Messages

1

24.7 Production Series / Re: UPnP - Universal Plug and Play Installation

« on: November 13, 2024, 07:41:18 pm »

That's the default package message (not from OPNsense but the package itself), you can safely ignore it and configure using the GUI.

2

Tutorials and FAQs / Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS

« on: October 25, 2024, 08:12:46 pm »

For now, either close the ssh connection after initiating a restart, or use "configctl caddy stop" since it has a mechanism that will kill caddy after 20 seconds.

Many thanks!

3

Tutorials and FAQs / Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS

« on: October 24, 2024, 08:58:09 pm »

I have caddy configured as a reverse proxy for the OPNsense GUI and as a SSH multiplexer, more or less according to the docs found here: https://github.com/opnsense/docs/blob/11e66816989bb12633e01e144ebf42b11508755a/source/manual/how-tos/caddy.rst

Unfortunately, I am having an issue where it prevents system reboots, both from the GUI and from the CLI menu (option 6). The rebooting hangs on shutting down caddy, which apparently never happens. The only thing that currently works is issue a 'shutdown -r now' from the CLI. The log files aren't giving me much direction how to go about investigating this. Any tips or advice?

4

Zenarmor (Sensei) / Re: Zenarmor Incorrect Device count and detection

« on: October 22, 2024, 09:15:23 am »

Maybe it's better to submit a call with their support department so they can investigate more thoroughly because they have access to your log files and such. I submitted a similar issue and I'm currently running the 1.18 beta which has fixes for this, as well as for the same devices being recognized multiple times with different IP addresses due to DHCP (both private range and 169.254.x.x).

5

24.7 Production Series / Re: PSA: Test kernel with Intel fixes is available for testing

« on: October 20, 2024, 03:46:59 pm »

Seems to work fine here, hardware is I211/igb https://bsd-hardware.info/?probe=85f998d2ab

6

Zenarmor (Sensei) / a way to submit URLs for (re)classificitation by Zenarmor?

« on: October 01, 2024, 10:57:49 am »

I recently came across the website https://www.unibet.nl/ which is apparently one the larger gambling websites in my country. Unfortunately this wasn't recognized by Zenarmor.
Every once in while I come across an URL which isn't categorized or is categorized wrongly.
This leads me to the more general question: what is the preferred way of submitting these cases for (re)classification?

7

Zenarmor (Sensei) / Re: Does OPNsense with IDS/IPS/Other takes full advantage of multi-core CPUs

« on: September 22, 2024, 07:48:33 pm »

Unfortunately, ZenArmor is still optimized for single-core performance, and full multi-core support has been a long-standing request. There have been some tentative promises in this regard, but the delivery date continues to be delayed.

8

Zenarmor (Sensei) / Re: Please verify and reclassify www.hamrick.com

« on: September 21, 2024, 07:46:46 am »

I’m using the paid (Home) version, and the site is being blocked because it's classified as 'Botnet C&C.' It’s possible that your current policy doesn’t block this, or this setting might not be available in the free version.

9

Zenarmor (Sensei) / Re: Please verify and reclassify www.hamrick.com

« on: September 19, 2024, 08:17:26 pm »

Here they are, the source IP is just a 192.168.1.x address as is visible in the screenshots.

10

Zenarmor (Sensei) / Please verify and reclassify www.hamrick.com

« on: September 18, 2024, 08:23:53 pm »

The site www.hamrick.com is the website of Vuescan software. However, this is currently being classified as Botnet C&C. Could you please verify this to be correct and adjust if necessary?
They may have been hacked, or been hacked in the past and remedied this since, or perhaps this is a misclassification of some sort.

11

Hardware and Performance / Re: Upload speed dropping on Netgate SG5100 with FQ Codel enabled

« on: September 16, 2024, 01:29:56 pm »

Please follow this configuration guide: https://docs.opnsense.org/manual/how-tos/shaper_bufferbloat.html
And if it still doesn't work, you really need to post screenshots of your settings.

12

General Discussion / Re: Cron Job for updating Unbound DNSBLs

« on: September 10, 2024, 04:53:35 pm »

I selected the format: Wildcard Asterisk (Blocky (v0.23 or newer), Nebulo, NetDuma, OPNsense, YogaDNS), because it says OPNsense, is this the correct one for OPNsense?

Or should I use RPZ (Response Policy Zone, Bind, Knot, PowerDNS, Unbound), because I says unbound?

Wildcard asterisk is the correct one, the RPZ file is an Unbound native format which isn't understood by the OPNsense download / install / update handling logic. You can also check this if you look in the unbound logging, if you select the wrong file format it isn't being recognized.

13

General Discussion / Re: Cron Job for updating Unbound DNSBLs

« on: September 09, 2024, 06:30:40 pm »

Yes, it does work, they are updated at the times specified in the cron job.
BTW I am using the Hagezi blocklists: https://github.com/hagezi/dns-blocklists

14

24.1 Legacy Series / Re: Services: ACME Client: Certificates validation failed

« on: September 09, 2024, 03:23:51 pm »

I had the ACME + LE also fail on me last weekend, on a setup that has been working for years. What worked for me was to switch to the LE test CA, force issue new certificates, switch back to the production environment, force issue new certificates again, and then it worked.
It may be a coincidence though.

15

Hardware and Performance / Re: Unable to install on lenovo thinkcentre edge 72

« on: September 09, 2024, 03:16:13 pm »

Not sure if it's related, but I have an older Lenovo Thinkserver to play with, and it has a certain oddity:
If you (re)install an operating system, you first need to go into the bios and remove all existing UEFI boot labels, in order to prevent any conflicts. Otherwise the installer will trip on it, especially if the installer wants to create a label which does already exist.