I suppose this is now answered with more detail here https://forum.opnsense.org/index.php?topic=52307.msg269775;boardseen#new so no need to repeat.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Show posts MenuQuote from: philippe_crowdsec on July 02, 2026, 11:25:49 AM@cookiemonster: I'm interested in the discussion about CrowdSec.Hi @philippe_crowdsec - thanks for the note. I will keep it short here so as to not hijack the thread. Yes those are free but my _main_ issue is that the integration was limited and was never advanced. The note since 2024 if I'm not mistaken is:
The product is free (security engine, scenarios, vpatch, WAF rules, Claude skill, etc.) and is MIT-licensed.
A blocklist is shared amongst users who share signals, for free, and many more are also free of charge.
There is 0 cost on the OpnSense integration.
So I'd be interested to understand your feelings better (or maybe it's about the SaaS console)?
If you have time and the will to discuss this, please PM me.
QuoteAt the moment, the CrowdSec package for OPNsense is fully functional on the command line but its web interface is limited; you can only list the installed objects and revoke decisions. For anything else you need the shell or the CrowdSec Console.Which means most of the existing and new functionality is unmanageable from the plugin. For instance I can't use SPOA for haproxy on OPN when using the OPN haproxy plugin.
Quote from: thelittleblackbird on June 27, 2026, 12:42:34 AMhere you have it, in the attached file.If you have set RSS for that performance, it might need revisiting. Maybe it does not help and is detrimental in your case.
I tried to implement the tunnable described in the opnsense documentation about performance:
https://docs.opnsense.org/troubleshooting/performance.html
if you need something else just ask
thanks
Quote from: newsense on June 25, 2026, 08:26:06 PM>>> Avoid Server Certificate Lifetimes > 397 DaysSo is this not going counter to the 397 days advice above? Asking because last time i was on this, the amount of effort I put into in vain was high.
Or simply use your own certificate that can be issued from OPNSense, and enjoy 730 days of certificate validity. This is the hard limit from Apple for private/enterprise CAs
As long as you're controlling everything else on your VPN/devices importing your own CA everywhere is a no brainer.