Messages

1

General Discussion / Re: OPNSense Discord is growing!

« on: November 20, 2024, 04:26:33 pm »

You've got mad lads like Marciel helping people one on one and serving the community in a great fashion.

Hes not the only one, plenty of the people in there serving the greater community as a whole.

No, not serving the greater community, serving YOUR community. Again that lack of open web search, not getting back to the official developers, etc.

Let's look at some stats:

Total Members:39052

Online Today:873

time of posting  575 Guests, 23 Users (1 Hidden)

The greater community is clearly here and all the information is publicly available to all who seek it (and indexed on open web searches).

[edit] No offense, I don't like the default layout, I like forums like this much better. And the search is cluttered with reddit threads, not limited to the discord. I tried it, I'm probably not going to go back. Mostly I wanted to see if their was a paywall that people keep talking about, I was not asked for a payment to enter like many other Discord "channels" (not sure of the proper wording). At least I looked, I'll probably just stay here.

2

Hardware and Performance / Re: Hardware guidance for Bare Metal install

« on: November 20, 2024, 04:08:54 pm »

Sending a private message.

3

Hardware and Performance / Re: Hardware guidance for Bare Metal install

« on: November 19, 2024, 04:38:59 pm »

If you need to buy RAM to get to that level, then no do not go that high. If you already have that RAM and don't need it somewhere else, then leave it be. I have 16GB in my firewall, 8.8 in use and 5 of that is ZFS cache. 64 won't get you anything, but again if it exists now, leave it. Only thing it will do is draw a bit more power from the wall.

4

Hardware and Performance / Re: Hardware overkill for dedicated OpnSense?

« on: November 19, 2024, 04:34:49 pm »

Including the ZFS cache, I have more than 8GB of ram in use on my bare metal firewall. Just shy of 4GB of "real" ram used when I checked it a moment ago.

5

Hardware and Performance / Re: HP T740 thin client does not boot installer disks - atkbd0: [GIANT-LOCKED]

« on: November 19, 2024, 04:29:46 pm »

Did this process fix the issue and get you running? I've moved my T740 to VMware testing which they also seem to work fine within their limits (and a 10gbe card).

6

Hardware and Performance / Re: OPNSense on vSphere 8.0.3 Trunk Throughtput

« on: November 13, 2024, 07:16:15 pm »

Just starting down the vSphere road... I assume with a pass through PCIe card you also can't vMotion the VM to another host if the first host needs an update and reboot? XCP-NG would be the same, I couldn't even migrate a VM that used a pass through video card, and all the hosts had that same video card present.

Now if your ESXi hosts all have an extra ethernet that is passed through (wan to switch to host ports), could you then vMotion the VM to another host in that group that have the pass through connections to the WAN? I think this way might work with XCP-NG, but not tried.

7

General Discussion / Re: Nominate OPNsense and FreeBSD Foundation for Proton's Fundraiser (Big Reward)!!

« on: November 07, 2024, 04:16:27 pm »

OK, Done. Hope it works since they do indeed strive to keep the project open (I did buy a 3 year Business license to help support the project). And if things go the way I want, I'll be adding some hardware in about a year (budget process takes that long).

8

Zenarmor (Sensei) / Wave Browser - anyone have a list of sites to block

« on: November 06, 2024, 05:06:26 pm »

I have a user that decided the browsers that we include on our PCs is not good enough. I saw a long list of things being blocked and that always gives me concern. I tracked it back to a Wave Browser which is basically a malware conduit and of course, it installs in user space (because Microsoft thought that was a good idea). Starting remediations now and in the custom blocking that I added, I did tell my system to send the info. back to Zenarmor so they can include it in future blocking.

But doesn't anyone have a list of sites that should block this garbage?

Here's what I've blocked so far:

Code: [Select]

wavebrowser.com

 mywavehome.net

 wavebrowser.co

 gowavebrowser.com

 gowavebrowser.co



There are some prefixes that go with these, but I figure if I get the top level it should block them.

9

General Discussion / Re: Network Time Daemon not running/ SOLVED disabled and switch to chrony

« on: November 06, 2024, 03:57:07 pm »

Windows Terminal has been a nice change for me... But I still install Teraterm as well.

Not to get too far off topic, but is there a way to get a serial connection from Terminal? Minicom for Windows would also be a good choice, if it existed, has become my default for Linux devices that I need to use with a serial console.

10

Hardware and Performance / Re: [SOLVED] What NICs are good for 1Gbps symetric PPPoE on a virtualized OPNSense

« on: November 06, 2024, 03:43:58 pm »

With the i226 card, what version of OPNsense are you running? I see a thread about different kernels up in the general 24.7 section and it helping to work with these multigig interfaces.

11

Zenarmor (Sensei) / Re: failed to disable offloads for interface?

« on: November 06, 2024, 03:39:21 pm »

If after disabling the hardware offload a reboot doesn't fix it, remove the Zenarmor related packages and reboot, then reinstall Zenarmor. You might be able to just reinstall ZA, but the reboot between should make certain that things reload.

That said, I see there is a 1.18.1 version that I haven't updated to, what version is yours running?

12

Zenarmor (Sensei) / Re: Unsatisfactory TLS inspection.

« on: November 06, 2024, 03:33:55 pm »

Is the time on the firewall correct? Also time on the clients? Not sure if that is an issue, but worth checking.

13

General Discussion / Re: Champagne anybody?

« on: October 30, 2024, 04:01:33 pm »

Patrick,

I'd be very interested in a good long post about all the stuff that needs to be studied, maybe I can find a way around my CGNAT ISP, if they are doing IPv6 correctly. I think they are still handing out local addresses, but having a static internet routable address would be really nice.

14

Zenarmor (Sensei) / Re: Deep Disappointment with Zenarmor's Commitment

« on: October 30, 2024, 03:53:35 pm »

I was lead to believe that the Zenarmor package could use any SSL certificate. If it only allows its self signed certificate, then that will be a problem that needs to be fixed.

15

General Discussion / Re: Who uses opnsense in companies

« on: October 29, 2024, 04:55:45 pm »

I also run into the "open source software" is garbage and full of bugs statements. This is one of the reasons I'm budgeting for a DEC2770, the device immediately provides an acceptable appliance even though the software is exactly the same.

And yet they also use Linux servers here, so how is that any different? And Drupal, can't forget our web host software, isn't that also open sourced? (scratches head) 

I'm on old hardware now, so this is an upgrade that is really needed. Hopefully the hardware will extended my current Business license, but not going to worry about it right now. By the time I get it, I'll only have a year left of that license and it's pretty inexpensive.

Getting kind of off topic. I do know a lot of businesses use PFsense, so I would expect there are a few who secretly use OPNsense.