Messages

When I retry the update only haproxy is upgraded but not restarted. Everything OK after manual start of the service.

Exact same on my 25.1.1 upgrade, and same fix - 2nd upgrade then manual service start.

Dumb question, but where would one report a dashboard widget issue?

The new tailscale dashboard widget always shows Exit Node "No", even if Exit Node is configured and working.


Jason

Would there be any possibility of moving toward 14.1 this summer?

I genuinely hope NOT! This is supposed to be a security platform, not a bleeding edge / use fresh untested code platform.

I mean, they can do what they want of course, but I definitely would not install the 24.7 release if it is FreeBSD 14.1 based. Too new for my tastes.

When using unboud - the default DNS server - you just ensure the following check boxes are checked in Unbound DNS -> General:

Register DHCP Leases
and
Register DHCP Static Mappings

If not using unbound I wouldn't know.

I guess I don't understand the use case...

Is your interface half duplex? If not, the ingress and egress bandwidth are independent of each other, and what you are trying to do wouldn't make sense?

but now I plan to abandon OPNsense after this debacle as it appears quality control is nonexsistent or lazy

No worries. Good luck on whatever other system you choose.

I would rollback to a version prior to 22.7

I would give different advice, and I think it applies to all software in general: never install v1 of a new release chain on a production system - wait for the 1st point release... AKA if 22.7 didn't have something you needed immediately, it would be better to wait for 22.7.x release, or test offline 1st...

I forgot about that!

The vlan exclusion option doesn't show up at all on the configuration screen when on the free version, and I hadn't installed my license yet after the rebuild.

I'll go install my license and exclude the VLANs I want to ignore. Duh on me.

Thanks!

EDIT: Installed my license, and excluded the unwanted VLANs. Thanks again.

I changed around my hardware when moving to 22.1.

Now I have 1 10Gb connection.

LAN - untagged/parent interface
IoT1 - vlan2
IoT2 - vlan3
...

I only want to monitor LAN and IoT1 in Sensei (purely to work around the Sensei device count license restrictions).

Is there away to monitor the parent and EXCLUDE/NOT MONITOR some of the child vlans? Or is it always going to count devices on all child vlans no matter what if you incluide the parent?

If the latter, I will definitely go above 100 devices due to many devices on my IoT2 vlan.

Very true!

$559/yr 100 device SOHO vs $99/yr HOME license is a big leap for just 2 more policies though (at least for this home user)... And $1361/yr for a BUSINESS 100 device license is even further out of reach.

But you are right that they do have other offerings with more capabilities.

It's a great product, and the quality of data categorization is very good based on my review of the data over the past year, I just want to be able to use it MORE as a home user. :)

My subscription ends 11/28, so I thought I would ask one last time...

Are there any plans on adding more policies for the Home license?

If not, then I won't renew. With a main, guest, and IoT vlan + adult vs kid policy needs, I simply can't do what I need in only 3 policies. I expect many other home users that separate IoT, main, and Guest traffic are in the same situation.

Thanks,
Jason

- a few more policies for the home subscription, to make your average network security admin happy, who's coming home from working with Checkpoint and Cisco. This way we could cover the basics, with a policy each for guest, IoT, kids and parents. Plus one or two to experiment with.

This times 1000. ZenArmor identifying traffic is next to useless if you can't actually use that introspection to DO SOMETHING. And with only 3 policies available, you can't do much of anything if you have a main,  guest, and IoT VLAN - which many people do these days...

Throw in kids vs adult policy needs and you definitely can't do what you need in 3 policies... This is 100% a deal breaker/will not renew my subscription issue for me. So I guess after 11/28 you won't have to put up with my complaining any more.

[filtering]

Reporting is better, and it is much easier to setup/maintain as you don't have to micromanage a bunch of lists and FW rules.

If you are OK with existing reporting, and don't mind manually setting up a bunch of lists and keeping them up to date, then that's cool too.

But I will point out that if you want really granular filtering (not just identification/reporting), you can't use Sensei anyway as you only get 3 profiles with the PAID version - default + 2 custom. So if you have >3 "groups" of things to filter with different rules you can't do it in Sensei anyway...

It kind of doesn't matter to me any more. Unless they give us the ability to make more profiles, I couldn't actually do anything useful with more devices in Sensei anyway.

Them being in there is great.... But if I can't make the right policies to do something with them, it is a bit meaningless to me.

As I literally can't filter/control everything the way I need to, this issue will likely be the one that makes me not renew once my year is up.

It's a cool service, but probably isn't going to meet my (or many other home users in this 'enthusiast' category) needs without a few tweaks. So hopefully that happens. Otherwise I'll vote with my wallet and happily move on to something else.

And with no hard feelings, obviously. No product can be everything to everyone, so if it isn't in their business model to give more policies - I can respect that.

Sure it can - just not with the current license restrictions. The limit of 3 policies on the "Home" license was just something they picked - not a technical limitation.

I'm just asking that they consider increasing this to something higher, like 5.

EDIT: And since the scope/applicability on the default policy can't be changed, there are really only TWO policies that can be fully customized, which kind of stinks.