zenarmor (Sensei) / Re: V1.13 after upgrade does not block web sites
May 07, 2023, 03:22:17 PM
I'm seeing very high RAM usage to (+/-80% of 4GB) with high usage related to what appears to be ZenArmor services
I tried reinstalling ZenArmor and then opnsense factory reset, but none of it helped
Saw a msg saying services were waiting to start or failing
Looks like there's something wrong with it, for me at least (us)
I tried reinstalling ZenArmor and then opnsense factory reset, but none of it helped
Saw a msg saying services were waiting to start or failing
Looks like there's something wrong with it, for me at least (us)
#5
Zenarmor (Sensei) / Re: V1.13 after upgrade does not block web sites
May 06, 2023, 04:29:40 PM
can confirm there appears to be an issue here with the essentially security policies
if any of the following are enabled, all filtering across app, web, and security stops working :
bad ip
non-existent domains
hacking sites
potentially dangerous
undecided not safe
tested using mobile browser with no addons enabled and an ad block test site
just went through the essential sec policies enabling and disabling one after another
if any of the following are enabled, all filtering across app, web, and security stops working :
bad ip
non-existent domains
hacking sites
potentially dangerous
undecided not safe
tested using mobile browser with no addons enabled and an ad block test site
just went through the essential sec policies enabling and disabling one after another
#6
Intrusion Detection and Prevention / CrowdSec bouncer
May 01, 2023, 04:47:54 PM
I've noticed having the Crowdsec IDS enabled results is a lot of CPU usage.
If I just enabled just the IPS bouncer, will the blocklist aliases still update?
I've also got ZenArmor running.
If I just enabled just the IPS bouncer, will the blocklist aliases still update?
I've also got ZenArmor running.
#7
General Discussion / PPPoE; IPoE; low power multi-threaded devices
March 19, 2023, 01:31:07 PM
Been looking for a fibre provider who doesn't use PPPoE.
Toob (UK) said they use IPoE.
From what I've read this is not an encapsulated protocol, using DHCP options for auth.
Just wanted to checked if IPoE's an issue with BSD based routers, like the single threaded PPPoE daemon is?
Are there other issues that could impact performance or limit functionality?
Toob (UK) said they use IPoE.
From what I've read this is not an encapsulated protocol, using DHCP options for auth.
Just wanted to checked if IPoE's an issue with BSD based routers, like the single threaded PPPoE daemon is?
Are there other issues that could impact performance or limit functionality?
#8
General Discussion / 23.1 upnp
February 01, 2023, 01:26:29 PM
do you still have to set up hybrid NAT rules for UPNP to work properly?
#9
22.7 Legacy Series / Re: unbound dns stops sporadically
November 10, 2022, 01:50:34 PM
Using the blocklist does it for me
Disabled everything except Threatfox IOC... no problems
Disabled everything except Threatfox IOC... no problems
#10
Hardware and Performance / APU's and IOMMU
October 27, 2022, 02:14:19 PM
APU's have IOMMU support in the CoreBoot BIOS.
I know it's a virtualisation thing, but wondering if it's something you'd want enabled anyway for other purposes?
I know it's a virtualisation thing, but wondering if it's something you'd want enabled anyway for other purposes?
#11
Intrusion Detection and Prevention / Re: Netmap api 14
June 02, 2022, 02:43:28 PM
What NIC's does your router use?
#12
23.7 Legacy Series / Re: [Tutorial/Call for Testing] Enabling Receive Side Scaling on OPNsense
March 19, 2022, 05:16:24 PMCode Select
The current Suricata/Netmap implementation limits this re-injection to one thread only.
Work is underway to address this issue since the new Netmap API (V14+) is now capable of increasing this thread count.
Until then, no benefit is gained from RSS when using IPS. Any news on this? This plus RSS on lower power multi-cored devices sounds interesting.
#13
Hardware and Performance / Re: [APU2] Connection issues, random lags, drops
March 03, 2022, 08:05:34 PM
Cloudflare DNS is an anycast network.
https://www.cloudflare.com/en-gb/learning/cdn/glossary/anycast-network/
Just a guess, but some of those reponses, for whatever reason, could be coming from the other side of the world.
https://www.cloudflare.com/en-gb/learning/cdn/glossary/anycast-network/
Just a guess, but some of those reponses, for whatever reason, could be coming from the other side of the world.
#15
Virtual private networks / Re: Zerotier Lan Routing help!
December 12, 2021, 10:57:11 PM
I'm strugglgin with this to.
I can ping in to my LAN from a ZT node via OPNsense, just not the other way around.
I can ping in to my LAN from a ZT node via OPNsense, just not the other way around.
