Messages

Akvorado is another great option to visualize flows without any artifical limitations or registration requirements.

After the upgrade that required the rule migration, my Failover no longer works.

It's completely your own choice to migrate the rules or not for now and probably until the end of the year or so !! ;)

It's too late. I already migrated the rules. Now my Failover doesn't work.

Rollback your backup config!

Has anyone found a way to verify that Wazuh is running properly via Monit?

Using pid files are problematic since they are created with the pid in the filename meaning monit check will break when the process gets a new id:


ls -lah /var/ossec/var/run/wazuh*
-rw-r-----  1 wazuh wazuh    6B Mar 30 22:21 /var/ossec/var/run/wazuh-agentd-91844.pid
-rw-r-----  1 wazuh wazuh  599B Apr  3 15:14 /var/ossec/var/run/wazuh-agentd.state
-rw-r-----  1 root  wazuh    6B Mar 30 22:21 /var/ossec/var/run/wazuh-execd-87687.pid
-rw-r-----  1 root  wazuh    5B Mar 30 22:21 /var/ossec/var/run/wazuh-logcollector-1027.pid
-rw-r-----  1 root  wazuh  1.4K Apr  3 15:14 /var/ossec/var/run/wazuh-logcollector.state
-rw-r-----  1 root  wazuh    5B Mar 30 22:21 /var/ossec/var/run/wazuh-modulesd-4657.pid
-rw-r-----  1 root  wazuh    6B Mar 30 22:21 /var/ossec/var/run/wazuh-syscheckd-97682.pid

My opnsense is a server, and when I travel I can connect to the OpenVPN server with my OpenVPN client config.  All using Ubuntu  24.04. 
Keep in mind the OpenVPN still works fine, but in Opnsense there's no longer a way to generate client configs and export them.  YES I can create a new client config as an 'instance', but there doesn't seem to be a way to export that into a file that can be imported into NetworkManager.
In the previous opnsense version the client config/export worked great. 

I can export client configs perfectly fine from VPN: OpenVPN: Client Export.

Could it be that your OpenVPN server is still under legacy config?
If so you should recreate the OpenVPN server with the modern design and remove the os-openvpn-legacy plugin.

My claim is valid n not over panaroid about security. I cannot disclose the country I live in. 
I added RESET WAN interface every 10 min using cron job.

Well, hate to be that guy but from an external perspective it does indeed look pretty paranoid. Especially considering the duration of those posts spanning over years...

Do you have any proof to backup your claims of it being valid? Like do you have any IDS/IPS/SIEM logs to show?

Otherwise I would start there, it might even be a good exercise for you in order to strengthen your own cybersecurity.

Wazuh agent is available in OPNsense community plugins. Install it together with Suricata, spend some time configuring it. Install a Wazuh server on another host and ship the data from the Wazuh agent on OPNsense to the server.

If you hardware supports it I would also extend it with SPAN/Mirror for your WAN interface. You can use another host with Zeek for that.

At least try to bring some proofs to prove your point, otherwise you risk ending up sounding like a madman or a troll spreading FUD.

I own a couple of Yubikeys and use them for public cloud services and I totally disagree that this deserves priority in OPNsense.

It's obviously more of a business edition feature that a very low percentage of core edition users will ever use.

Thanks for this great guide! Successfully upgraded my i226 to 2.32.

Anyone know where I can get the firmware files for IX driver NICS?

device     = '82599ES 10-Gigabit SFI/SFP+ Network Connection'

dev.ix.0.fw_version: eTrack 0x800003de

I also just upgraded and am a bit confused by the phrasing on the IPv6 changes.

"Dnsmasq is now the default for DHCPv4 and DHCPv6 as well as RA out of the box.  One thing that the upstream software cannot cover is prefix delegation so that is no longer offered by default.  Use another DHCPv6 server in this case."

I previously used Track interface and ISC was handling the DHCPv6, KEA is handling DHCPv4.

Now I switched from Track Interface (legacy) to Identity association and obviously my clients cannot get any DHCPv6.

What would be the correct way forward?
Can I keep KEA for DHCPv4 and use DNSmasq for DHCPv6?
Or should I migrate everything from KEA and use DNSmasq for both?

I think Zenarmor is one of the worst examples of reverse feature creep I've ever seen in an application.

At the time, Sensei was actually one of the reasons that made me decide to switch from pf to OPN. Paid for home license for two years but after losing features year after year it was not worth it in the end. Looks like they are still trying to find ways to limit their application.

Hi all,

I setup haproxy a long time ago and through blood and sweat I managed to get it to work.
I now want to make some changes and I can't remember what I did!

The main problem I am having is I want to change my front end authenticator from authelia to tinyauth.
looking at the config file, I have a bunch of stuff I somehow managed to manually add to the file, under my public facing services I have a line in the config saying  # WARNING: pass through options below this line, with a bunch of stuff I somehow managed to stick underneath it, but I don't remember where or how I did it, and I need to make some changes to these.

if it helps, whenever I test syntax, I get a soft warning message with a bunch of "[WARNING] (33030) : config : parsing [/usr/local/etc/haproxy.conf.staging:132] : a 'http-request' rule placed after a 'use_backend' rule will still be processed before."

That warning is just a warning and depending on how complex your HAProxy rules are it can be something you just you have to live with. I've been having it for as long as I can remember.

May I suggest tunable replacing realteak with Intel NIC.

You could take a look at LNAV:

https://lnav.org/

Yeah it's that zenarmor crap doing it.

My OPNsense installation have been alot more "Zen" since I just stopped using that piece of trash software.

Then don't lol.

Current DHCPB is not going away (yet).


I'm very happy to see them implement KEA as it's the way.

Cloudflares WAF is a god compared to Zenarmor.

You cannot even compare them feature wise.