Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Nullman

#1
Quote from: Greg_E on June 18, 2026, 08:10:01 PMI'd have to look it up, still hasn't arrived. I can tell you what ECC server ram costs, been pricing out storage servers and it's just stupid high. I could have beaten the cost buying from different places, but not by enough to make it worth my time, that's why we have approved vendors. I think the price I put together was around $850-$875 and then I have no leverage if there is a problem.
I dont want to talk about it. Its depressive.

Quote from: Greg_E on June 18, 2026, 08:10:01 PMIf the firmware gives me problems, I'll go back to the reseller and have them push the manufacturer to fix it. Protectli did suggest Coreboot over the AMI BIOS, so I'll set that up when it arrives.
You dont need to go to reseller. Protectli provides flashli tool that you can start from live ubuntu linux. Its a simple python script that will detect your device and then offer AMI or coreboot bios. You can switch back to AMI any time. Or vice versa. Tool is located here and it is official tool: https://github.com/protectli-root/protectli-firmware-updater

Quote from: Greg_E on June 18, 2026, 08:10:01 PMNow here's the part that I found really interesting... The Protectli devices are on government contract, they are being used a bunch of places that we don't know about.
That should not be a problem because they have open source bios.

Quote from: Greg_E on June 18, 2026, 08:10:01 PMModel is VP4650 with six i226 ports
Single DDR5 16GB of ram was nearly $200usd, $60 for a small NVME, and $35 for a rack shelf. That puts the rest at around $6xx. I don't have the actual invoice in hand yet.

Thats a beast.
#2
26.1, 26,4 Series / Re: CVE-2026-45257
June 15, 2026, 03:06:47 PM
Quote from: Patrick M. Hausen on June 15, 2026, 03:00:33 PMAlso you do not need to install nano to edit a file. Both vi and ee (the "easy editor") are available out of the box.

Whos going to explain to absolute beginners that quitting and saving your changes requires pressing Esc key and then : and typing wq. Im trying to make these instructions as simple as possible for everyone. But the easiest way is what Cedric recommended.
#3
26.1, 26,4 Series / Re: CVE-2026-45257
June 15, 2026, 02:57:23 PM
Quote from: Monviech (Cedrik) on June 15, 2026, 02:38:06 PMYou can just as well use the GUI to set this tunable, no need for SSH.

System: Settings: Tunables

I didnt know that. Thank you Cedrik.
#4
26.1, 26,4 Series / Re: CVE-2026-45257
June 15, 2026, 01:25:00 PM
Quote from: franco on June 15, 2026, 12:31:35 PM26.1.10 is being released later this afternoon.


Cheers,
Franco

Thank you Franco.

For those impatient and paranoid you can patch manually. Enable SSH on your OPNSense box, connect, and go to shell by pressing 8 and type this.

pkg install nano && nano /etc/sysctl.conf
And add this at the end of the file

kern.ipc.mb_use_ext_pgs=0
Press Ctrl+X and chose Y to save your changes. And then uninstall nano if you wish.

pkg remove nano
You can reboot to make this change take effect, or if you dont want to reboot, just type:
sysctl -w kern.ipc.mb_use_ext_pgs=0
All done.

Dont forget to disable SSH if you dont need it.
#5
26.1, 26,4 Series / Re: ASN in alias.
June 14, 2026, 11:55:47 AM
Quote from: franco on June 14, 2026, 11:29:27 AMASN and GeoIP refresh intervals are hardwired to 24 hours.


Cheers,
Franco

Perfect. Thank you Franco. And i also must add. Whoever created this ASN in alias capability is absolute legend.
#6
26.1, 26,4 Series / Re: ASN in alias.
June 13, 2026, 12:10:41 PM
Quote from: sopex on June 13, 2026, 12:04:13 PMGo to cron jobs and add an "Update and reload firewall aliases" job every day or whenever you see fit.

That was not my question. I want to know if they are updated automatically, or i have to intervene?
#7
26.1, 26,4 Series / [SOLVED] ASN in alias.
June 13, 2026, 11:54:39 AM
I created alias with several ASNs and i put that in firewall rules. Everything is working as expected. My question is, what happens if new IP blocks are added to those ASNs? Does alias get updated automatically, or alias triggers whois every time rule with that alias gets triggered ? Or something else?
#8
Quote from: Greg_E on June 12, 2026, 05:41:49 PMI ended up with a Protectli box, everything else was just too much money.
Which model did you get? I hope you got the older FW series.
#9
Quote from: donkeydiq on June 09, 2026, 05:06:37 PMSO i am by no means a netwrok tech orr computer certified anything. But I have been sort of teaching myself linux and playing with SBC;s. Just kind of seeing where it takes me.  SOO then I wanted to improve my home lab security with a firewall appliance,  I did a little reading and i goot a lanner nca1515. The nicer one with 8 nics and 32 gb ram 500 gb drive intel denverton cpu. I cannot get the damn thing sertup, I have watched hours of videos, spent 40 hours beating my head against the wall. I am completely lost. I dont know whatr i am missing bhetween lan and wan. but im stuck and ready to break the thing. I have never posted in an eleectronics or network seecurity forum before but ill doo my best to include all of the  things,
Gateway- At&T BGW320? Lanner NCA1515, goalake * nic POE smanged switch, I haVE my gaming rig running pop os, my mc book air, I have prox mox installed on the lanner bnox and opnsense spun up as a vm, like i siad i have no foormal teaching just what i am very slowly trying to learn.  IT would be amazing if someone could give me a hand or point me in the right direction.  But I caNT GET THE TO ROUTE TRAFFIC.  I can get into the web UI, i make it through the wizasrd and theen thats it, no more,.  and even when i can get back into the web ui it isnt activly rouitiign any traffic. the graphs and bars are barely doing naythign all my connected deevices just sit there and laugh at me,  ANywayss.  Thank you in advance
You need to invest more time in your home lab. And that could be a problem if you have full time job and family.
#10
Quote from: lumilumi on June 09, 2026, 01:22:20 AMhow do I configure the settings in order for the mini pc to "send the internet"  to the openwrt one, so that the openwrt one can be my wifi access point?

You have  choices. Each one requires OpenWRT one operating in AP mode.

1. You connect OpenWRT one to your existing LAN port.
2. You configure another port/subnet on opnsense box and connect your OpenWRT to that port.

Number 2 is proper way of doing thigs.
#11
Quote from: lumilumi on June 06, 2026, 06:06:13 AMin all honesty - is there anyone around who has used something like this method before that would be willing to walk me through it?
Not only i use it every day for the last 12 years, i implemented such solutions to a lot of people. And they use it for many years not even thinking about it.
Quote from: lumilumi on June 06, 2026, 06:06:13 AMis it complicated for a networking newbie?
Its not complicated. Once you figure out how to configure interfaces in opnsense, you are pretty much set. How are you going to configure your access point depends on what that device actually is.
Quote from: lumilumi on June 06, 2026, 06:06:13 AMI have already set up opensense box on a mini pc (and gone through some of the settings / watched many tutorials / learned a lot about networks)
In this case, the most complicated part for a newbie would be configuring additional port on opnsense to work on a different subnet. Once you do that, you just attach access point to that port, and you are done.
Quote from: lumilumi on June 06, 2026, 06:06:13 AMI have just never worked through using a wireless access point (I feel so old fashioned, lol)
Its because there are endless ways on how you can do this. Not all of them are correct though. Especially if security and performance are your priority. Just because some solution works doesnt mean its implemented correctly.
Quote from: keeka on June 06, 2026, 08:00:03 AMMuch of it is new to me also but in my unqualified opinion an opnsense router coupled with openwrt access point(s) is an appealing combo for a home user. You are able to re-purpose your existing gear or buy cost effective secondhand and there is ample documentation on both. I have a couple of meraki units, running openwrt in 'dumb AP mode', connected via a small managed switch.
Repurposing your old gear is nice if your gear comes from reputable manufacturer that does things correctly,. OpenWRT is great. I love it. However, running OpenWRT on TP-Link is not the same as running it on Cisco Meraki. TP-Link has critical flaws in its hardware and how it handles its port during device booting. Cisco Meraki has no such issues. And lets not even go into build quality and internal hardware choices.

Quote from: keeka on June 06, 2026, 08:00:03 AMYou can in theory connect the APs directly to the opnsense box, but this can lead to interface issues on the router side. Check out the openwrt guides for access point only mode. Then consult the docs here for opnsense vlans.
You just need to make sure that your wireless device is working in AP mode. Avoid running wireless devices in router mode because then you have NAT and additional DHCP server which are not needed in this case.
#12
Quote from: nero355 on June 05, 2026, 05:55:01 PMYou have now basically told me NOTHING...
I was not talking to you.

Quote from: nero355 on June 05, 2026, 05:55:01 PM- Provide a link to the specific sub-forum or topic there.
- Specify what is going on exactly and what I will read there in short.

Then I might actually take the effort to do so ;)



FYI :
I think I have read enough in the past about their Omada stuff and some regular Routers/Switches/Accesspoints to know if it's a good or bad brand, but feel free to proof me wrong! :)
No.
#13
So I think I found the culprit:
[/quote]

These results are quite confusing. S.M.A.R.T parameters are clearly indicating that SSD is pretty much dead. Confusing part is the fact that machine still crashed running Debian live. This indicates another issue beside dead drive.
#14
Stay away from TP-Link garbage !!!! Check level-1 tech forums if you want to see why.
#15
Quote from: vpx on June 05, 2026, 03:05:18 PMThat Sophos UTM firewall appliance is at least 10 years old, where did you buy it?
I see no problem with that as long as it works. Its a very solid machine built with hq components.

Quote from: vpx on June 05, 2026, 03:05:18 PMWhat's the state of the other Intel SSD in the RAID1 configuration?
There is no other drive and there is no RAID. He has single SSD.