"
You are all A great help. Yes I had ZA and IPS on same interfaces. I changed to ZA on Lan and IPS on WAN. All started and looks good.
Thanks for the help.
Larry
Thanks for the help.
Larry
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
Zenarmor (Sensei) / Re: Something broke
November 30, 2025, 01:56:28 AM
HMMMM Maybe not. IPs won't stay started now
looking at IPS log I get
2025-11-30T00:45:29Errorsuricata[116791] <Error> -- opening devname netmap:igb1-0/R@conf:host-rings=2 failed: Device busy
2025-11-30T00:45:28Warningsuricata[100143] <Warning> -- flowbit 'ET.000webhostpost' is checked but not set. Checked in 2052143 and 0 other sigs
just did another test. IPS runs if Zenarmor engine is stopped Zenarmor engine runs if IPS is stopped looks like both are trying to use same resource and there is a conflict. Am I in the ball park and do I have to choose one or the other or is there a configuration setting I have wrong or did the update change something?
Ideas?
thanks
Larry
looking at IPS log I get
2025-11-30T00:45:29Errorsuricata[116791] <Error> -- opening devname netmap:igb1-0/R@conf:host-rings=2 failed: Device busy
2025-11-30T00:45:28Warningsuricata[100143] <Warning> -- flowbit 'ET.000webhostpost' is checked but not set. Checked in 2052143 and 0 other sigs
just did another test. IPS runs if Zenarmor engine is stopped Zenarmor engine runs if IPS is stopped looks like both are trying to use same resource and there is a conflict. Am I in the ball park and do I have to choose one or the other or is there a configuration setting I have wrong or did the update change something?
Ideas?
thanks
Larry
#3
Zenarmor (Sensei) / Re: Something broke
November 30, 2025, 01:39:45 AM
Ok good to know thanks I learned a bit. Note: I enabled the IPS and Zenarmor engine stayed running. I even stopped and restarted the engine and it stayed running. So I guess I am good.
Thanks for the explanation I thought it was some error.
Larry
Thanks for the explanation I thought it was some error.
Larry
#4
Zenarmor (Sensei) / Something broke
November 29, 2025, 03:44:27 AM
Just after latest opnsense update to
OPNsense 25.7.8-amd64
FreeBSD 14.3-RELEASE-p5
OpenSSL 3.0.18
The firewall would continuously reboot. Left it till next morning and the opnsense was back up. looking at Zenarmor I saw the engine was stopped . I restarted and it immediately shutdown. Looking at the console monitor of the unit see iflib_netmap_config txr 2 rxr 2 txd 1024 rxd 1024 rbufsz. This comes up every time I restart Zemarmor engine. I disabled the IPS service and now engine starts and stays started but the above message persists every time engine starts.
Any Ideas of what is causing this? Note: I did not have this condition before the latest update.
Thanks to the group
Larry
OPNsense 25.7.8-amd64
FreeBSD 14.3-RELEASE-p5
OpenSSL 3.0.18
The firewall would continuously reboot. Left it till next morning and the opnsense was back up. looking at Zenarmor I saw the engine was stopped . I restarted and it immediately shutdown. Looking at the console monitor of the unit see iflib_netmap_config txr 2 rxr 2 txd 1024 rxd 1024 rbufsz. This comes up every time I restart Zemarmor engine. I disabled the IPS service and now engine starts and stays started but the above message persists every time engine starts.
Any Ideas of what is causing this? Note: I did not have this condition before the latest update.
Thanks to the group
Larry
#5
General Discussion / ideas on new install
October 03, 2025, 12:39:43 AM
Hi group,
I've been working on a new Opnsense firewall for my home network.. I had many install challenges getting the basic install working . I am interested in ideas on setting it up for best protection of my home network. So far I have Zenarmor and GEOIP blocking installed and working. Thoughts on intrusion protection and adding Clamav to the firewall. Firewall is a Protectli FW6D with 6 network interfaces. So far only the WAN and LAN are configured. System has 16 Gb of Ram and 500 Gig of storage in a M2 SATA drive.
What is the general consensus of what I should install additionally to give me peace of mind in protecting my home network?
any comments welcome.
Thanks
Larry
I've been working on a new Opnsense firewall for my home network.. I had many install challenges getting the basic install working . I am interested in ideas on setting it up for best protection of my home network. So far I have Zenarmor and GEOIP blocking installed and working. Thoughts on intrusion protection and adding Clamav to the firewall. Firewall is a Protectli FW6D with 6 network interfaces. So far only the WAN and LAN are configured. System has 16 Gb of Ram and 500 Gig of storage in a M2 SATA drive.
What is the general consensus of what I should install additionally to give me peace of mind in protecting my home network?
any comments welcome.
Thanks
Larry
#6
25.7, 25.10 Series / Re: Problem upgrading to 25.7.3
September 15, 2025, 05:34:29 PM
Unit is a Protectli FW6d
\Intel i5 8250U Quad Core with Hyperthreading (8 threads) at up to 3.4GHz (turbo boost)
Also running ZFS
Larry
\Intel i5 8250U Quad Core with Hyperthreading (8 threads) at up to 3.4GHz (turbo boost)
Also running ZFS
Larry
#7
25.7, 25.10 Series / Re: Problem upgrading to 25.7.3
September 14, 2025, 08:36:22 PM
Success update:
After several reinstalls last one was successful. Not sure what made it work only it does now
Any insight to why this was such a painful and long process?
Larry
After several reinstalls last one was successful. Not sure what made it work only it does now
Any insight to why this was such a painful and long process?
Larry
#8
25.7, 25.10 Series / Re: Problem upgrading to 25.7.3
September 14, 2025, 01:32:05 AM
more update:
on console i tried a show panic
got mountroot unable to (re-) mount root.
Where to go from here
on console i tried a show panic
got mountroot unable to (re-) mount root.
Where to go from here
#9
25.7, 25.10 Series / Re: Problem upgrading to 25.7.3
September 14, 2025, 01:12:53 AM
Update:
Tried to do update again. Looked good so far lots of stuff upgraded no problem at this point . then checked for updates system may have missed . only Base and kernal both came up. I told it to update then system again rebooted in middle but this time system is corrupted and will not boot up into operating system anymore
Pulling out hair at this point
LArry
Tried to do update again. Looked good so far lots of stuff upgraded no problem at this point . then checked for updates system may have missed . only Base and kernal both came up. I told it to update then system again rebooted in middle but this time system is corrupted and will not boot up into operating system anymore
Pulling out hair at this point
LArry
#10
25.7, 25.10 Series / Re: Problem upgrading to 25.7.3
September 14, 2025, 12:47:05 AM
Just tried a fresh install. Install went fine. Then I went to update the system. obviously it found many to update.
on the first update when working on extracting first file it crashed and rebooted. tried again same result. Note: same behavior when I tried to update first installation to 27.7.3
Any Ideas??
on the first update when working on extracting first file it crashed and rebooted. tried again same result. Note: same behavior when I tried to update first installation to 27.7.3
Any Ideas??
#11
25.7, 25.10 Series / Re: Problem upgrading to 25.7.3
September 13, 2025, 06:47:07 PM
Here is a sampling of what I found
The .35 address is my computer no other devices on this LAN
All the errors have the same no active user etc.
2025-09-13T16:38:52Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:52Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:51Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:51Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:40Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:38Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:38Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:28Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:28Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:37:58Errorauditno active session, user not found (called "/ui/core/dashboard" @ 192.168.1.35)
2025-09-13T16:37:50Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)
2025-09-13T16:37:50Errorauditno active session, user not found (called "/api/diagnostics/traffic/interface" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/routing/settings/search_gateway" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/core/service/search" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/diagnostics/traffic/interface" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/routing/settings/search_gateway" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/core/service/search" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/diagnostics/system/system_resources" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)
The .35 address is my computer no other devices on this LAN
All the errors have the same no active user etc.
2025-09-13T16:38:52Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:52Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:51Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:51Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:40Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:38Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:38Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:28Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:28Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:37:58Errorauditno active session, user not found (called "/ui/core/dashboard" @ 192.168.1.35)
2025-09-13T16:37:50Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)
2025-09-13T16:37:50Errorauditno active session, user not found (called "/api/diagnostics/traffic/interface" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/routing/settings/search_gateway" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/core/service/search" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/diagnostics/traffic/interface" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/routing/settings/search_gateway" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/core/service/search" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/diagnostics/system/system_resources" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)
#12
25.7, 25.10 Series / Problem upgrading to 25.7.3
September 13, 2025, 02:41:30 AM
Tried to upgrade to 25.7.3 . each time when the status shows as follows
Installed packages to be UPGRADED:
opnsense: 25.7.2 -> 25.7.3_7 [OPNsense]
os-sensei: 2.0.7 -> 2.0.8 [SunnyValley]
Number of packages to be upgraded: 2
[1/2] Upgrading os-sensei from 2.0.7 to 2.0.8...
[1/2] Extracting os-sensei-2.0.8: .........
then unit reboots and doesn't complete upgrade
Tried to do upgrade multiple times with no success
Any ideas on why this is happening
?
Larry
Installed packages to be UPGRADED:
opnsense: 25.7.2 -> 25.7.3_7 [OPNsense]
os-sensei: 2.0.7 -> 2.0.8 [SunnyValley]
Number of packages to be upgraded: 2
[1/2] Upgrading os-sensei from 2.0.7 to 2.0.8...
[1/2] Extracting os-sensei-2.0.8: .........
then unit reboots and doesn't complete upgrade
Tried to do upgrade multiple times with no success
Any ideas on why this is happening
?
Larry
#13
General Discussion / Re: new install problem adding adguard
September 03, 2025, 02:56:41 AM
Yes I figured it out. I missed the box to show community plug ins . So simple but I missed it. Thanks for listening.
LArry
LArry
#14
General Discussion / new install problem adding adguard
September 01, 2025, 03:12:37 AM
I have been trying to install Adguard
first added the repository with the command fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
then did a pkg update command. got following response
root@OPNsense:~ # pkg update
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
all seemed fine till I went to the opnsense GUI and looked for it in plugins . no joy. I tried a reboot nothing I tried to repeat still no evidence of Adguard and it cannot be found. AS I am fairly new I am probably missing something
Any ideas welcome
Thanks
regards
Larry
first added the repository with the command fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
then did a pkg update command. got following response
root@OPNsense:~ # pkg update
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
all seemed fine till I went to the opnsense GUI and looked for it in plugins . no joy. I tried a reboot nothing I tried to repeat still no evidence of Adguard and it cannot be found. AS I am fairly new I am probably missing something
Any ideas welcome
Thanks
regards
Larry
#15
General Discussion / Re: Udating problem
August 09, 2024, 01:34:59 AM
Too Soon to rejoice!
OS updated fine but Clamav and Zenarmor doesn't seem to be able to update.
Here is a log message I got from Clamav after update failed
Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: Connection refused
Larry
OS updated fine but Clamav and Zenarmor doesn't seem to be able to update.
Here is a log message I got from Clamav after update failed
Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: Connection refused
Larry
