Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Gauss23

Pages1 2 3 ... 52
#1
26.1, 26,4 Series / IPsec/Strongswan CVE-2026-47895
June 09, 2026, 08:14:17 PM
Hi,

is OPNsense affected by https://www.strongswan.org/blog/2026/06/08/strongswan-vulnerability-(cve-2026-47895).html ?

Looks like 6.0.6 is the version currently installed with 26.1.9.

As this might be used for RCE without any authentication, it should be addressed, if affected.

Thank you.
#2
General Discussion / Re: FreeBSD CVEs released
December 18, 2025, 04:03:06 PM
I just saw that in 25.7.10 the issue FreeBSD-SA-25:12.rtsold[2] was addressed.
#3
General Discussion / FreeBSD CVEs released
December 18, 2025, 03:42:48 PM
Hi,

there were some new disturbing CVEs released. Is OPNsense affected?

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2874

and here is a Reddit about it: https://www.reddit.com/r/freebsd/comments/1pol93z/20251216_freebsd_errata_notices_and_security/
#4
Development and Code Review / Re: Plugin not added to the firmware section of config.xml
January 22, 2025, 06:47:54 PM
Thanks Franco. The plugin is installed via the firmware UI. It's currently in on a custom repo, the plugin is the listed ready for installation, like the original plugins. But after installation it stays in the state of ,,misconfigured". Is this normal for plugins from custom repos?

I would like to add this plugin to the OPNsense plugin repo. What is needed to do so? Create a pull-request?

Kind regards,
Chris
#5
Development and Code Review / Plugin not added to the firmware section of config.xml
January 19, 2025, 12:21:37 PM
Hi everyone,

I'm in the process of helping to develop a Netbird plugin for OPNsense.
It actually works quite well already, as you can read here: https://github.com/netbirdio/netbird/issues/2200#issuecomment-2600784609

The plugin os-netbird is reported as misconfigured in the plugin section.

I discovered that the plugin is not registering in the firmware section in the config.xml, i.e.:
    <firmware version="1.0.1">
      <mirror/>
      <flavour/>
      <plugins>os-qemu-guest-agent</plugins>
      <type/>
      <subscription/>
      <reboot/>
    </firmware>

When adding the os-netbird after os-qemu-guest-agent, it is reported as installed.

What is the problem?
The plugin code is here:
https://github.com/moserpjm/opnsense-plugins/tree/stable/24.7/net/netbird

I assume it's just a small issue.

Thank you!
#6
General Discussion / Re: Nominate OPNsense and FreeBSD Foundation for Proton's Fundraiser (Big Reward)!!
November 10, 2024, 11:45:40 AM
+1
#7
24.7, 24.10 Legacy Series / Re: Protectli FW2B Upload Speeds Slow
November 10, 2024, 07:48:55 AM
Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.
#8
General Discussion / Re: Put dedicated LAN port in VLAN?
November 09, 2024, 06:58:18 AM
Why do you want to use a single VLAN?
You could just plug a switch to the LAN port and connect your client devices.

What's the goal of the VLAN 500?
#9
Virtual private networks / Re: Zerotier Firewall Rules
October 26, 2024, 08:33:40 AM
As always: check the firewall live log and filter by interface. I assume that Zerotier address as source is not correct. I think this is an automatically created alias by OPNsense for the local interface address. Change it to any for a moment and check again. Always enable logging on your rules.
#10
Virtual private networks / Re: Can Netbird or Nebula perform at the edge? (like Tailscale)
October 26, 2024, 08:29:59 AM
Did you use the getting-started script with podman, too? Or did you configure the management node manually?
#11
General Discussion / Re: Who uses opnsense in companies
October 24, 2024, 09:46:29 PM
Quote from: bimbar on October 24, 2024, 10:39:24 AM
We have some opnsense firewalls in the field.

It lacks some critical features for us to roll it out in a wider context.

For example:
- better firewall rule ui
- an easier way to import basic configuration, a cli would be great for that

To be honest, the firewall rule ui is one of the best I've seen. Don't like the FortiGate view. There are a couple of small things I would change and some annoyances but nothing deal breaking.

Which ui is better in your opinion?

The last FortiManager security flaw was really scary.
#12
German - Deutsch / Re: Traffic Sharping: Wie kann ich "nur" Youtube in einen Wireguard Tunnel lenken?
October 23, 2024, 07:23:34 PM
Firewall live log und dort entsprechend auf die Quelle filtern z.B.
#13
General Discussion / Re: Who uses opnsense in companies
October 22, 2024, 10:55:06 PM
Sadly, that's manager speech. There was the quote "Nobody gets fired for buying IBM" in the past. The same applies for products which are in the Gartner quadrant in the upper right. Open source products always struggle against common managers.
They calculate some funny total cost of ownership (TCO) and bring some "uncalculatable risk" on the open source side.
Good thing is that there is good commercial support for OPNsense.

The managers will still say that it's easier to find a technician for a Meraki/FortiGate/Palo and so on instead of someone who knows OPNsense.
#14
24.7, 24.10 Legacy Series / Re: NETDATA plugin not working
October 18, 2024, 06:45:27 PM
My Netdata plugins also don't work anymore. Can't tell since which version. The version in the FreeBSD ports is sadly also very old. Maybe it's an option to install it in a different way?
#15
German - Deutsch / Re: Traffic Sharping: Wie kann ich "nur" Youtube in einen Wireguard Tunnel lenken?
October 14, 2024, 11:53:13 AM
Also was ich so gefunden habe, wäre das hier:
googlevideo.com
youtu.be
youtube-nocookie.com
youtube.com
youtube.googleapis.com
youtubei.googleapis.com
ytimg.com
ytimg.l.google.com

Die als Alias anlegen und dann als Destination nutzen. GW dann umbiegen auf den WG Tunnel.
Pages1 2 3 ... 52