Topics

Is there a way to configure crowdsec to only be active on the wan?  I have Zenarmor protecting the LAN and am mainly protecting a few ports open for gaming. I have been having problems getting to websites randomly with crowdsec enabled and figured I should just turn off the LAN side as Zenarmor handles that

So currently my current setup is just Opnsense with Zenarmor, upnp and smart tools.  I have shaper setup for keeping latency down.  My connection is a 2.5 gig up and down fiber.  I get full speed on my router with no problem.  I am wondering if i need to add something like CrowdSec to the WAN side or something else to protect my firewall.  I am not new with opnsense but never really dug into other addons much.  What are any suggestions on what i might want to add to secure my system more but would not overly complicate management for me.

Thanks for the help

I am kinda supprised that my opnsense with zenarmor is handling my new fiber internet at home.  I have a 2.5 gig connection via fiber at home now.  I know we are not a huge network but around 45 device or more and 5 users.  Here are my specs

I3-14100 4.7 ghz
MSI B760 Pro
16 GB ddr4 3200
WD 850x 1 tb
Dell intel x550-t2 (on the main PCIE port that is CPU bound)

I am currently running ES database 5 on my system.  I was wondering if there are any reasons to upgrade to the newer version of 8?  Also if there are good benifits, is there a simple way to do it?

Thanks!

I currently have 1.2 gig cable internet connection and looking at att fiber. I read that att does not allow true bridge mode like my cable does. Has anyone used opnsense with att fiber in their pass through mode?  How well does it work?

So right now I am running an i3 8th gen for my 1.3 gig cable connection and it does well. I am looking at moving to fiber and a 2.5 gig connection and think I will need more single core speed for zenarmor. I was looking at the i3 13th or 14th gen. Since I have had such good luck with my current setup, I just wanted to find out if any one had any issues with the newer intel cpus due to the efficiency cores

I am a newbie when it comes to IPv6 and have my opensense setup to just use ipv4 right now.  I know my isp supports v6 as when i have their router setup they have a v6 address.  I was wondering if any one had a simple guide to setting it up and dhcp for v6 on opnsense.  I got kinda confused on how some of the guide describe it.  Thanks.

One note is i know i got the WAN connected as I turned on dhcpv6 and it gets an address.

I am trying to track down a problem i am having with my system and want to see if it is related to 24 update and so want to reinstal 23 with the updates.  What do i have to put in flavor to keep it at the highest 23.7 revision for updates with out it forcing me to 24

Since i updated to 24.1.2_1 from 23.X I have been having random reboots of my opensense system.  Before this update my system was up for months at a time. It is now rebooting 2 - 3 times per day.  The only error i see in the logs is below.  I do have ZenArmor installed and running but that was also in before.  I have a simple 1 wan 1 lan connections, no vlans.  Any ideas where i should start looking to track down the random reboots.


Error   configd.py   action rfc2136.reload.lan not found for user root

I upgraded this morning to the new version with the release of 1.43 and it has been working great.  I was going through settings and noticed the DNS enrichment was asking for a DNS server to work.  I am kinda confused as I am not sure if it is asking for a local DNS server or a remote.  The manual says you can put in both so I am really confused.  I run unbound on my opnsense so i was wondering if i just put in my opensens IP or do I need to specify my external DNS addresses here as i though it used the system specified DNS.

Ok still learning and newbie question.  How can i hold Zenarmor to 1.3 but still be able to upgrade opnsense to the latest version.  When i go to update it wants to do both.  I want to hold off on 1.4 until more of the bugs are worked out. 

Edit: Is this what the lock option is for?  Picture attached

Due to the amount of gaming system on my home network we use UPNP.  When i upgraded to 23.7 it stopped working so i tried to unistall and reinstall UPNP.  When i went to reinstall it was missing from the packages available.  Was it removed in 23.7?  I did not see it on the release notes or anything.

Solved:  For some reason after the update took another reboot for the repositories to work properly.  I have it back installed and working

I have a setup that is pretty simple.  I am using just opnsense as a router with zen for filtering.  No vpn or anything fansy.  My internet is roughly 1250/45 and i have 10 gig dual network card connected at 2.5 gig in and out.  My cpu is an I5-9400 and 16 gb ram with 500 gb pcie ssd.  I have been noticing that i am running 80 - 90 % ram usage recently.  I am wondering if i need to upgrade the ram to 32 gigs or upgrade the cpu to an i7-8700 that i have.  Here is an example of my server load under use.  I have about 50 devices with 5 users that covers my house with lots of gaming devices and smart devices.