"
Ntopng scans for vulnerabilities in your network including SSH on port 22 ...
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
General Discussion / Re: Destination Port 22
May 30, 2025, 10:04:02 PM
Are you using ssh for anything?
#3
German - Deutsch / Re: OPNSense die ersten Anfänge.. VLAN??
May 30, 2025, 08:10:30 PM
PPPoE läuft teilweise nur auf einem Core und mit der aktuellen Implementierung (mpd5) ist es schwierig, mehr als 1 G/s zu erreichen. Ist aber eigentlich ein Provider-Problem. PPPoE gehört weg. Braucht kein Mensch.
#4
German - Deutsch / Re: OPNSense die ersten Anfänge.. VLAN??
May 30, 2025, 02:32:42 PM
@Zapad weshalb sollte die OPNsense nicht mit wire speed zwischen den VLANs routen? 2,5 G/s ist nun wirklich keine Kunst. 1 G/s schafft sogar ein APU4D4. Es ist nur PPPoE, was problematisch ist.
#5
General Discussion / Re: hosed myself by doing zpool upgrade
May 29, 2025, 11:13:48 PMQuote from: fbfarms on May 29, 2025, 10:48:35 PM1. Does anybody know how to fix the boot loader problem - that seems simplest but the various things I tried didn't seem to work.
That's quite simple, actually. You need to copy the current boot loader to your drive. You did not provide the details of your pool topology, so I am assuming you are running the OPNsense default install on a single drive. Correct?
Anyway you need a system with a current boot loader up and running. If you can afford the downtime, just boot your system with a FreeBSD 14.2 image from USB.
Then check with
Quotegpart show
what your partition layout looks like. Mine is this:
Code Select
root@opnsense:~ # gpart show
=> 40 500118112 nda0 GPT (238G)
40 532480 1 efi (260M)
532520 1024 2 freebsd-boot (512K)
533544 984 - free - (492K)
534528 16777216 3 freebsd-swap (8.0G)
17311744 482805760 4 freebsd-zfs (230G)
500117504 648 - free - (324K)
So we have an EFI partition and a legacy boot partition and since we do not know how your system boots we will update both of them. Replace the device names as fits your system. I assume you have a shell in a current FreeBSD 14.2 system, checked your partition layout and know which partition contains what. E.g. EFI is partition 1 and legacy is partition 2 - adjust if necessary. Same for the device ("nda0" in my case).
Code Select
# update legacy boot code
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 nda0
# update EFI boot code
mount -t msdosfs /dev/nda0p1 /mnt
mkdir -p /mnt/efi/boot /mnt/efi/freebsd
cp /boot/loader.efi /mnt/efi/boot/bootx64.efi
cp /boot/loader.efi /mnt/efi/freebsd/loader.efi
umount /mnt
HTH,
Patrick
#6
25.1, 25.4 Production Series / Re: Netgate 8200 with OPNsense - lagg not working
May 29, 2025, 07:57:00 PM
OK, hash policy needs to match, LACP slow or fast interval needs to match. You probably need to explicitly set these on the OPNsense side.
Most common is L2+L3 hash.
Most common is L2+L3 hash.
#7
25.1, 25.4 Production Series / Re: Netgate 8200 with OPNsense - lagg not working
May 29, 2025, 07:46:49 PM
What kind of switch is at the other end and are the ports properly configured for LACP?
#8
Virtual private networks / Re: WireGuard Peer Setup | use of firewall Aliases for Allowed IPs (Feature Request)
May 29, 2025, 06:15:54 PM
Best put this as a feature request on github, please.
#9
25.1, 25.4 Production Series / Re: DMZ to DNS on DMZ interface not working
May 29, 2025, 04:16:33 PM
The source port is not 53 but any.
#10
25.1, 25.4 Production Series / Re: dnsmasq and query forwarding
May 29, 2025, 02:19:59 PM
I wasn't aware of that. We have Unifi gear in two office locations with the controller placed in our data centre, so routed connection. I have been using option 43 ever since we started to use Unifi.
So I could add a host override for "unifi." in Unbound ...
Anyway Kea in OPNsense needs a procedure to introduce selected custom options we agree on. I'll give it a try.
So I could add a host override for "unifi." in Unbound ...
Anyway Kea in OPNsense needs a procedure to introduce selected custom options we agree on. I'll give it a try.
#11
25.1, 25.4 Production Series / Re: dnsmasq and query forwarding
May 29, 2025, 02:00:16 PMQuote from: Monviech (Cedrik) on May 29, 2025, 12:15:01 PMThis means, KEA + Unbound with static leases could work for businesses if they want a different DHCP server + DNS server combination. (As it exists right now)
It does for me at home and will do @work once we get the unifi option 43 issue solved. I am indeed quite satisfied with Kea, needs only minor improvements.
Kind regards,
Patrick
#13
German - Deutsch / Re: Q: Wird der Umstieg von ISC DHCPv4 auf Kea DHCP automatisiert ablaufen?
May 29, 2025, 12:43:34 PM
Es gibt bis jetzt keine automatische Übernahme. Einige User hier habe Skripte gepostet, die z.B. bei der Übernahme statischer Leases helfen.
Z.B. der liebe @meyergru:
https://github.com/meyergru/iscdhcp_to_kea
Z.B. der liebe @meyergru:
https://github.com/meyergru/iscdhcp_to_kea
#14
25.1, 25.4 Production Series / Re: Updated to 25.1.x.x
May 28, 2025, 09:59:37 PM
Sorry, I have one isolated system that is still on version 22.1 "for reasons" and in the e.g. Firewall > Rules > LAN view the menu with the "Automatically generated rules" is just right there in the upper right corner.
That has been there for as long as I have been using OPNsense.
That has been there for as long as I have been using OPNsense.
#15
