Messages

1

24.7 Production Series / Re: os-smart detects wrong device

« on: August 12, 2024, 04:34:24 am »

For those stumbling across this thread via Google, or reading the forums: A pull request has been submitted to the Github at this elegant and finely crafted link. It fixes the issue and so it'll be fixed soon. Still waiting on widget.

2

24.7 Production Series / os-smart detects wrong device

« on: July 26, 2024, 01:01:15 pm »

With 24.7, the os-smart plugin wrongly detects which dev file to query for SMART data for nvme devices, showing the only option as /dev/nda0, instead of /dev/nvme0, resulting in a failure to query the SSD correctly for SMART data.

Of course if you connect via ssh and run smartctl directly against /dev/nvme0, it will correctly return SMART data, but with /dev/nda0 you of course just get this:

Code: [Select]

Smartctl open device: /dev/nda0 failed: INQUIRY failed


3

24.7 Production Series / Re: New Dashboard

« on: July 26, 2024, 12:44:20 pm »

So here's my feedback on the new widgets:
1. The CPU usage graph has too much information. The old widgets just showing the 1, 5, and 15 minute load averages in System Information, and a real time overall usage was perfectly fine. Frankly I don't even know the difference between the graphs on the new CPU usage widget, which seem to be mostly of usefulness to a software developer, and not necessarily a network administrator.
2. There should be more configurability to the widgets. Having to add multiple graph only widgets simply to restore what was previously text line items under System Information feels... clunky? As a result I've got a cluttered screen full of half circle widgets with tiny text underneath each one
3. The disk widget doesn't even show actual space, just a percentage used.
4. The thermal sensors widget, which previously detected thermal sensor names correctly, appears to have buggered up slightly with this update. My PCH temp now detects as a 2nd "Core 0".
5. Overall it feels like a heavy focus on fancy graphs and less of a focus on text, which is fine, but there needs to be an option for people who preferred the old text heavy interface.
EDIT:
6. Just noticed the Services widget doesn't seem to remember its size. If I expand it so all services are visible and click save, when I navigate away and return to the dashboard, it's shrunken in size again so that you have to scroll to view all services.

4

23.7 Legacy Series / Re: Do Hardware Requirements only pertain to Bare Metal Installs? (eg VMs don't care

« on: January 07, 2024, 01:59:26 am »

So here's the thing about WiFi cards: They're designed to be clients, not Access Points. You will have a very bad, but memorable experience if you try to use them as Access Points. Buy a purpose built AP, like an Omada 620.
A router and a NAS should be 2 completely separate appliances, and shouldn't be combined. You don't haul lumber in a Prius, don't store data on your router.

5

23.7 Legacy Series / Re: CVE-2023-48795

« on: December 27, 2023, 09:28:46 am »

As a temporary measure, if you're really that worried about security, simply remove ChaCha20-Poly1305 from the list of allowed ciphers in System -> Settings -> Administration, by changing the Ciphers list to be the CTR and GCM ciphers only, specifically these ones:
aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
Since it's the end of the year right now, it might not be until the new year that updates get issued for FreeBSD, that workaround was advised by Fabian Bäumer, one of the authors of the paper on that attack, so I'd go with that for now.

6

23.7 Legacy Series / Re: RJ45 ports

« on: November 15, 2023, 12:40:02 pm »

As OPNsense uses ports from software ports (not harware or physical ports) from both freebsd as well as openbsd. Which repository in OPNsense or which part of the build process is responsible for assigning physical ports and mapping them with respective physical ports number.

It's the order they're presented on the PCI bus, nothing else. You'd have to contact the hardware manufacturer and have them rearrange the ports on the bus to change this behaviour.

7

23.7 Legacy Series / Re: RJ45 ports

« on: November 11, 2023, 11:11:24 am »

You can't. It's based on the order FreeBSD detects the devices during boot.

8

23.7 Legacy Series / Re: CPU stuck at 100% Please Help!!!

« on: September 02, 2023, 11:53:49 pm »

From the looks of it, there's some sort of problem with Zenarmor. Have you tried turning it off?

9

23.7 Legacy Series / Re: CPU stuck at 100% Please Help!!!

« on: September 02, 2023, 11:33:11 pm »

Let's start with the basics. Under System->Diagnostics->Activity what is the top CPU consumption processes? Under normal circumstances this should be unbound with maybe 2% and l want to say php-cgi with another 1-3%.

10

23.1 Legacy Series / Re: OpnSense keeps crashing(Version 23.1.11 f1305748e)

« on: July 09, 2023, 07:13:47 am »

Yeah, best to return/exchange the RAM as faulty and get a new stick.

11

23.1 Legacy Series / Re: it appears that disabling the root user disables nat?

« on: July 09, 2023, 06:40:49 am »

The correct method for disabling the root account is to lock it, not disable the account. If you disable the account, nothing can run as UID 0.

12

23.1 Legacy Series / Re: Block Top-Level-Domains with Unbound DNS (.zip domain)

« on: June 05, 2023, 11:04:17 am »

So this is how you do it:

First install the custom options plugin from Mimugmail's repository, it's called os-unboundcustom-maxit.

Next, after the plugin is installed, go to Services -> Unbound DNS -> Custom Options and enter the following

Code: [Select]

server:
    local-zone: "zip." always_nxdomain
    local-zone: "mov." always_nxdomain
After you do so, restart Unbound and they'll all be blocked. Remember, the custom options window has no validation, so make sure you've typed everything correctly.