Messages

All of this discussion changes if you move into PTP, no local clocks are solid enough to keep the tolerance over a several hour period. And PTP is another security measure that some places are rolling out, if you aren't on time, you get no access to the requested resource. Also becoming the default sync for audio and video over IP. SMTPE ST2110 leverages PTP heavily, not for security but for signal sync. This replaces things like BlackBurst and Tri-level sync and since it's adaptive, it's more accurate and finer grained too.

Kind of of topic, but something people in IT should be thinking about incase they ever work on system at a TV station. https://blogs.cisco.com/industries/take-your-st-2110-workflow-to-the-next-level

I've had mostly good luck with the lower priced sft1200 Opal model, but I almost never use the wifi on it, and I'm guessing that might be part of it. On an old 750 Slate I used it in access point mode for my lab and it was solid, but again trying to use it to be a wifi client is not something I've done.

I do wish that OPNsense had better wifi support, it would be handy once in a while for things. Pfsense was no better back several years ago when I tried to set it up as an access point and router for my lab. This was with an old HP T620+ with Pro1000 card installed and whatever the onboard wifi card might have been. It's back doing OPNsense duty in my lab so maybe I'll give it a go again or trade out the wifi card for something newer (like from an HP T740, have a pile of those around).

I get why you might want to run a cron to do this, but is it really saving you anything? Even on my lowest power computers I'm not seeing spikes in CPU when it checks ntp servers. Maybe I don't load them enough to see the issue. I also don't see any advantage on my OPNsense, I keep it synced to my GNSS locked NTP server appliance.

The only benefit I can see is if there was an attack on time servers, spoofing a date far forward or far backward could cause real problems with licensing, file shares, secure email and secure web which all depend on "close enough" time sync.

I have seen some really bad internal clocks too, I had one old server that would lose a couple minutes in a day. This is the server that caused me to buy my first GPS NTP server. It also happened to be my Windows AD server which caused all sorts of issues on the domain. It was a good lower end Supermicro x7 series which makes this surprising.

So business edition users on the newest 24.5.3 release should do what to prevent issues for the next few months to a year?

Business is 25.4.3 so is satisfied against the minimums.

I usually put tools like this on an HBCD rescue disk with the drivers needed to operate. I should go through and update my old x520 based stuff to see if anything changes.

I do also have some a+e Intel i226-v cards installed, should probably look at those too.

For those playing along, version 30.1.1 is the last version to list the x520 cards. The Pro1000 stop at an earlier version.

One last edit, does anyone know where I can find the latest version of the user guide in PDF form? I want to put it on my ereader for easier reading. Version 23.5.2 has a complete manual, but it's clearly out of date.

The fear mongering is justified, if it is still writing or has just erased the eeprom, you would end up with an unbootable device. Not sure what the hard recovery process might be, but it could involve a hardware programmer.

system --> firmware --> plugins and install the os-realtek-re plugin to help make the realtek stuff work better. My only experience with this is on one of my firewalls, the built in NIC is Realtek and I only use this for a "management" connection when all else fails. It seems to be solid after installing the plugin but I'm not using it for more than a few hours while setting up the device.

If you were using a USB NIC, I'd say it was overheating. Not sure what is going on. Are you certain it isn't the Adtran device having a problem? Do you have a consumer router you can hook up to do some testing?

If all of that works, I'd be looking at a new mini PC with a different Intel NIC set. The 5105 processor should be fine for a lot of what you are doing, but going up to an n150 might be slightly faster and probably save a few watts of power.

If you decide to either reload the OPNsense OS, or move to a newer mini PC, make sure you save your config file to make it easier to get back up to running. Only thing you might need to edit would be the ethernet interfaces.

Is it possible that whichever DNS service you are using goes out and queries the upstream providers, finds the fastest, and uses that one first for all future requests?

I do not see mine querying multiple servers either, but it does sometimes show switching between the two upstream servers.

I do find it odd that a large number of people do indeed consider this the best (budget or not) router for them. The "the whole thing is garbage" because of one task that you need to handle the long way around is nonsense. If it didn't route, that would be a deal killer, but so many of the features work in a simple way that calling the entire OS worthless because of your issue is not productive.

I run a nice enough lab on a pile of HP T740 thin clients. Currently I have VMware vSphere 8 on some and XCP-ng on others. Firewall is dedicated hardware (currently an HP T620+). Most of the T740 have 64GB of ram installed.

Trying to get a picture attached, but I'm 100kb over the size limit.

OK, that makes sense and a change that can be made without risking bringing the other system down.

FW2 gateway is 172.30.0.1

Didn't have time to look at this yesterday, was on the roof installing a GPS antenna and running cables through the building. Might look into this today.

That's kind of what I thought based on some searching.

I'll unblock it and see what happens, so far nothing has broken with it being blocked.

With it unblocked, I get an empty page, which they aren't supposed to do. Same for the root rfc2549 dot network.

I have a single linux machine that reaches out to newyork.mordor.rfc2549 dot net, it's running Parrot Security. It just starting doing this a little while ago, but not entirely certain when this started. Anyone else seeing this and know what is going on?

If it is useful, I'll want to unblock it, if it is malicious, I'll want to fix the problem. Happening when all users are logged out and generally around midnight local time.

I will add that this is running on hardware I don't specifically trust, which is why it doesn't run the Windows OS that it came with. It's a little AWOW mini PC from Amazon and I've never truly trusted it which is why it has Linux on it with the new drive.

Code Select Expand

{"id":"transport_proto","name":"Protocol","value":"TCP","type":""},{"id":"policyid","name":"Policy","value":"0","type":""},{"id":"cloud_policyid","name":"Cloud Policy","value":"null","type":""},{"id":"cloud_ruleid","name":"ZTNA Rule","value":"","type":""},{"id":"cloud_networkid","name":"Secure Network","value":"","type":""},{"id":"interface","name":"Interface","value":"igb3","type":""},{"id":"vlanid","name":"VLAN","value":"0","type":""},{"id":"conn_uuid","name":"Connection UUID","value":"72314b51-d388-46a3-b3bf-eb8bca71e342","type":""},{"id":"direction","name":"direction","value":"out","type":""},{"id":"src_hwaddr","name":"Source Hardware Address","value":"38f7cdc21a48","type":""},{"id":"src_username","name":"Source username","value":"","type":""},{"id":"ip_src_saddr","name":"Source IP","value":"172.17.2.99","type":""},{"id":"ip_src_port","name":"Source port","value":48478,"type":""},{"id":"src_hostname","name":"Source hostname","value":"172.17.2.99","type":""},{"id":"src_dir","name":"Source direction","value":"EGRESS","type":""},{"id":"dst_hwaddr","name":"Destination Hardware Address","value":"98b7851ea609","type":""},{"id":"dst_username","name":"Destination username","value":"","type":""},{"id":"ip_dst_saddr","name":"Destination IP","value":"23.92.23.177","type":""},{"id":"ip_dst_port","name":"Destination port","value":443,"type":""},{"id":"dst_hostname","name":"Destination hostname","value":"newyork.mordor.rfc2549.network","type":""},{"id":"dst_dir","name":"Destination direction","value":"INGRESS","type":""},{"id":"is_blocked","name":"Block status","value":1,"type":""},{"id":"is_overlay","name":"is_overlay","value":0,"type":""},{"id":"is_local","name":"Local","value":0,"type":""},{"id":"input","name":"Input","value":15,"type":""},{"id":"output","name":"Output","value":15,"type":""},{"id":"src_npackets","name":"Packets Outbound","value":1,"type":""},{"id":"src_nbytes","name":"Bytes Outbound","value":66,"type":""},{"id":"src_pbytes","name":"Source bytes","value":0,"type":""},{"id":"dst_npackets","name":"Packets Inbound","value":0,"type":""},{"id":"dst_nbytes","name":"Bytes Inbound","value":0,"type":""},{"id":"dst_pbytes","name":"Destination bytes","value":0,"type":""},{"id":"src_tcp_flags","name":"Source TCP Flags","value":"","type":""},{"id":"dst_tcp_flags","name":"Destination TCP Flag","value":"A","type":""},{"id":"start_time","name":"Start time","value":"Aug 18, 2025 12:15 AM","type":"timestamp"},{"id":"end_time","name":"End time","value":"Aug 18, 2025 12:25 AM","type":"timestamp"},{"id":"encryption","name":"Encryption","value":"Clear","type":""},{"id":"app_id","name":"Application Id","value":2,"type":""},{"id":"app_proto","name":"Application protocol","value":"Generic TCP","type":""},{"id":"app_name","name":"Application","value":"Generic TCP","type":""},{"id":"app_category","name":"Application category","value":"Generic TCPIP","type":""},{"id":"tags","name":"Tags","value":"[\"Empty Sites\",\"Potentially Dangerous\",\"IP Queried\"]","type":"array"},{"id":"security_tags","name":"Security category","value":"[\"Potentially Dangerous\"]","type":"array"},{"id":"web_actions","name":"Web Actions","value":"[]","type":"array"},{"id":"web_actions_description","name":"web_actions_description","value":"[]","type":""},{"id":"src_geoip","name":"Source Geo IP","value":"{\"timezone\":\"\",\"continent_code\":\"\",\"city_name\":\"\",\"country_name\":\"\",\"country_code2\":\"\",\"country_code3\":\"\",\"dma_code\":\"0\",\"region_name\":\"\",\"region_code\":\"\",\"postal_code\":\"\",\"area\":\"0\",\"metro\":\"0\",\"asn\":\"0\",\"latitude\":0,\"longitude\":0,\"location\":{\"lat\":0,\"lon\":0}}","type":"object"},{"id":"dst_geoip","name":"Destination Geo IP","value":"{\"timezone\":\"\",\"continent_code\":\"\",\"city_name\":\"Hanover (Cedar Knolls)\",\"country_name\":\"United States\",\"country_code2\":\"US\",\"country_code3\":\"\",\"dma_code\":\"0\",\"region_name\":\"\",\"region_code\":\"\",\"postal_code\":\"\",\"area\":\"0\",\"metro\":\"0\",\"asn\":\"0\",\"latitude\":40.821800231933594,\"longitude\":-74.44999694824219,\"location\":{\"lat\":40.821800231933594,\"lon\":-74.44999694824219}}","type":"object"},{"id":"device","name":"Device","value":"{\"id\":\"38f7cdc21a48\",\"name\":\"Device (38f7cdc21a48)\",\"category\":\"other\",\"vendor\":\"other\",\"os\":\"other\",\"osver\":\"\"}","type":"object"},{"id":"remote_device","name":"Remote Device","value":"","type":""},{"id":"community_id","name":"Community ID","value":"1:L+qQEZnEHmHeXx5CDu1yhIr9vx8=","type":""},{"id":"handshake_result","name":"TLS Handshake Status","value":"None","type":""},{"id":"_id","name":"_id","value":"AZi7bQer0L1ylm9tG0an","type":""},{"id":"policy_name","name":"policy_name","value":"Default","type":""},{"id":"rule_name","name":"rule_name","value":"Deleted ()","type":""}