Topics

I have a little money left in my budget for this year, my current license expires next budget year. If I purchase another 3 years now, does the time start when I buy it or when I activate it? I'm thinking buy it now and activate in another 11 months.

Also, I'm buying new hardware, can I transfer my current license to the new device? If no, then I'll run the new hardware in my lab to burn test it until the license is about to expire or my current hardware fails.

Buying a Protectli box, I just can't get the OPNsense hardware for a decent price here, and it's difficult to even get a reseller to respond to me. Protectli is also on a government contract which speeds the process of ordering. This is in the USA.

I just got throw a curve ball by purchasing, and luckily the company had gone through the compliance testing. This is a new initiative and law and it's going to be sweeping the USA next year. Kind of a heads up and as a question... Does OPNsense meet any accessibility standards? Here is a brief description of what is coming if you haven't already gone through a test:

https://www.suny.edu/meansbusiness/procurementpp/digital-resources/

https://www.itic.org/policy/accessibility/vpat

It looks like there is already an EU standard set, and that might be enough to get through the US process, but you never know.

I bring this up because I'm going to need to renew my Business license next year, and this will be in full force by then.

I'm pretty sure that I'm going to update my lab firewall, my old HP T620 is having some issues when it boots, requires pressing power button to turn it back off, and press again to boot, then fine. Yes I have a fresh CMOS battery installed, I think it is just old and lived a long life with me and longer before I bought it.

I'm looking at things like n100/n150 powered devices, but more likely an HP T740. The other strong choice is a used Sophos device, but having trouble finding one with a CPU I like, needs to be at least an Atom 3000 series and would really like newer for the money they are charging.

Some of the REV 3 Sophos devices are going for over $200 and I can buy a new old stock T740 for around the same. I have network cards, ram, and SSD for expanding the T740 to do what I need, all the way up to quad x710 if I want to try and do some 10g lan to lan routing, but probably a quad i350 card.

Any tips on what I should be looking for in a Sophos device before I just get another T740 for the job? I want at least 4 ports, a fifth Realtek port is fine because I use it like a management port when things go wrong. I can also add an i226 port to the T740 giving me a total of 6 ports which is far more than I need in my lab. But power draw at idle for the T740 is higher than other choices, and it spends a lot of time at almost idle.

I'm messing around in my lab firewall, just (finally) upgraded to current, and found something that may or may not be a problem.

In Services -> Network Time -> Status it is showing my GPS NTP server as "Not Considered"

I deleted the pool servers, all of which had a DNS issue and could not be found (a my end problem) and my local GPS NTP server was set to prefer, but no log entries that it has ever been connected. After a reboot it is reporting "Clock Unsynchronized"

I have verified that my local server is up, and that other clients are connecting. Not sure why this is happening.

I do see the firewall in the access logs of the NTP server, not sure why the firewall says unsync.

Prices being what they are, I'm having to think about what I can use to replace my current firewall. I wanted to go with a nice DEC2770, but my budget keeps being shrunk, and they are not allowing me to add $2k for that firewall.

So I'm looking at n355 powered "generic" boxes (probably CWWK inside) that have 6x i226 connections, dual nvme slots and a single DDR5 slot for either 16gb or maybe more.

Are the i226 drivers worked out to the point where I won't have to fool with things too much? Are these "generic" boxes even worth bothering?

This has nothing to do with OPNsense, but I'm guessing I'll find good help here.

I'm looking for something a little more "conversational" than the man page for dnsmasq, and specifically on Debian 13 if the OS matters.

I recently bought a cheap NVR device, they have all kind of drivers for Windows, but I want to run Frigate with is really linux (in a docker container). This thing has 2 gigabit ethernet phy that they run into two separate switch chips to yield two pairs of 8x100mb ports, these also have POE up to 120 watts per 8 ports. Obviously I'm going to need a DHCP server and really should have DNS server running for those 16 ports.

I have a rough idea of what I think I need to do, but would like to find a nice guide to all the features that dnsmasq can provide, one that is easier to read than the man pages and gives a little better explanation.

If you want to see the device in question, here is a thread, it was cheap enough on ebay to give it a try (since I had ram and drives):
https://forums.servethehome.com/index.php?threads/nexcom-nvis-14162-nvr-device.54703/

I think I can just assign IPs to both of those gigabit interfaces, putting them on the same lan, then bind dnsmasq to both of those interfaces to serve up IP and DNS to all 16 of those ports. The actual syntax is in question, but I think I might have a starting point. I might need to form a bridge between them, not really sure yet.

And a question... Why has no one ever built a GUI for dnsmasq, Bind, Kea, etc. And yes, I know, real admins don't use GUIs. Been told that a few times.

I just bought a couple Supermicro AOC-STG-i4S used (Intel x710 based) and I think I'm going to convert one of my HP T740 into a higher speed OPNsense for my lab, this will let me route between both of my lab networks at a higher speed, and the faster T740 should give better performance on the wan, my old T620+ doesn't seem to be giving full speed anymore.

Anything I should look out for on these cards?

Did a quick search and didn't see what I was looking for. Anyone have a short guide on setting up Netbird with OPNsense as one of the endpoints? I want to be able to access my lab from home, guessing the second endpoint will be the Windows client.

With the announcement of 25.10 for Business, does this require a manual button push to get it going, or will we be able to schedule this like minor updates? I saw a note in the 25.4.3 Business that adds the option to move to 25.10 and thought I would ask since I misunderstood the path to the last major update.

With scheduling being what it is, I'm going to target sometime next week to do this upgrade.

I have a single linux machine that reaches out to newyork.mordor.rfc2549 dot net, it's running Parrot Security. It just starting doing this a little while ago, but not entirely certain when this started. Anyone else seeing this and know what is going on?

If it is useful, I'll want to unblock it, if it is malicious, I'll want to fix the problem. Happening when all users are logged out and generally around midnight local time.

I will add that this is running on hardware I don't specifically trust, which is why it doesn't run the Windows OS that it came with. It's a little AWOW mini PC from Amazon and I've never truly trusted it which is why it has Linux on it with the new drive.

Code Select Expand

{"id":"transport_proto","name":"Protocol","value":"TCP","type":""},{"id":"policyid","name":"Policy","value":"0","type":""},{"id":"cloud_policyid","name":"Cloud Policy","value":"null","type":""},{"id":"cloud_ruleid","name":"ZTNA Rule","value":"","type":""},{"id":"cloud_networkid","name":"Secure Network","value":"","type":""},{"id":"interface","name":"Interface","value":"igb3","type":""},{"id":"vlanid","name":"VLAN","value":"0","type":""},{"id":"conn_uuid","name":"Connection UUID","value":"72314b51-d388-46a3-b3bf-eb8bca71e342","type":""},{"id":"direction","name":"direction","value":"out","type":""},{"id":"src_hwaddr","name":"Source Hardware Address","value":"38f7cdc21a48","type":""},{"id":"src_username","name":"Source username","value":"","type":""},{"id":"ip_src_saddr","name":"Source IP","value":"172.17.2.99","type":""},{"id":"ip_src_port","name":"Source port","value":48478,"type":""},{"id":"src_hostname","name":"Source hostname","value":"172.17.2.99","type":""},{"id":"src_dir","name":"Source direction","value":"EGRESS","type":""},{"id":"dst_hwaddr","name":"Destination Hardware Address","value":"98b7851ea609","type":""},{"id":"dst_username","name":"Destination username","value":"","type":""},{"id":"ip_dst_saddr","name":"Destination IP","value":"23.92.23.177","type":""},{"id":"ip_dst_port","name":"Destination port","value":443,"type":""},{"id":"dst_hostname","name":"Destination hostname","value":"newyork.mordor.rfc2549.network","type":""},{"id":"dst_dir","name":"Destination direction","value":"INGRESS","type":""},{"id":"is_blocked","name":"Block status","value":1,"type":""},{"id":"is_overlay","name":"is_overlay","value":0,"type":""},{"id":"is_local","name":"Local","value":0,"type":""},{"id":"input","name":"Input","value":15,"type":""},{"id":"output","name":"Output","value":15,"type":""},{"id":"src_npackets","name":"Packets Outbound","value":1,"type":""},{"id":"src_nbytes","name":"Bytes Outbound","value":66,"type":""},{"id":"src_pbytes","name":"Source bytes","value":0,"type":""},{"id":"dst_npackets","name":"Packets Inbound","value":0,"type":""},{"id":"dst_nbytes","name":"Bytes Inbound","value":0,"type":""},{"id":"dst_pbytes","name":"Destination bytes","value":0,"type":""},{"id":"src_tcp_flags","name":"Source TCP Flags","value":"","type":""},{"id":"dst_tcp_flags","name":"Destination TCP Flag","value":"A","type":""},{"id":"start_time","name":"Start time","value":"Aug 18, 2025 12:15 AM","type":"timestamp"},{"id":"end_time","name":"End time","value":"Aug 18, 2025 12:25 AM","type":"timestamp"},{"id":"encryption","name":"Encryption","value":"Clear","type":""},{"id":"app_id","name":"Application Id","value":2,"type":""},{"id":"app_proto","name":"Application protocol","value":"Generic TCP","type":""},{"id":"app_name","name":"Application","value":"Generic TCP","type":""},{"id":"app_category","name":"Application category","value":"Generic TCPIP","type":""},{"id":"tags","name":"Tags","value":"[\"Empty Sites\",\"Potentially Dangerous\",\"IP Queried\"]","type":"array"},{"id":"security_tags","name":"Security category","value":"[\"Potentially Dangerous\"]","type":"array"},{"id":"web_actions","name":"Web Actions","value":"[]","type":"array"},{"id":"web_actions_description","name":"web_actions_description","value":"[]","type":""},{"id":"src_geoip","name":"Source Geo IP","value":"{\"timezone\":\"\",\"continent_code\":\"\",\"city_name\":\"\",\"country_name\":\"\",\"country_code2\":\"\",\"country_code3\":\"\",\"dma_code\":\"0\",\"region_name\":\"\",\"region_code\":\"\",\"postal_code\":\"\",\"area\":\"0\",\"metro\":\"0\",\"asn\":\"0\",\"latitude\":0,\"longitude\":0,\"location\":{\"lat\":0,\"lon\":0}}","type":"object"},{"id":"dst_geoip","name":"Destination Geo IP","value":"{\"timezone\":\"\",\"continent_code\":\"\",\"city_name\":\"Hanover (Cedar Knolls)\",\"country_name\":\"United States\",\"country_code2\":\"US\",\"country_code3\":\"\",\"dma_code\":\"0\",\"region_name\":\"\",\"region_code\":\"\",\"postal_code\":\"\",\"area\":\"0\",\"metro\":\"0\",\"asn\":\"0\",\"latitude\":40.821800231933594,\"longitude\":-74.44999694824219,\"location\":{\"lat\":40.821800231933594,\"lon\":-74.44999694824219}}","type":"object"},{"id":"device","name":"Device","value":"{\"id\":\"38f7cdc21a48\",\"name\":\"Device (38f7cdc21a48)\",\"category\":\"other\",\"vendor\":\"other\",\"os\":\"other\",\"osver\":\"\"}","type":"object"},{"id":"remote_device","name":"Remote Device","value":"","type":""},{"id":"community_id","name":"Community ID","value":"1:L+qQEZnEHmHeXx5CDu1yhIr9vx8=","type":""},{"id":"handshake_result","name":"TLS Handshake Status","value":"None","type":""},{"id":"_id","name":"_id","value":"AZi7bQer0L1ylm9tG0an","type":""},{"id":"policy_name","name":"policy_name","value":"Default","type":""},{"id":"rule_name","name":"rule_name","value":"Deleted ()","type":""}

I have 2 OPNsense that I'm trying to get talking to each other and failing.

FW1 has a lan of 172.17.0.1 (production)

FW2 has a lan of 172.30.0.1 (lab)
FW2 has a lan of 172.17.0.4 connected to the production network

I want to be able to move data between production and lab and I'm failing to understand how it wants me to do this.

Do I need to set up additional gateways on each end, and if I do, what happens to the main traffic on the production network?

Do I need to set up virtual peer networks on each side and make route or gateway across those peers?

I did some reading last night, but now I'm failing to get things working.

I'm setting up a new firewall with the latest 25.x installer, using an old HP T620+ with Intel Pro 1000 card. Install goes fine, set up LAN and WAN, Wan can ping out to URLs, everything looks good.

Went to option 12 to update and I'm getting failed certificates and it won't update.

I'll have to get a laptop out after lunch and give this a try through the GUI and see if something can be fixed.

The installer was downloaded last week Thursday or Friday (3-4 days old) and I think I remember it was v25.1

This firewall is to be used in my lab, there is no urgency in this problem.

I just noticed, if you scroll all the way down to the bottom of any page, the Simple Machines forum software does not show the correct year for the copyright. Is this the SMF software copyright or copyright to the data on the forums?

Other products that I've used dynamically update this to be current year. And in the end, it doesn't really matter because AI doesn't abide by those terms (look at the Facebook book theft case where they were torrenting books to feed into AI).

Last night I had CRON set to perform the 24.10.2_8 to 25.4.x update and it didn't go, the reboot I had set for an hour later did happen so I know cron was doing it's job.

Does the 25.4 upgrade require manual intervention? I think I'll have time later today, but was hoping it would be done when I walked into work this morning.

if it matters, I generally only turn on the firmware and reboot task when I need them to run, and turn them back off the next day. I did manually run the check for updates tool yesterday to make sure I was seeing the 25.4 version listed.

I've been noticing this and wanted to ask to check. I did a long overdue update last night and a reboot, that went fine. But I looked and see my ZFS ARC at 2.1GB, the previous size was over 4GB and it seems to clear out on reboot (which is probably normal). I did not make any adjustments to the cache size, so it's running at whatever default values are set in the Business version, Intel Xeon processor, intel i350 and i219 NICs, 16GB of ECC ram, Supermicro main board and chassis (more specific if needed).

Is it normal for this to grow as time goes on? It's never really gotten big enough to worry about, seems there is something every couple of months that needs a reboot. Mostly just checking to see if this is normal. On my Truenas systems, ZFS ARC will vary a lot depending on what it is doing and may use almost all free RAM, but then it goes back down after a short amount of time where the ARC in OPNsense seems to just grow and stay at that size.

I have a user that decided the browsers that we include on our PCs is not good enough. I saw a long list of things being blocked and that always gives me concern. I tracked it back to a Wave Browser which is basically a malware conduit and of course, it installs in user space (because Microsoft thought that was a good idea). Starting remediations now and in the custom blocking that I added, I did tell my system to send the info. back to Zenarmor so they can include it in future blocking.

But doesn't anyone have a list of sites that should block this garbage?

Here's what I've blocked so far:

Code Select Expand

wavebrowser.com

mywavehome.net

wavebrowser.co

gowavebrowser.com

gowavebrowser.co




There are some prefixes that go with these, but I figure if I get the top level it should block them.

I'm seeing many Quic UDP connections in my logs, the few I've checked go straight to google... How soon before we see trackers and ads from this same type of connection?



I copied the entry but then when I pasted it I see a bunch of information that I just don't want to post (like lat/long) from the Live Sessions, I was going through and blocking a bunch of stuff that popped up with Firefox on Debian and Chrome through Kasmweb.

I see a post in announcements that 24.10 Business is out... Anyone do this yet?

I don't have a test machine set up for this, so I might wait a few days, or wait until I can perform this while I'm here.

Hopefully I'm not wasting money here... HP T740 has pcie 3.0 single lane a+e key slot for wifi. I don't need the WiFi so I just ordered an Intel i226 2.5gbps card to go in that slot. Question is this, will that single lane actually go all the way up to 2.5 gbps?

Going to be weeks for the card to arrive, I hope it is really Intel and really an i226.

I also have a dual 10gbps card going in the 4x slot, again hoping it will go full bandwidth on one of the ports. This is not an OPNsense specific question, but could get used again if need be.

Is there a way to schedule when an OS update can be done and automatically reboot when finished?

I've had the Business update waiting for me for about 2 weeks now, and no good time I can interrupt my users (stupid Adobe may close the projects if it loses constant connection).