Topics

1

21.1 Legacy Series / Auto Firmware Update Missing?

« on: June 06, 2021, 11:24:44 pm »

I've been googling this one and I'm unclear if this basic feature exists or not.  What I'm looking for is some method whereby the firmware can be auto downloaded, updated and rebooted if necessary at a scheduled time.  Seems like a pretty basic feature for a firewall to me.

There are a few discussions e.g here https://github.com/opnsense/core/issues/1798

What am I missing?

Many thanks,

Marshalleq

2

21.1 Legacy Series / Scheduled Reboot Missing?

« on: June 06, 2021, 11:21:35 pm »

I stumbled upon this old thread, complete with code to resolve the issue, but for the life of me I can't find this feature in the GUI anywhere.  Perhaps I'm misunderstanding it.

Anyone know if there still exists a scheduled reboot feature in the GUI?

Thanks,
Marshalleq

https://forum.opnsense.org/index.php?topic=4471.0

3

Zenarmor (Sensei) / Failed installation, must reset reporting but doesn't work

« on: December 23, 2020, 11:49:23 pm »

So I've installed and I've tried a few different things, including using an external DB, but always get told to reset reporting, which fails as per attached screenshot.

Admittedly, I do only have 4GB RAM in the box, I could upgrade it, but was lead to believe it would work, particularly with an external database, which installed, but did not present any data.

Any ideas?

Thanks.

4

20.7 Legacy Series / Has anyone seen any way to integrate Polyswarm Threat detection?

« on: December 02, 2020, 07:07:24 am »

https://polyswarm.io

5

Intrusion Detection and Prevention / SMTP / IMAP IDS/IPS Not working?

« on: November 26, 2020, 10:48:53 pm »

Hi everyone, for some time I've been having some issues with dictionary attacks locking out my mail server accounts.  I'm not sure if the IPS is not working, because if it was I'd expect that this wouldn't happen.  Perahaps I have misconfigured something.

Can anyone help as to:
1 - What rules I would need to prevent this
2 - Any obvious configuration issues - how I might know IPS/IDS is actually working?

I've done some searching, but haven't found anything conclusive.

I'm using the free in return for some data ruleset you get from the opnsense store.

Had this message up here for a week or two, no replies, so I edited it just now.  Perhaps nobody knows how to check if it's working....

Thanks.

6

Hardware and Performance / Anyone tried one of these new Dual NIC AMD NUC machines?

« on: August 08, 2020, 02:31:46 am »

In my never ending journey to try and find some little box that's easy on power and easy on the wallet, this might be my new favourite.

https://store.minisforum.com/products/minisforum-um300-mini-pc?variant=35186874581153
AMD are pretty good on power too. 

Not sure what the NIC's are yet.

Browsing around the site, I see four other models with dual NIC including this older INTEL i3 for US$289 https://store.minisforum.com/collections/home-mini-pc-series/products/minisforum-u500-h-mini-pc however there are also new ones coming.

Has anyone tried one?

7

20.1 Legacy Series / How to route LAN traffic to VPN for one target host? LAN>VPN>TARGET

« on: April 15, 2020, 11:58:42 pm »

Dear all, I have a target IP address on a VPN which hosts an NFS mount that I'm using as a backup target.  I need an internal host to be able to connect to that 24x7 through the firewall.

It's using OpenConnect as it's a Cisco VPN, which for the most part seems to be working.  I can ping the host with the NFS mount from the OPNsense host.

I do not own the remote network, though I can ring up and get support for it e.g. to understand the topology.  However I'm stuck wondering on a few points.

If I am to add a static route to direct traffic to the foreign address, the route requires a gateway which appears does not exist in the drop down list.  I would have thought there was some kind of dynamic gateway added, but I can't find it. 

So I assume I have to manually add a gateway under System, Gateways.

Question: What do I put in the IP address field?  The target VPN connects with a 172.16. address and the host is a 10.12 address.  Must I create a new address in the first of this range?  Or can I add a third subnet that routes through the other two, given that they are not networks that belong to me?

Any other advice that I might need?

I am a bit nervous working on this remotely and trying to be careful I don't lock myself out (I currently connect via VPN). This box sits in my home and I am stuck in another country due to COVID-19. Conversely, this backup is so that if something happens to that box, I can get to it from another place while stuck overseas and bring back up the critical services! (The downsides of self hosting the first months of a new startup!)

Many thanks,

Marshalleq

8

Web Proxy Filtering and Caching / Windows Update Cache / Linux Package Cache

« on: August 09, 2018, 05:44:53 am »

Hi all - first OPNsense post having moved over from IPFire...  Being that I repair a lot of computers as favours for people, the caching of Windows Updates and Linux Packages is a big deal.  However in the age of SSL I don't really care about caching web traffic - there's just not enough HTTP traffic left and I'm not a fan of utilising man in the middle certs etc.  So, questions below:

Q1 - Does anyone know how best to configure the cache just for this purpose?  I find the terminology a bit ambiguous - seems memory might not actually mean memory.
Q2 - Is this based on the update accelerator stuff here? https://github.com/pbinks/update-accelerator

Q3 - If based on update-accelerator, did we leave mac updates out for a reason (IPFire had this). 

Thanks!

(not sure if the Mac stuff is excluded here on purpose