Messages

For those stumbling across this thread via Google, or reading the forums: A pull request has been submitted to the Github at this elegant and finely crafted link. It fixes the issue and so it'll be fixed soon. Still waiting on widget.

With 24.7, the os-smart plugin wrongly detects which dev file to query for SMART data for nvme devices, showing the only option as /dev/nda0, instead of /dev/nvme0, resulting in a failure to query the SSD correctly for SMART data.

Of course if you connect via ssh and run smartctl directly against /dev/nvme0, it will correctly return SMART data, but with /dev/nda0 you of course just get this:

Code Select Expand

Smartctl open device: /dev/nda0 failed: INQUIRY failed


So here's my feedback on the new widgets:
1. The CPU usage graph has too much information. The old widgets just showing the 1, 5, and 15 minute load averages in System Information, and a real time overall usage was perfectly fine. Frankly I don't even know the difference between the graphs on the new CPU usage widget, which seem to be mostly of usefulness to a software developer, and not necessarily a network administrator.
2. There should be more configurability to the widgets. Having to add multiple graph only widgets simply to restore what was previously text line items under System Information feels... clunky? As a result I've got a cluttered screen full of half circle widgets with tiny text underneath each one
3. The disk widget doesn't even show actual space, just a percentage used.
4. The thermal sensors widget, which previously detected thermal sensor names correctly, appears to have buggered up slightly with this update. My PCH temp now detects as a 2nd "Core 0".
5. Overall it feels like a heavy focus on fancy graphs and less of a focus on text, which is fine, but there needs to be an option for people who preferred the old text heavy interface.
EDIT:
6. Just noticed the Services widget doesn't seem to remember its size. If I expand it so all services are visible and click save, when I navigate away and return to the dashboard, it's shrunken in size again so that you have to scroll to view all services.

So here's the thing about WiFi cards: They're designed to be clients, not Access Points. You will have a very bad, but memorable experience if you try to use them as Access Points. Buy a purpose built AP, like an Omada 620.
A router and a NAS should be 2 completely separate appliances, and shouldn't be combined. You don't haul lumber in a Prius, don't store data on your router.

As a temporary measure, if you're really that worried about security, simply remove ChaCha20-Poly1305 from the list of allowed ciphers in System -> Settings -> Administration, by changing the Ciphers list to be the CTR and GCM ciphers only, specifically these ones:
aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
Since it's the end of the year right now, it might not be until the new year that updates get issued for FreeBSD, that workaround was advised by Fabian Bäumer, one of the authors of the paper on that attack, so I'd go with that for now.

As OPNsense uses ports from software ports (not harware or physical ports) from both freebsd as well as openbsd. Which repository in OPNsense or which part of the build process is responsible for assigning physical ports and mapping them with respective physical ports number.

It's the order they're presented on the PCI bus, nothing else. You'd have to contact the hardware manufacturer and have them rearrange the ports on the bus to change this behaviour.

You can't. It's based on the order FreeBSD detects the devices during boot.

From the looks of it, there's some sort of problem with Zenarmor. Have you tried turning it off?

Let's start with the basics. Under System->Diagnostics->Activity what is the top CPU consumption processes? Under normal circumstances this should be unbound with maybe 2% and l want to say php-cgi with another 1-3%.

Yeah, best to return/exchange the RAM as faulty and get a new stick.

The correct method for disabling the root account is to lock it, not disable the account. If you disable the account, nothing can run as UID 0.

So this is how you do it:

First install the custom options plugin from Mimugmail's repository, it's called os-unboundcustom-maxit.

Next, after the plugin is installed, go to Services -> Unbound DNS -> Custom Options and enter the following

Code Select Expand

server:
    local-zone: "zip." always_nxdomain
    local-zone: "mov." always_nxdomain

After you do so, restart Unbound and they'll all be blocked. Remember, the custom options window has no validation, so make sure you've typed everything correctly.