1
24.7 Production Series / Re: Solved: 24.7.8 rebooting every few hours
« on: November 15, 2024, 03:04:29 pm »
About two hours ago, my Opnsense restarted for no reason, attached is the log.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Zenarmor (Sensei) / Re: Unsatisfactory TLS inspection.
« on: November 07, 2024, 06:55:30 pm »
feedback sendt.
3
Zenarmor (Sensei) / Re: Unsatisfactory TLS inspection.
« on: November 06, 2024, 04:45:14 pm »Does this happen again when you clear Chrome's DNS cache?
chrome://net-internals/#dns
The same thing keeps happening.
4
24.7 Production Series / Re: PSA: Test kernel with Intel fixes is available for testing
« on: November 06, 2024, 03:12:16 pm »
Opnsense 24.7.8
o src: assorted FreeBSD stable patches for Intel ixgbe, igb, igc and e1000 drivers
is this the latest version of the kernel ?
o src: assorted FreeBSD stable patches for Intel ixgbe, igb, igc and e1000 drivers
is this the latest version of the kernel ?
5
Zenarmor (Sensei) / Unsatisfactory TLS inspection.
« on: November 05, 2024, 05:37:30 pm »
I am testing the SSE version of Zenarmor and I am having problems accessing various websites of different types with TLS inspection enabled. There are times when it works fine but suddenly it stops loading the page and you can not access, to access that particular website you have to wait a few minutes trying again and then it is allowed, meanwhile you can not access any other website because the same thing happens. When the above is solved for a while everything works normally but soon happens again. When not being able to access the browser gives DNS error but I doubt very much that this is the problem.
6
Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected
« on: November 02, 2024, 10:02:52 pm »
In the end it seems to be a DDNS problem.
7
Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected
« on: November 02, 2024, 09:13:14 pm »
I just finished testing and I think the problem is related to Suricata in wan and possibly Netmap. I have deactivated Zenarmor and Suricata and I could not connect wireguard, I had to restart opnsense several times and some of them hung. In the end with Suricata disconnected and zenarmor active monitoring the wireguard interface it worked again.
8
Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected
« on: November 02, 2024, 07:11:47 pm »
Wireguard - Status
9
Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected
« on: November 02, 2024, 07:06:16 pm »
In the interface assignment I have a zenoverlay vpn that I don't have active and I don't know if I have to activate it, configure it and how to do it.
10
Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected
« on: November 02, 2024, 07:04:00 pm »
A new zenoverlay service has been activated.
11
Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected
« on: November 02, 2024, 07:01:53 pm »
I have restarted Opnsense twice and the problem continues. In the widget the wireguard interface appears with no traffic.
12
Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected
« on: November 02, 2024, 03:09:27 pm »
It has the same behavior as before the update, at first it connects but after some time it loses connection and does not reconnect.
13
Zenarmor (Sensei) / Re: Deep Disappointment with Zenarmor's Commitment
« on: October 28, 2024, 01:35:56 pm »
Sorry for my English.... use translator.
I would like to say that after my previous comment about the impossibility to get a trial version of Zenarmor SSE, my request has been answered very kindly and above all very quickly. I am very happy that you take into account the individual users who are the ones who mostly use your product and in many cases we act as betatesters without wanting it and that is not at all counterproductive to the natural fact that Zenarmor is a company and needs to monetize their products.
I've been testing the full TLS inspection for a few days and I'm going to take this opportunity to comment on how it works:
Opnsense on mini-pc N305 + 16 gigabyte ram DDR5, local network with 6 devices.
I use full TLS inspection without any restrictions or whitelisting.
Manjaro + Brave computer:
I have not noticed any decrease in performance when accessing web pages, however when accessing some of them sometimes it does not load them, very few times, it is solved by waiting a bit and reloading the page again. If I have noticed a slight slowdown very small in the case of the Google search engine and loading problems when returning to it after accessing any of their search results.
Android 14 mobile:
Zenarmor does not inform on its website about the possibility of including the Zenarmor certificate on Android:
https://www.zenarmor.com/docs/guides/adding-zenarmor-certificate-to-a-trust-store
However, in the case of Fortinet they do provide this information:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-FortiGate-CA-certificates-into/ta-p/193274
In my case when doing it with the Zenarmor certificate I have obtained very mixed results, the Brave browser on Android communicates me that there is no internet connection but nevertheless there is no problem accessing any web. In the case of installed applications some connect without problems and others do not, Gmail does and Protonmail does not.
It is very possible that Zenarmor is not to blame but Android is to blame when installing the certificate because to install it as a root certificate you must have rooted the mobile.
Finally, Zenarmor had a very bad start but over time it has been improving favorably. Today it works very well, the protection it offers is very satisfactory, the performance in the absence of multicore capability has improved a lot over time and the filtering and display options are simply fantastic.
I would like to say that after my previous comment about the impossibility to get a trial version of Zenarmor SSE, my request has been answered very kindly and above all very quickly. I am very happy that you take into account the individual users who are the ones who mostly use your product and in many cases we act as betatesters without wanting it and that is not at all counterproductive to the natural fact that Zenarmor is a company and needs to monetize their products.
I've been testing the full TLS inspection for a few days and I'm going to take this opportunity to comment on how it works:
Opnsense on mini-pc N305 + 16 gigabyte ram DDR5, local network with 6 devices.
I use full TLS inspection without any restrictions or whitelisting.
Manjaro + Brave computer:
I have not noticed any decrease in performance when accessing web pages, however when accessing some of them sometimes it does not load them, very few times, it is solved by waiting a bit and reloading the page again. If I have noticed a slight slowdown very small in the case of the Google search engine and loading problems when returning to it after accessing any of their search results.
Android 14 mobile:
Zenarmor does not inform on its website about the possibility of including the Zenarmor certificate on Android:
https://www.zenarmor.com/docs/guides/adding-zenarmor-certificate-to-a-trust-store
However, in the case of Fortinet they do provide this information:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-FortiGate-CA-certificates-into/ta-p/193274
In my case when doing it with the Zenarmor certificate I have obtained very mixed results, the Brave browser on Android communicates me that there is no internet connection but nevertheless there is no problem accessing any web. In the case of installed applications some connect without problems and others do not, Gmail does and Protonmail does not.
It is very possible that Zenarmor is not to blame but Android is to blame when installing the certificate because to install it as a root certificate you must have rooted the mobile.
Finally, Zenarmor had a very bad start but over time it has been improving favorably. Today it works very well, the protection it offers is very satisfactory, the performance in the absence of multicore capability has improved a lot over time and the filtering and display options are simply fantastic.
14
Zenarmor (Sensei) / zenoverlay vpn interface
« on: October 27, 2024, 12:59:40 pm »
Reviewing my interfaces in Opnsense I found a new one that may have been around for a while but I hadn't seen it until now called zenoverlay vpn and I think it is related to zenarmor and its monitoring of the wireguard interface. I have searched for information about it and have not found anything so I don't know if it is necessary to activate it or not and what it is for.
15
Zenarmor (Sensei) / 1.18 Wireguard is disconnected
« on: October 24, 2024, 09:06:09 pm »
With the new update zenarmor prevents the wireguard connection, disabling the WG interface in zenarmor solves the problem, if you re-enable wireguard it connects but after a few minutes it disconnects again. All this can be seen in the Opnsense widget: