Messages

Thank you for the invite!  So far, everything is working great.

There's some inconsistency between the install guide and the actual install (i.e. the firewall alias name, etc.) but nothing that wasn't simple enough to understand.

I echo the above - would be great to have a button to auto-create floating in/out rules rather than doing so manually, but the task really is not difficult.

For others, I also inquired and IPv6 is indeed supported and in the IP lists.  It's obviously clear that there's a lot less malicious traffic on V6, but I still love the idea of blocking it where I can.

One thing that was interesting (for me) was adding logging to the rules.  As they are floating rules, they apply before my interface rules, so I'm seeing lots and lots of blocking going on that I really wasn't seeing previously (as I don't have logging turned on for the default "block in all" rule on my WAN.

Dang is it hostile out there.

I'd be interested in trying the Q-Feeds plugin as well, if there's still room.

Not doing much publicly but to protect my home LAN and some small services.

Thanks!

Soon ;) https://github.com/opnsense/core/pull/7749

Finally the world is catching up to Solaris circa 2011... ;-)

(BEs are a thing of absolute glory, for the record.)

Disagree.  I have a half dozen VLANs, a set of LAGGs and no issues.  Upgrade was easy.

Are you using the "VGA" or "Serial" version of the OPNsense image to start with?

I had similar issues using the VGA image ... had to use serial, and then I didn't get those same hangs.

I already had a USB key made up for a different box with the VGA image .. didn't think twice about it, but made a tremendous difference.

I wish I had a better suggestion.  The only thing I can consider is maybe to pull the SFPs out of ax0/ax1, and see if it finishes the boot.  Then possibly patch 23.7 to current if that works.

Worth a try?

Are you using the "VGA" or "Serial" version of the OPNsense image to start with?

I had similar issues using the VGA image ... had to use serial, and then I didn't get those same hangs.

I already had a USB key made up for a different box with the VGA image .. didn't think twice about it, but made a tremendous difference.

Replying to myself, but appears I'm back under control.

I was using the vga OPnsense image; that appears to have some bad interactions with the axp driver.  Reloaded with the serial image and so far, so good.  Looks like we're approaching stable!

Hi all -

Have a brand new, out of the box DEC2752, and I'm having big issues with it.

Basically, configuration goes OK right until I try to use the ax0/ax1 interfaces for anything.  Once I enable those interfaces - I have all kinds of odd issues.   The links come up but never pass traffic.  I've tried multiple SFP+ modules - both fiber and copper - to no avail.

To make it worse, not only do the connections not work, but I also end up with serial console port issues.  The console port stops giving me output.  If I then reboot the box, the boot sequence seems OK right until it outputs the IP assignments ... as it's printing the SSH SHA256 fingerprints, the console comes to a full hang.

This is really, really problematic.

I did a full reinstall of OPNsense - both the business and the community versions - to absolutely no avail.

Any ideas?  Is there something I'm missing about these AMD chipsets?

I'm really stuck right now.

I do not believe that to be the case at all.

The SFP+ ports are driven by the AMD network driver (app) and the copper ports are driven by an Intel i210 chip.

No reason they can't be used concurrently.

Upgrade went perfectly well.

Took the opportunity to update my boot drives from 120gb to 250gb SSDs and move from UFS to ZFS.

Popped the old disks out, put the new drives in, installed 23.7, restored my config, and back in business.

Fantastic job.  Only issue I ran into was reconfiguring Tailscale, but that was my fault - I was too lazy to pull the config from the 23.1 boot disks.

It's coming ... support built into the next release of the os-acme-client plugin.

You must be on Verizon Fios.

The OPNsense 23.1.x series has introduced some radvd issues that've affected us.  Try restarting the radvd process and I bet it'll start handing out IPs.