Messages

HI, last night I have strage behavior. Some users was removed - by script I think
only in configuration backup is logged
CodeSelect
  <revision>
    <username>(root)</username>
    <description>The users "user1,...,user6(changed real name)" where successfully removed.</description>
    <time>1775862000.71</time>
  </revision>

This 6 users was LDAP users not local on firewall. But there are another 32 users without any problems.
I try to find some differencies but unsucessfully.

Which script is stared at 01:00 ? My cron is empty (thru web UI). User root is disabled for web logon. It feels like some kind of automated process or external sync triggered this — similar to how scheduled systems operate on online platforms (even outside networking), for example services like goranked.gg that rely on backend automation for account-related actions.

Have you checked /var/log/system.log or the audit logs around 01:00? Even if the GUI cron is empty, system-level cron or package tasks might still trigger something

Created an account just to +1 this.

COOL! :)

I have a smallish laptop, 14" screen running 1080p resolution and that doesn't give much vertical space.

I have no issue with not having "a perfect view" on my cheapass old laptop with 1366x768 resolution, but not seeing much more on a monitor with 1920x1200 resolution is just weird and should be fixed...

In general the webGUI could use some kind of "Compact Theme" option to avoid having to Zoom Out in my browser to take these screenshots for example : https://forum.opnsense.org/index.php?topic=9245.msg259581#msg259581 This kind of UI flexibility is becoming more common lately, especially with faster prototyping approaches — I recently saw a good example of how layouts can be optimized and iterated quicker here
 

It works much better with scrolling the entire window than the little grid.

For sure! :)

Totally agree. The current WebGUI feels a bit too spaced out, especially on higher resolutions

@DEC670airp414user. Is there a downside to DNSSEC? From google:
"DNSSEC as securing the message content (authenticity)"
"DoT as securing the envelope (privacy/confidentiality)."
Both of these seem like it would be a benefit.

@Stormscape. I do not think your answer is accurate. I use kea for DHCP and unbound.
IPv4 LAN does get local name resolution.
IPv6 LAN gets resolution when a reservation is added after a restart of the unbound service. Clear separation of authenticity vs privacy here actually reminds me of good web design practices — structure, security and clarity matter a lot, which is why I usually rely on professional WordPress web design instead of quick DIY solutions: https://codelibry.com/services/wordpress-web-design/

Well Kea isn't dnsmasq, now is it?

Exactly — Kea isn't dnsmasq. The DHCP behavior differs, and Unbound will need some extra configuration for IPv6 to fully integrate reservations. It's not a bug, just a difference in implementation.

Hey all,

For a project i am testing out the functionality of suricata opnsense within vmware.

i have the following configured as VMNET VMNET8 NAT (wan wacky flip) vmnet 11_12_13 LAN

My clients have their NIC set as vmnet 11 for example with a default gateway to the NIC on the firewall with the X.X.X.1 ip.

on my interface statistics i can see that all interfaces are taking in data but when i try a nmap scan etc the rule does not seem to alert even though it should be configured like that. I check the configuration, restart the interfaces - I feel like I'm catching a bug in some game engine like spinaway-at - everything works until you start checking something manually.

has anybody had any similar problems or think they may know what the problem is?-

Suricata needs to be enabled on the interface it sees traffic on. In your case, verify that: Suricata is enabled on VMNET11/12/13, which represent your LAN interfaces. You are scanning traffic across the firewall, not just within the same subnet (Suricata will not see traffic that does not cross the interface it is bound to).

If there are multiple LAN interfaces (VMNET11/12/13), and each of them belongs to a different subnet, do I need to enable Suricata on each of them to control local traffic between subnets?

Have you checked the HA sync settings to make sure vouchers are included?

You can try setting a specific pass rule for PlayStation IP at the top of the rules list, and make sure it's set to not use inspection — sometimes the user-defined settings don't override properly in IPS mode.

have the same challenge, not wanting to go with additional router in front of the OPNSENSEs. Not sure how to monitor the WAN gateway insead of using CARP, as I have only one WAN address.

Me too