"
I updated to 25.1.6 and checked the xz version. It's still 5.4.5.
Do we have any ETA for the roll-out of a fixed version?
Do we have any ETA for the roll-out of a fixed version?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
25.1, 25.4 Production Series / Re: Suricata log details empty
May 09, 2025, 11:09:39 PM
I can confirm that the log viewer still doesn't work.
On a side note, the dates in the drop-down menu are not sorted chronologically. It's not new, this "bug" has been around for quite some time. However, I wonder if there are any plans for fixing this?
On a side note, the dates in the drop-down menu are not sorted chronologically. It's not new, this "bug" has been around for quite some time. However, I wonder if there are any plans for fixing this?
#3
25.1, 25.4 Production Series / Re: xz / liblzma version
April 30, 2025, 09:18:32 PMQuote from: Patrick M. Hausen on April 28, 2025, 06:05:14 PMI doubt in a firewall appliance context anyone will be able to feed untrusted data to liblzma.
I am also not overly concerned about this bug. However, just out of curiosity, what are the file types of e.g. Suricata rule updates or DNS block lists that OPNSense downloads regularly? I'd assume they are provided as .gz rather than .xz.
#4
25.1, 25.4 Production Series / Suricata log details empty
April 13, 2025, 11:41:16 AM
Hi forum,
Since the upgrade to 25.1.5, I cannot see any details of my Suricata logs. When clicking on an entry in the log, I just get an empty pop-up.
Clearing the browser cache does not help.
Any ideas are much welcome.
BR
Since the upgrade to 25.1.5, I cannot see any details of my Suricata logs. When clicking on an entry in the log, I just get an empty pop-up.
Clearing the browser cache does not help.
Any ideas are much welcome.
BR
#5
24.7, 24.10 Legacy Series / CUPS vulnerability
September 28, 2024, 11:25:44 AM
I did my homework before asking. No CUPS package to be found in OPNsense and no port 631 listening.
However, since *BSD is potentially affected, I would like to confirm that there is indeed no risk for OPNsense. Could any third-party package install CUPS?
Thank you.
However, since *BSD is potentially affected, I would like to confirm that there is indeed no risk for OPNsense. Could any third-party package install CUPS?
Thank you.
#6
23.7 Legacy Series / Re: After upgrade to 23.7.7_3 - link down/up - and after that NO connection outside
November 06, 2023, 08:20:41 PM
Thanks, franco, for the hint. I will check at my earliest convenience.
#7
23.7 Legacy Series / Re: Unbound not resolving Microsoft domains
November 06, 2023, 08:18:11 PM
I haven't dug into this topic too much but I also notice that many Microsoft domains do not resolve on my internal network. Lookups on OPN directly work.
Example: g.msn[.]com
I was hoping that some update would fix that issue...
Example: g.msn[.]com
I was hoping that some update would fix that issue...
#8
23.7 Legacy Series / Re: After upgrade to 23.7.7_3 - link down/up - and after that NO connection outside
November 06, 2023, 08:07:44 PM
Hi forum,
I can completely confirm this issue.
After switching on a PC that is directly connected to one of the OPN ports, it takes approx. 10 minutes for the external network connection to become available. Connection to the OPN interface works, as does e.g. DNS. So it's not an issue on the "pc side" of the network.
All other physical OPN ports are not affected and continue to function as normal.
The only log entries that appear around the time the network starts to work are those:
SYSTEM/LOG/GENERAL
Notice root reload filter for configured schedules
Notice kernel <6>igb1: promiscuous mode disabled
Notice kernel <6>igb1: promiscuous mode enabled
This has only started after upgrading to 23.7.7_3.
Any ideas are much appreciated.
I can completely confirm this issue.
After switching on a PC that is directly connected to one of the OPN ports, it takes approx. 10 minutes for the external network connection to become available. Connection to the OPN interface works, as does e.g. DNS. So it's not an issue on the "pc side" of the network.
All other physical OPN ports are not affected and continue to function as normal.
The only log entries that appear around the time the network starts to work are those:
SYSTEM/LOG/GENERAL
Notice root reload filter for configured schedules
Notice kernel <6>igb1: promiscuous mode disabled
Notice kernel <6>igb1: promiscuous mode enabled
This has only started after upgrading to 23.7.7_3.
Any ideas are much appreciated.
#9
23.7 Legacy Series / Re: Unusual Issue
September 14, 2023, 09:51:57 PM
Hi fbtanner,
I guess we need more details on your configuration. However, if your OPN's LAN IF has 10.8.0.1/16, there is no such thing as a 10.8.1.0/?? subnet. The only network you have is 10.8/16.
My first guess is that you have configured 10.8.x.0/24 networks on your hosts which will not work as expected.
Any 10.8.x.0/24 where x!=0 will not have a route to your OPN box.
I guess we need more details on your configuration. However, if your OPN's LAN IF has 10.8.0.1/16, there is no such thing as a 10.8.1.0/?? subnet. The only network you have is 10.8/16.
My first guess is that you have configured 10.8.x.0/24 networks on your hosts which will not work as expected.
Any 10.8.x.0/24 where x!=0 will not have a route to your OPN box.
#10
23.7 Legacy Series / Firewall rule not working as expected
September 14, 2023, 09:45:41 PM
Dear forum,
I'm a bit puzzled.
I have a firewall deny rule that blocks access to a particular domain by means of an alias that I have created for that domain.
The rule has been working fine for months. Then I observed that the domain is accessible all of a sudden. I didn't touch the firewall config. For debugging purposes, I enabled logging for the rule in question and, voila, the rule works again as it should.
Any hints are much appreciated.
Thanks,
adk
I'm a bit puzzled.
I have a firewall deny rule that blocks access to a particular domain by means of an alias that I have created for that domain.
The rule has been working fine for months. Then I observed that the domain is accessible all of a sudden. I didn't touch the firewall config. For debugging purposes, I enabled logging for the rule in question and, voila, the rule works again as it should.
Any hints are much appreciated.
Thanks,
adk
#11
22.7 Legacy Series / Static DHCPv4 hogging memory?
December 31, 2022, 10:09:11 AM
Hi forum,
I am on 22.7.10_2. Yesterday, I configured some static DHCPv4 mappings. With every entry in the mapping table, my memory use increased. After having created three entries, something had hogged all my free memory (6GB) and filled up my entire swap.
Rebooting fixed the issue and everything was back to normal.
Creating more static mapping entries reliably reproduced the issue.
Is this a known bug?
Regards,
adk
I am on 22.7.10_2. Yesterday, I configured some static DHCPv4 mappings. With every entry in the mapping table, my memory use increased. After having created three entries, something had hogged all my free memory (6GB) and filled up my entire swap.
Rebooting fixed the issue and everything was back to normal.
Creating more static mapping entries reliably reproduced the issue.
Is this a known bug?
Regards,
adk
#12
22.1 Legacy Series / Re: cyrus-sasl
March 01, 2022, 10:51:20 PM
I also noticed the vuln in the security audit.
However, the really interesting questions are:-
* Is OPNsense vulnerable in its default configuration?
* Are there any mitigation measures?
* Is access to the web UI needed or are there also other attack vectors?
Any feedback is much appreciated.
However, the really interesting questions are:-
* Is OPNsense vulnerable in its default configuration?
* Are there any mitigation measures?
* Is access to the web UI needed or are there also other attack vectors?
Any feedback is much appreciated.
#13
General Discussion / time-boxed internet access for certain MACs or IPs
February 16, 2022, 06:47:50 PM
Dear forum,
I am trying to implement time-based restrictions for some IPs on my network that can be bypassed with a password or similar. I.e. for normal users, internet access should be terminated at a certain time. For some users, though, it should be possible to bypass this restriction. However, I haven't found a viable solution yet.
Time-triggered firewall rules do not appear to be suitable since they cannot be bypassed.
A captive portal is also not ideal as it is AFAIK always active.
Setting up a VPN server just for a few internal IPs to bypass time-based restrictions seems to be a bit over the top :).
Any suggestions are highly welcome.
Cheers,
adk
I am trying to implement time-based restrictions for some IPs on my network that can be bypassed with a password or similar. I.e. for normal users, internet access should be terminated at a certain time. For some users, though, it should be possible to bypass this restriction. However, I haven't found a viable solution yet.
Time-triggered firewall rules do not appear to be suitable since they cannot be bypassed.
A captive portal is also not ideal as it is AFAIK always active.
Setting up a VPN server just for a few internal IPs to bypass time-based restrictions seems to be a bit over the top :).
Any suggestions are highly welcome.
Cheers,
adk
#14
General Discussion / Re: Blocking youtube
February 16, 2022, 06:38:28 PM
Thanks, mimugmail.
I had tried something similar before and created aliases for yt. It worked but was a bit flaky. Sometimes connections would succeed but most of the time they were blocked.
Just wondering why the DNS blocklist does not work. All the others seem to be working fine.
Cheers,
adk
I had tried something similar before and created aliases for yt. It worked but was a bit flaky. Sometimes connections would succeed but most of the time they were blocked.
Just wondering why the DNS blocklist does not work. All the others seem to be working fine.
Cheers,
adk
#15
General Discussion / Blocking youtube
February 15, 2022, 08:11:20 AM
Hello forum,
I have been testing various DNS blocklists in unbound. I noticed that the Facebook blocklist seems to work fine whereas the Youtube blocklist does not seem to have any effect. Does anyone have an idea why this is?
Cheers,
adk
I have been testing various DNS blocklists in unbound. I noticed that the Facebook blocklist seems to work fine whereas the Youtube blocklist does not seem to have any effect. Does anyone have an idea why this is?
Cheers,
adk
