1
General Discussion / Re: GeoIP URL / IP Exclusion
« on: November 14, 2024, 08:11:22 am »
You can not, but as far as I can find the documentation also doesn't suggest you can.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
General Discussion / Re: GeoIP URL / IP Exclusion
« on: November 13, 2024, 10:00:39 am »
Hi,
You can nest aliases and exclude addresses in the inherited alias, see https://docs.opnsense.org/manual/aliases.html#nesting (and the FireHOL_with_exclusions example)
Best regards,
Ad
You can nest aliases and exclude addresses in the inherited alias, see https://docs.opnsense.org/manual/aliases.html#nesting (and the FireHOL_with_exclusions example)
Best regards,
Ad
3
Hardware and Performance / Re: DEC850 - boot hangs, USB new install, no serial console screen
« on: October 29, 2024, 09:42:29 am »
Hi Steve,
If I'm not mistaken, the disable serial console option is not available in the menu.
When you are able to reach the bios, make sure to check these settings https://docs.opnsense.org/hardware/serial_connectivity.html#legacy-uart-vs-uefi-serial , older OPNsense versions handled eif differently.
Best regards,
Ad
If I'm not mistaken, the disable serial console option is not available in the menu.
When you are able to reach the bios, make sure to check these settings https://docs.opnsense.org/hardware/serial_connectivity.html#legacy-uart-vs-uefi-serial , older OPNsense versions handled eif differently.
Best regards,
Ad
4
24.7 Production Series / Re: Remove Revocation: Endpoint not found
« on: August 30, 2024, 12:04:48 pm »
best check from the gui, if it doesn't crash there, it's in.
5
24.7 Production Series / Re: Remove Revocation: Endpoint not found
« on: August 20, 2024, 06:24:13 pm »
It looks like we missed a spot there, the delete action wasn't implemented. Just added it in https://github.com/opnsense/core/commit/59b4defd5b8de19f886d57ef55d0a3a05f048ec9
Best regards,
Ad
Best regards,
Ad
6
Hardware and Performance / Re: DEC appliances regularly fail to reboot
« on: August 02, 2024, 10:05:56 am »
Hi Patrick,
The DEC[2]6XX range uses a bios indeed and no efi payload, it doesn't require changes for serial console access.
On older versions (or older settings), the shutdown backup+restore hook made upgrades hang or take an awful long time, but I think I already mentioned that.
When using functionality like Network Insight with a bit larger databases, you likely don't want to enable the tarbals being created on shutdown and reimported on startup. You can check your settings in "System: Settings: Miscellaneous".
Best regards,
Ad
The DEC[2]6XX range uses a bios indeed and no efi payload, it doesn't require changes for serial console access.
On older versions (or older settings), the shutdown backup+restore hook made upgrades hang or take an awful long time, but I think I already mentioned that.
When using functionality like Network Insight with a bit larger databases, you likely don't want to enable the tarbals being created on shutdown and reimported on startup. You can check your settings in "System: Settings: Miscellaneous".
Best regards,
Ad
7
Hardware and Performance / Re: DEC appliances regularly fail to reboot
« on: July 29, 2024, 10:26:27 am »
Hi Patrick,
Sorry to hear you're having issues, but given the time frame (21.7 and 24.7) it's difficult to predict which type of issues you might run into.
One of the things that might explain the weird efi behavior is an earlier change in FreeBSD which required a setting in the bios, which is documented here https://docs.opnsense.org/hardware/serial_connectivity.html#legacy-uart-vs-uefi-serial
One other topic that previously was problematic in older versions was the automatic restore of items as Network Insights, which sometimes didn't complete at all or just took so long that people expected the box to have died in between. A reboot fixes this, but is annoying.
Best regards,
Ad
Sorry to hear you're having issues, but given the time frame (21.7 and 24.7) it's difficult to predict which type of issues you might run into.
One of the things that might explain the weird efi behavior is an earlier change in FreeBSD which required a setting in the bios, which is documented here https://docs.opnsense.org/hardware/serial_connectivity.html#legacy-uart-vs-uefi-serial
One other topic that previously was problematic in older versions was the automatic restore of items as Network Insights, which sometimes didn't complete at all or just took so long that people expected the box to have died in between. A reboot fixes this, but is annoying.
Best regards,
Ad
8
Dutch - Nederlands / Re: [SOLVED] Firewall -Web Application GUI probleem
« on: July 20, 2024, 05:05:09 pm »
klopt, het is een "master/detail" view
9
Dutch - Nederlands / Re: Firewall -Web Application GUI probleem
« on: July 20, 2024, 10:43:22 am »
Als het goed is zouden de locations zichtbaar moeten zijn voor de gateway die bovenin geselecteerd is, mij zijn geen problemen bekend.
In het geval je de configuratie handmatig wil controleren, kan je altijd even de config dowloaden (via System: Configuration: Backups) en in het xml bestand zoeken naar `<Apache`.
Mocht het niet functioneren, laat dan even weten welk versie nummer van OPNsense je gebruikt en deel wellicht even een paar screenshots van het gateway scherm.
Mvg,
Ad
In het geval je de configuratie handmatig wil controleren, kan je altijd even de config dowloaden (via System: Configuration: Backups) en in het xml bestand zoeken naar `<Apache`.
Mocht het niet functioneren, laat dan even weten welk versie nummer van OPNsense je gebruikt en deel wellicht even een paar screenshots van het gateway scherm.
Mvg,
Ad
10
24.1 Legacy Series / Re: OpenSSH CVE-2024-6387
« on: July 05, 2024, 08:40:50 am »
As stated on the top of this thread, next week. (https://forum.opnsense.org/index.php?topic=41342.msg202804#msg202804)
And yes, we are taking it serious, FreeBSD's patch is a precaution, which is obviously fine, but FreeBSD doesn't use glibc and OPNsense is also not available on 32bit systems.
Best regards,
Ad
And yes, we are taking it serious, FreeBSD's patch is a precaution, which is obviously fine, but FreeBSD doesn't use glibc and OPNsense is also not available on 32bit systems.
Best regards,
Ad
11
24.1 Legacy Series / Re: OpenSSH CVE-2024-6387
« on: July 01, 2024, 01:29:59 pm »
Hi Patrick,
This will be addressed next week from our end.
Looking briefly at the report https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=upstract.com, at a first glance exploitation on amd64 seems to be rather difficult (and time consuming) by the way.
Best regards,
Ad
This will be addressed next week from our end.
Looking briefly at the report https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=upstract.com, at a first glance exploitation on amd64 seems to be rather difficult (and time consuming) by the way.
Best regards,
Ad
12
Development and Code Review / Re: HelloWorld module / application
« on: June 19, 2024, 10:53:10 am »
@ffsb42 new link should be https://docs.opnsense.org/development/examples/helloworld.html , I've changed it accordingly, thanks for the ping.
13
Hardware and Performance / Re: New OpnSense Netboard A20
« on: June 19, 2024, 10:51:21 am »Quote
I must say it looks beautiful, compliments the new GUI for OPNsense. As well that logo for D and O, indeed a pair made in heaven.
Thanks, new style is finished, but it will take quite some time before being implemented at other places as well.
Quote
Just curious, same dev for the new Web as for the GUI?
nope, first project for new firm.
Quote
Also I am curious about the rack classed devices, in those you use air tunnels, do you have somewhere results or do you know what is the temp with and without them?
I know we measure them, in some cases even simulate upfront, but the exact difference I don't know (not my department
)Best regards,
Ad
14
Hardware and Performance / Re: New OpnSense Netboard A20
« on: June 17, 2024, 10:21:42 am »
We just redesigned our webshop with a clearer focus on the endproduct and our engineering efforts (https://www.deciso.com/showcase/).
Nothing changes, we still design our own hardware (and software 🙃), a clearer message helps people normally acquiring one of the larger vendors to compare our offering with theirs.
This includes explaining people what it can do rather than what’s exactly being used inside.
Best regards,
Ad
Nothing changes, we still design our own hardware (and software 🙃), a clearer message helps people normally acquiring one of the larger vendors to compare our offering with theirs.
This includes explaining people what it can do rather than what’s exactly being used inside.
Best regards,
Ad
15
24.1 Legacy Series / Re: Legacy IPSEC vti routed firewall interface vs ipsec interface
« on: April 29, 2024, 08:01:19 pm »
Hi Mark,
By default traffic is (only) filtered on enc0, but when only using VTI tunnels, it's also possible to filter on these interfaces as described in the notes here https://docs.opnsense.org/manual/vpnet.html#route-based-vti
Best regards,
Ad
By default traffic is (only) filtered on enc0, but when only using VTI tunnels, it's also possible to filter on these interfaces as described in the notes here https://docs.opnsense.org/manual/vpnet.html#route-based-vti
Best regards,
Ad