"
I just saw that in 25.7.10 the issue FreeBSD-SA-25:12.rtsold[2] was addressed.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
General Discussion / FreeBSD CVEs released
December 18, 2025, 03:42:48 PM
Hi,
there were some new disturbing CVEs released. Is OPNsense affected?
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2874
and here is a Reddit about it: https://www.reddit.com/r/freebsd/comments/1pol93z/20251216_freebsd_errata_notices_and_security/
there were some new disturbing CVEs released. Is OPNsense affected?
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2874
and here is a Reddit about it: https://www.reddit.com/r/freebsd/comments/1pol93z/20251216_freebsd_errata_notices_and_security/
#3
Development and Code Review / Re: Plugin not added to the firmware section of config.xml
January 22, 2025, 06:47:54 PM
Thanks Franco. The plugin is installed via the firmware UI. It's currently in on a custom repo, the plugin is the listed ready for installation, like the original plugins. But after installation it stays in the state of ,,misconfigured". Is this normal for plugins from custom repos?
I would like to add this plugin to the OPNsense plugin repo. What is needed to do so? Create a pull-request?
Kind regards,
Chris
I would like to add this plugin to the OPNsense plugin repo. What is needed to do so? Create a pull-request?
Kind regards,
Chris
#4
Development and Code Review / Plugin not added to the firmware section of config.xml
January 19, 2025, 12:21:37 PM
Hi everyone,
I'm in the process of helping to develop a Netbird plugin for OPNsense.
It actually works quite well already, as you can read here: https://github.com/netbirdio/netbird/issues/2200#issuecomment-2600784609
The plugin os-netbird is reported as misconfigured in the plugin section.
I discovered that the plugin is not registering in the firmware section in the config.xml, i.e.:
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins>os-qemu-guest-agent</plugins>
<type/>
<subscription/>
<reboot/>
</firmware>
When adding the os-netbird after os-qemu-guest-agent, it is reported as installed.
What is the problem?
The plugin code is here:
https://github.com/moserpjm/opnsense-plugins/tree/stable/24.7/net/netbird
I assume it's just a small issue.
Thank you!
I'm in the process of helping to develop a Netbird plugin for OPNsense.
It actually works quite well already, as you can read here: https://github.com/netbirdio/netbird/issues/2200#issuecomment-2600784609
The plugin os-netbird is reported as misconfigured in the plugin section.
I discovered that the plugin is not registering in the firmware section in the config.xml, i.e.:
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins>os-qemu-guest-agent</plugins>
<type/>
<subscription/>
<reboot/>
</firmware>
When adding the os-netbird after os-qemu-guest-agent, it is reported as installed.
What is the problem?
The plugin code is here:
https://github.com/moserpjm/opnsense-plugins/tree/stable/24.7/net/netbird
I assume it's just a small issue.
Thank you!
#5
General Discussion / Re: Nominate OPNsense and FreeBSD Foundation for Proton's Fundraiser (Big Reward)!!
November 10, 2024, 11:45:40 AM
+1
#6
24.7, 24.10 Legacy Series / Re: Protectli FW2B Upload Speeds Slow
November 10, 2024, 07:48:55 AM
Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.
#7
General Discussion / Re: Put dedicated LAN port in VLAN?
November 09, 2024, 06:58:18 AM
Why do you want to use a single VLAN?
You could just plug a switch to the LAN port and connect your client devices.
What's the goal of the VLAN 500?
You could just plug a switch to the LAN port and connect your client devices.
What's the goal of the VLAN 500?
#8
Virtual private networks / Re: Zerotier Firewall Rules
October 26, 2024, 08:33:40 AM
As always: check the firewall live log and filter by interface. I assume that Zerotier address as source is not correct. I think this is an automatically created alias by OPNsense for the local interface address. Change it to any for a moment and check again. Always enable logging on your rules.
#9
Virtual private networks / Re: Can Netbird or Nebula perform at the edge? (like Tailscale)
October 26, 2024, 08:29:59 AM
Did you use the getting-started script with podman, too? Or did you configure the management node manually?
#10
General Discussion / Re: Who uses opnsense in companies
October 24, 2024, 09:46:29 PMQuote from: bimbar on October 24, 2024, 10:39:24 AM
We have some opnsense firewalls in the field.
It lacks some critical features for us to roll it out in a wider context.
For example:
- better firewall rule ui
- an easier way to import basic configuration, a cli would be great for that
To be honest, the firewall rule ui is one of the best I've seen. Don't like the FortiGate view. There are a couple of small things I would change and some annoyances but nothing deal breaking.
Which ui is better in your opinion?
The last FortiManager security flaw was really scary.
#11
German - Deutsch / Re: Traffic Sharping: Wie kann ich "nur" Youtube in einen Wireguard Tunnel lenken?
October 23, 2024, 07:23:34 PM
Firewall live log und dort entsprechend auf die Quelle filtern z.B.
#12
General Discussion / Re: Who uses opnsense in companies
October 22, 2024, 10:55:06 PM
Sadly, that's manager speech. There was the quote "Nobody gets fired for buying IBM" in the past. The same applies for products which are in the Gartner quadrant in the upper right. Open source products always struggle against common managers.
They calculate some funny total cost of ownership (TCO) and bring some "uncalculatable risk" on the open source side.
Good thing is that there is good commercial support for OPNsense.
The managers will still say that it's easier to find a technician for a Meraki/FortiGate/Palo and so on instead of someone who knows OPNsense.
They calculate some funny total cost of ownership (TCO) and bring some "uncalculatable risk" on the open source side.
Good thing is that there is good commercial support for OPNsense.
The managers will still say that it's easier to find a technician for a Meraki/FortiGate/Palo and so on instead of someone who knows OPNsense.
#13
24.7, 24.10 Legacy Series / Re: NETDATA plugin not working
October 18, 2024, 06:45:27 PM
My Netdata plugins also don't work anymore. Can't tell since which version. The version in the FreeBSD ports is sadly also very old. Maybe it's an option to install it in a different way?
#14
German - Deutsch / Re: Traffic Sharping: Wie kann ich "nur" Youtube in einen Wireguard Tunnel lenken?
October 14, 2024, 11:53:13 AM
Also was ich so gefunden habe, wäre das hier:
googlevideo.com
youtu.be
youtube-nocookie.com
youtube.com
youtube.googleapis.com
youtubei.googleapis.com
ytimg.com
ytimg.l.google.com
Die als Alias anlegen und dann als Destination nutzen. GW dann umbiegen auf den WG Tunnel.
googlevideo.com
youtu.be
youtube-nocookie.com
youtube.com
youtube.googleapis.com
youtubei.googleapis.com
ytimg.com
ytimg.l.google.com
Die als Alias anlegen und dann als Destination nutzen. GW dann umbiegen auf den WG Tunnel.
#15
German - Deutsch / Re: OPNsense - Wireguard läuft nicht so wie gewünscht
October 07, 2024, 09:56:38 PM
Here it is how it looks for me:
Instance:
https://pasteboard.co/rlLuEvVx9qsq.png
Peer:
https://pasteboard.co/1cidmdokuhQM.png
Die Gegenseite hat:
10.4.3.30/26 als Tunnel Address
und 10.4.3.1/32,10.4.3.0/26 bei Allowed IPs
Instance:
https://pasteboard.co/rlLuEvVx9qsq.png
Peer:
https://pasteboard.co/1cidmdokuhQM.png
Die Gegenseite hat:
10.4.3.30/26 als Tunnel Address
und 10.4.3.1/32,10.4.3.0/26 bei Allowed IPs
