Messages

When I retry the update only haproxy is upgraded but not restarted. Everything OK after manual start of the service.

Exact same on my 25.1.1 upgrade, and same fix - 2nd upgrade then manual service start.

Dumb question, but where would one report a dashboard widget issue?

The new tailscale dashboard widget always shows Exit Node "No", even if Exit Node is configured and working.


Jason

Would there be any possibility of moving toward 14.1 this summer?

I genuinely hope NOT! This is supposed to be a security platform, not a bleeding edge / use fresh untested code platform.

I mean, they can do what they want of course, but I definitely would not install the 24.7 release if it is FreeBSD 14.1 based. Too new for my tastes.

Not from me, no. Sorry. I would get physical hardware. :)

Ideas....


1. Running your perimeter security device in a VM is a very poor security practice.
2. If you must run in a VM, review what virtual hardware devices you are using in the VM for the NICs. You may have chosen a high compatibility, but lower performance, option. Paravirtualized is typically higher performance than Intel or VMware options in Proxmox.
3. Review CPU and memory configuration of the VM. Increased throughput usually required some amount of increased CPU.
4. Review what the hardware NICs you have in the host. Maybe that is all the throughput they can handle when used in a virtualized environment, not that uncommon with Realtek NICs (although that is a lot less true today than it used to be in the past).

When using unboud - the default DNS server - you just ensure the following check boxes are checked in Unbound DNS -> General:

Register DHCP Leases
and
Register DHCP Static Mappings

If not using unbound I wouldn't know.

I guess I don't understand the use case...

Is your interface half duplex? If not, the ingress and egress bandwidth are independent of each other, and what you are trying to do wouldn't make sense?

but now I plan to abandon OPNsense after this debacle as it appears quality control is nonexsistent or lazy

No worries. Good luck on whatever other system you choose.

I would rollback to a version prior to 22.7

I would give different advice, and I think it applies to all software in general: never install v1 of a new release chain on a production system - wait for the 1st point release... AKA if 22.7 didn't have something you needed immediately, it would be better to wait for 22.7.x release, or test offline 1st...

I forgot about that!

The vlan exclusion option doesn't show up at all on the configuration screen when on the free version, and I hadn't installed my license yet after the rebuild.

I'll go install my license and exclude the VLANs I want to ignore. Duh on me.

Thanks!

EDIT: Installed my license, and excluded the unwanted VLANs. Thanks again.

I changed around my hardware when moving to 22.1.

Now I have 1 10Gb connection.

LAN - untagged/parent interface
IoT1 - vlan2
IoT2 - vlan3
...

I only want to monitor LAN and IoT1 in Sensei (purely to work around the Sensei device count license restrictions).

Is there away to monitor the parent and EXCLUDE/NOT MONITOR some of the child vlans? Or is it always going to count devices on all child vlans no matter what if you incluide the parent?

If the latter, I will definitely go above 100 devices due to many devices on my IoT2 vlan.

Very true!

$559/yr 100 device SOHO vs $99/yr HOME license is a big leap for just 2 more policies though (at least for this home user)... And $1361/yr for a BUSINESS 100 device license is even further out of reach.

But you are right that they do have other offerings with more capabilities.

It's a great product, and the quality of data categorization is very good based on my review of the data over the past year, I just want to be able to use it MORE as a home user. :)

My subscription ends 11/28, so I thought I would ask one last time...

Are there any plans on adding more policies for the Home license?

If not, then I won't renew. With a main, guest, and IoT vlan + adult vs kid policy needs, I simply can't do what I need in only 3 policies. I expect many other home users that separate IoT, main, and Guest traffic are in the same situation.

Thanks,
Jason

- a few more policies for the home subscription, to make your average network security admin happy, who's coming home from working with Checkpoint and Cisco. This way we could cover the basics, with a policy each for guest, IoT, kids and parents. Plus one or two to experiment with.

This times 1000. ZenArmor identifying traffic is next to useless if you can't actually use that introspection to DO SOMETHING. And with only 3 policies available, you can't do much of anything if you have a main,  guest, and IoT VLAN - which many people do these days...

Throw in kids vs adult policy needs and you definitely can't do what you need in 3 policies... This is 100% a deal breaker/will not renew my subscription issue for me. So I guess after 11/28 you won't have to put up with my complaining any more.

[filtering]

Reporting is better, and it is much easier to setup/maintain as you don't have to micromanage a bunch of lists and FW rules.

If you are OK with existing reporting, and don't mind manually setting up a bunch of lists and keeping them up to date, then that's cool too.

But I will point out that if you want really granular filtering (not just identification/reporting), you can't use Sensei anyway as you only get 3 profiles with the PAID version - default + 2 custom. So if you have >3 "groups" of things to filter with different rules you can't do it in Sensei anyway...

It kind of doesn't matter to me any more. Unless they give us the ability to make more profiles, I couldn't actually do anything useful with more devices in Sensei anyway.

Them being in there is great.... But if I can't make the right policies to do something with them, it is a bit meaningless to me.