Messages

Do i still need to os-ddclient plugin if I have successfully moved to the OPNSense backend vs the ddclient backend?

Thanks!

Has anyone had success setting up cloudflare with an api token? If so, what's the secret? I got it to work with email address and global api key but I'd rather lock it down to a token that just has dns edit permissions. I've seen some conflicting posts regarding DDClients supportability of cloudflare api tokens.

Franco, Here is one example.
Thanks!

After digging in, its not related to the ACME plugin. I couldn't get external certs to apply either.
I was able to edit the config.xml file and put in the refid of the letsencrypt cert I generated and reloaded webgui. The cert is now in use, but any time I edit the webgui admin settings, I still get the error that the cert is not intended for server use.

I did a fresh install of 21.7 and opted to restore my config by hand instead of xml.
I installed and enabled the acme plugin, registered an account, setup a basic http-01 challenge type, and requested my cert.

When I went to apply it to the webgui, i got an error saying the cert is not intended for server use. when I look at the cert, it shows server: No. How do I get this to issue a cert I can use for the web gui? PS - I'm on the staging environment as I think I've hit my quota against prod.

Thanks.

I know what it is and wouldn't expect it to improve network security other than if the firewall itself was compromised by something that altered the bootloader.

Does opnsense/freebsd support TPM? Just curious as I'm using an Intel PC to run opnsense currently which has both Intel PTT and a TPM 2.0 Header. Wondering if there is any benefit of enabling. Thanks!

I had the same issue. After I cleared the cache in my web browser (edge 91) this started working again

I'm a bit of a noob so I dont know if this is expected behavior or an indication of a problem but going back a few point releases now I see this in the output anytime I check for or install updates

pkg: openjdk8: duplicate dependency listing: fontconfig
pkg: openjdk8: duplicate dependency listing: javavmwrapper
pkg: openjdk8: duplicate dependency listing: java-zoneinfo
pkg: openjdk8: duplicate dependency listing: fontconfig
pkg: openjdk8: duplicate dependency listing: javavmwrapper
pkg: openjdk8: duplicate dependency listing: java-zoneinfo
pkg: openjdk8: duplicate dependency listing: fontconfig
pkg: openjdk8: duplicate dependency listing: javavmwrapper
pkg: openjdk8: duplicate dependency listing: java-zoneinfo
pkg: openjdk8: duplicate dependency listing: fontconfig
pkg: openjdk8: duplicate dependency listing: javavmwrapper
pkg: openjdk8: duplicate dependency listing: java-zoneinfo
Checking for upgrades (55 candidates)......
pkg: jna: duplicate dependency listing: libXt
pkg: jna: duplicate dependency listing: openjdk8
pkg: jna: duplicate dependency listing: libXt
pkg: jna: duplicate dependency listing: openjdk8
pkg: jna: duplicate dependency listing: libXt
pkg: jna: duplicate dependency listing: openjdk8
pkg: jna: duplicate dependency listing: libXt
pkg: jna: duplicate dependency listing: openjdk8
Checking for upgrades (55 candidates)...... done

The 1.8.2 patch fixed the issue with the wg0 interface for me. Thanks for the quick turnaround!

I install the nextdns cli (doh proxy) on my opnsense firewall and have it do ad blocking. I'm pretty new to Sensei still and haven't compared its ad blocking with NextDNS. I have all of the malware filters enabled and most of teh categories except undecided safe and it records a handful of hits per day.

I've already contacted Sunny Valley about this, but thought I'd post here also. After updating to 21.1.4, it appears that Sensei can't read the ip of my wg0 (Wireguard) interface. The packet engine wont start. At Sunny Valley's direction, I removed wg0 from protected interface, and the packet engine starts and runs fine. Looking through the archive logs, I can see where it reads the tunnel interface ip just in 21.1.3, but in 21.1.4, it fails and wont start the service.

I had a power outage today so my att modem and opnsense firewall both came back on at the same time. My modem is in bridge mode. The firewall likely came back much quicker and ended up pulling a private ip from the modem when it finally came back up instead of the public ip it should have pulled. after doing a release/renew, i got the public ip back, but my quesiton is how can I prevent opnsense from pulling a private ip for that interface? I tried the reject leases from option and specified the lan gateway interface of my modem, but that prevented opnsense from even pulling an address.

Thanks!

I'm wanting to spend around $300 for dedicated hardware. I've looked at Protectli and Qotom and for that price both seem like they have components that are either discontinued or several years old. I found this article for a $300 gaming build using a Ryzen 3200G and was wondering if it would be suitable for OPNSense + Sensei and maybe suricata on WAN? This is for home use, ~30 devices. 100Mbps vdsl, but would like it to be capable of gigabit if I upgrade. I've already got a i350-t2 for lan/wan.

https://techguided.com/best-gaming-pc-under-300-dollars/#11

Thanks!

have you looked at Protectli? Its a US based company but they source hw from China
https://protectli.com/product-comparison/