Messages

You may be running into the same issue I had with HP T740. Here are instructions on how to get it work.
https://simeononsecurity.com/guides/installing-pfsense-on-hp-t740-thin-client/

Wifi calling works fine with OPNsense, use it daily. It would help if your provide details of your setup and ISP.

Do you have static reservations for dhcp, if you do make sure you exclude them from the subnet range. Learned that one the hard way myself.

So if you are using 192.168.2.120, make sure 192.168.2.120 is excluded from the dhcp pool.

Example in my network I have 192.168.2.2 thru 10 setup as reserved IP's, so my subnet dhcp pool is 192.168.2.11-192.168.2.199.

This is a HIPAA compliance thing, they want to see a report that shows a new address within 15 minutes of it being added. I was thinking a cron script, but wasn't sure if anything was out there currently.

I have a few office's that need the ability to track the mac-addresses attached to their network for audit purposes. The way the some of offices do that today is by a program on the server using LAN sweeper. Is there a plugin for OPNsense to offer similar functionaility?

Is there any way to just reset the system tunables?

Since upgrading to 22.1, I have been seeing this message on the update screen.
pkg: libevent has a missing dependency: openssl

Below is a complete capture of the update check.

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1 (amd64/LibreSSL) at Mon Jan 31 07:20:39 PST 2022
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 779 packages processed.
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: ....... done
Processing entries: .......... done
mimugmail repository update completed. 168 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (2 candidates): .. done
Processing candidates (2 candidates): .
pkg: libevent has a missing dependency: openssl
Processing candidates (2 candidates)... done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

On dedicated hardware, Dell Precision T1700 with 4 port Intel network adapter,  getting  full gig internet up and down, when I was on VM, no way. I was only getting 700/700 up and down.

On proxmox the only way I got it work properly, is a dedicated nic, that wasn't realtek.

The big factors are CPU, memory, and network adapter. I looked at going with the smaller form factor installs, but ended up repurposing an old dell T1700SFF PC. I have it running an Xeon CPU E3-1225 v3, 32GB Memory, with a Dell Intel 350 4 Port NIC Card.

I actually get my 1GB/1GB internet with it, that's without IDS/IPS of course. When I add that it goes down to 700/700.

Thanks for the update.

I was running a security audit and came across this, will this be addressed?

CVE-2020-15078
Overview
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

Detailed description
This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup.

In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account.