1
Zenarmor (Sensei) / Re: Unsatisfactory TLS inspection.
« on: November 05, 2024, 08:45:37 pm »
I think that is due to blocking QUIC. Chromium-based browsers seem not to like that.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Zenarmor (Sensei) / Re: Unable to Purchase License via Credit Card from India
« on: October 13, 2024, 10:47:45 pm »
Yup, I had that once due to the security settings of my credit card. I had to explicitly allow payments for Zenarmor.
3
Zenarmor (Sensei) / Re: Site listed as parked domain, should I block it?
« on: September 17, 2024, 08:44:07 pm »
The filters are not all-knowing, they're work in progress.
4
Zenarmor (Sensei) / Re: zenarmor devices
« on: September 12, 2024, 11:04:27 pm »
Try to ping them.
5
23.7 Legacy Series / Re: Is there an official or recommended way to forward all ipv6 DNS requests?
« on: August 25, 2024, 12:22:40 pm »
Disabling clients from using their own DoT, DoH, or DoQ is a complicated matter. Against DoT you have Zenarmor. Against DoQ you can block QUIC in Zenarmor. But DoH blocking is a lot more complicated, unless you have an exhaustive list of all DoH servers. The problem is that anyone may start a DoH server, so such list is never foolproof.
Correction: Zenarmor blocks DoH, not DoT. But the problem that anyone may create their own DoH server persists. DoH is indistinguishable from regular HTTPS traffic. Technically, Zenarmor can inspect HTTPS connections, but that breaks much of the internet and smartphone apps.
Correction: Zenarmor blocks DoH, not DoT. But the problem that anyone may create their own DoH server persists. DoH is indistinguishable from regular HTTPS traffic. Technically, Zenarmor can inspect HTTPS connections, but that breaks much of the internet and smartphone apps.
6
Zenarmor (Sensei) / Re: Some websites unreachable - dns problem?
« on: July 20, 2024, 09:19:38 pm »
In the end, I think this is an OPNsense-only problem. I have Zenarmor running of Debian 12, and it does not have such issue.
7
24.1 Legacy Series / Re: 24.1 - DHCP server moves to KEA - implications?
« on: July 19, 2024, 03:48:41 am »
About pinging hostnames: that was once a problem in Zenarmor, perhaps you are using a similar app.
8
24.7 Production Series / Re: Kernel panics after upgrade to R1
« on: July 19, 2024, 02:01:11 am »
And, yup, if the bectl with 24.1 cannot see the crash from another bectl, I have no idea why it prompted me to send the crash reports.
9
24.7 Production Series / Re: Kernel panics after upgrade to R1
« on: July 18, 2024, 11:07:37 pm »
Reported by icnl at home dot nl.
The bectl with 24.7 crashed twice. The bectl with 24.1 filled the crash reports. AFAIK 24.1 did not crash, ever. It's a fairly new installation (two days old).
But, okay, it can have misleading data about the installed software.
The bectl with 24.7 crashed twice. The bectl with 24.1 filled the crash reports. AFAIK 24.1 did not crash, ever. It's a fairly new installation (two days old).
But, okay, it can have misleading data about the installed software.
10
24.7 Production Series / Re: [SOLVED] Kernel panics after upgrade to R1
« on: July 18, 2024, 08:32:58 pm »Yes, just keep sending if you see one and I'll recheck later. The latest test kernel isIf 24.1 can see the crash from 24.7, then both crashes are from 24.7. But, again, I don't know if it can report the crashes from another bectl.
11
24.7 Production Series / Re: [SOLVED] Kernel panics after upgrade to R1
« on: July 18, 2024, 05:12:59 pm »
Yup, 24.7 did not notice the crash. But bectl-ing to 24.1 and rebooting did see a crash (twice). I don't know if it can see the crash from another bectl.
12
24.7 Production Series / Re: [SOLVED] Kernel panics after upgrade to R1
« on: July 18, 2024, 04:19:12 pm »
Yup, I sent two crash reports, one with _5 and the other _7. Or so I think, since I had bectl-ed beforehand to 24.1 stable before sending the crash reports.
13
24.7 Production Series / Re: [SOLVED] Kernel panics after upgrade to R1
« on: July 18, 2024, 03:45:11 pm »
Probably the ones with Intel Ethernet adapters reported no crashes, I have Realtek, I had installed kernel 24.7.r1_7 and it crashed the moment I started a computer on the LAN side. Maybe it does not like Zenarmor blocking some website.
14
24.7 Production Series / Re: How to upgrade from 24.1.10 to RC1?
« on: July 16, 2024, 06:54:36 pm »Code: [Select]
mkdir /root/upd
cd /root/upd
wget https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/sets/kernel-24.7.r1-amd64.txz
wget https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/sets/base-24.7.r1-amd64.txz
wget https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/sets/packages-24.7.r1-amd64.tar
opnsense-update -fiur 24.7.r1 -l /root/upd
exitChoose option 6 (reboot), answer Y.
15
Zenarmor (Sensei) / Re: 24.7.r1
« on: July 16, 2024, 06:04:42 pm »
I mean, using sqlite for the database means the older Zenarmor installation still works okay.