Messages

1

General Discussion / Re: Unexpected traffic when network is idle

« on: December 02, 2024, 10:15:37 pm »

The traffic you see in the Live viewer is what the firewall receives, so from your description it sounds like your PC is originating all that traffic. Only when you put a lens like OPN on your network that you realise how much chat goes out from your devices.

2

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 01, 2024, 11:31:16 pm »

would you be willing to try haproxy instead? I find it easier to figure out settings as it (the plugin) exposes more options for a reverse proxy and has the "config export" utility that allows to visualise the result of settings in the UI.

3

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 01, 2024, 05:00:32 pm »

what is the problem you experience though?

4

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 01, 2024, 04:51:18 pm »

I used nginx in the past on OPN as reverse proxy and had no problems I couldn't solve. Key is tracing the requests along the path, and for that we need logs. I use only VMs or bsd jails, not docker, so couldn't help with that.
I couldn't see the problem in this thread btw.

5

23.7 Legacy Series / Re: Used Bandwidth totals?

« on: November 17, 2024, 10:15:40 am »

'mafraid nothing simple exists for this a la yamon .

6

23.7 Legacy Series / Re: Used Bandwidth totals?

« on: November 17, 2024, 07:10:48 am »

closest thing I think on it would be netdata. I am away so can't check but might be available as a plugin from mimugmail's repo. Totals are per interface though. No breakout to anything else.
For per ip, which I imagine you mean by client, you need to turn to something external.
Addition: actually ntopng might be a way. Not sure, haven't used used it myself.

7

Zenarmor (Sensei) / Re: Deep Disappointment with Zenarmor's Commitment

« on: November 04, 2024, 11:32:16 am »

Eh ?! What is your understanding of how Palo Alto does the inspection? Agent or Agent-less has nothing to do with it.

8

General Discussion / Re: Opnsense - Tagged-Trunk port only?

« on: November 04, 2024, 11:26:43 am »

Here is also a new tutorial section that explains the best practice way to connect the OPNsense to a managed switch: https://docs.opnsense.org/manual/how-tos/vlan_and_lagg.html

If anybody finds issues with this guide, feedback and PRs are welcome as always.

Great addition @Monviech . It was desperately needed.

9

General Discussion / Re: Network Time Daemon not running/ SOLVED disabled and switch to chrony

« on: November 04, 2024, 12:06:10 am »

I am so glad that there is another converted away from putty. Great piece of software that has been the mainstay for so very long for Window users, but truly it is time to use Terminal+WSL when possible. Good for you.

10

Tutorials and FAQs / Re: HOWTO - Update AdGuard Home automatically with cron

« on: November 01, 2024, 11:12:01 am »

but IMHO you trade. I've seen a few reported problems apparently caused by the unbound blocklists. Once the user moves to using them outside Unbound, for instance in AdGH, those go away.
The trade is you have to click one button every X weeks to update AdGH. The last one was 3 months from the previous.

11

General Discussion / Re: Minimal desktop install?

« on: October 31, 2024, 10:49:11 pm »

yes it did because the two methods: keys and certificates got conflated. Partly by me to be frank.
The fields in the System | Users are what made me wonder if OPN now supports both. That's all.

12

General Discussion / Re: Minimal desktop install?

« on: October 31, 2024, 10:32:21 pm »

meantime..

p.s. your requirements would be easily met if you did not use it.

Is there another Windows GUI SSH option?  Putty works really good for every other machine I have tried to ssh into.

Is there a post somewhere that list the SSH key requirements?  Putty has a ton of tweeks where I can set the algorithm, cipher, GSSAPI and so much more.

Windows terminal although only available for Windows 10 and 11. Best used with Windows Subsystem for Linux aka WSL. With that, you get a very capable terminal and replaces putty. You get that and quite a bit more as with WSL you get the openssl libraries for example.
@Patrick - ssh keys might not be certificates but a lot of documentation out there refers to them as such. I had to double check why I had it ingrained in my mind as muscle memory. See https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/deployment_guide/sec-using_openssh_certificate_authentication#sec-Introduction_to_SSH_Certificates as an example.
Are we discussing something different perhaps ?

13

General Discussion / Re: Minimal desktop install?

« on: October 31, 2024, 05:48:48 pm »

Sorry not me. I don't nor will use putty, so I'm out.

p.s. your requirements would be easily met if you did not use it.

14

General Discussion / Re: Minimal desktop install?

« on: October 31, 2024, 05:08:26 pm »

@cookiemonster SSH keys are not certificates. Two different things. And you should not use ssh-copy-id, because the key does not end in the configuration. Use the UI, System > Access > Users and upload a key, not a certificate.

yeah true technically and I should have been clearer, thanks for reminding me to not mix the terms.

15

General Discussion / Re: Where is the log in prompt!

« on: October 31, 2024, 03:42:51 pm »

my thoughts exactly