Messages

121

19.1 Legacy Series / Re: How to edit the notorious "Default deny rule"

« on: February 18, 2019, 06:08:00 pm »

...your problem is in your word asymmetrical routing.

That's exactly i want to allow. We build many Dahua surveillance systems and connect them to a SmartPSS on a PC in our shop(behind the OPNsense) by a serial number with corresponding user and password. When the SmartPSS tryes to connect, it sends request to Dahua P2P servers, then Dahua P2P servers contact the corresponding NVR/DVR, which is registers in Dahua servers via UPnP on random ports behind their router, and corresponding NVR/DVR tryes to connect to SmartPSS, but can't because of "Default deny rule"
With simple router and with IPFire that works out of the box.

122

19.1 Legacy Series / Re: How to edit the notorious "Default deny rule"

« on: February 18, 2019, 09:33:53 am »

After disable state tracking in numerous places, now Default deny rule changed from rulenr 6 to rulenr 8. Still no-go. What is rulenr 8?

123

General Discussion / Re: Docker in the OPNsense environment?

« on: February 17, 2019, 07:12:58 am »

I also look in this direction, because it's more easy and versatile for developers to maintain just Docker rather than many plugins for third party services like Ubiquiti Controller.
Here is an experimental implementation:

https://wiki.freebsd.org/Docker

124

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: February 15, 2019, 05:59:21 am »

So is there 19.1.1 netmap enabled or just 19.1 ?

125

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: February 14, 2019, 10:37:29 pm »

Now when there is 19.1.1 can we use it with netmap enabled kernel and what is the command?

May be "# opnsense-update -bkr 19.1.1-netmap" ?

126

19.1 Legacy Series / How to edit the notorious "Default deny rule"

« on: February 13, 2019, 10:00:23 pm »

Hi felas,

i have a problem behind several routers with accessing Dahua DVR/NVRs by serial number (Dahua's DDNS).
Edited Firewall>>LAN>>Advanced>>State>>State Type to 'none' and the default deny rule still kicks in
Any clue?

p.s. it's all about asymmetrical routing. Is there a way to allow it for sure?

127

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: February 13, 2019, 09:42:35 pm »

Hi hbc,

Yep, correct. VLANs were also broken, but it looks like it was fixed with the FreeBSD 11.2 update. My note was about virtio support. Sensei 0.7 filters out any virtio interfaces. 0.8 will remove this filtering so that they will be presented in the Interface Selection.

Source Interface/Network Address/IP Address/VLAN/User/Group filtering is a feature of Policy based enforcement, which will be showing up with the Premium Subscription.

My advice is to consider exchange "Source Interface/Network Address/IP Address/VLAN/" for volume of users above 1000 or so... It's vital for usability and development at all IMHO.

128

Hardware and Performance / Good ITX board with limited availability

« on: February 06, 2019, 09:06:06 pm »

From time to time i observe the net for a decent ITX 12V(or wider DC power tolerance) with proper components for a x86 router. I guess i find one in Intel:
https://solutionsdirectory.intel.com/solutions-directory/d3543-s-industrial-series-mini-itx-mainboard
and found it also in Fujitsu:
http://www.fujitsu.com/fts/products/computing/peripheral/mainboards/industrial-mainboards/d3543s.html

I am in Bulgaria, and here such boards are hard to find and order. Is anyone seen this board anywhere ot order single piece in Europe?

129

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: February 02, 2019, 10:20:23 am »

19.1 goes in production now, and we that have sensei have a problem:
https://forum.opnsense.org/index.php?topic=11400.msg51520#msg51520

130

19.1 Legacy Series / Re: New OpenVPN Export does not work with Windows because of UDP instead of udp

« on: February 02, 2019, 09:59:08 am »

i also observed this and 'comp-lzo' not inserted in .OVPN file also.

131

19.1 Legacy Series / Re: Upgrade fail

« on: February 02, 2019, 09:57:40 am »

Setting vm.pmap.pti tunable to 0 not helping me. After unlocking 19.1 and hit upgrade router boots normally, but version stays on 18.7.10_4.
My instance runs as VM on Proxmox 5.3-7. All 4 cores of i5-4570 are fully exposed to VM in 'host' mode.
Ask if some logs are needes.

132

Hardware and Performance / Re: Fitlet2 J3455 alternative?

« on: January 11, 2019, 06:42:08 pm »

Whats wrong with the fitlet2 itself? Its onboard NICs are Intel i211s and its FACET add in card its two more i211s. So a total of four Intel NICs.

The price.

133

Hardware and Performance / Re: Best Nic Card

« on: January 06, 2019, 07:04:14 pm »

Here is a thread with good content about NICs:
https://forums.servethehome.com/index.php?threads/list-of-nics-and-their-equivalent-oem-parts.20974/

134

Hardware and Performance / Re: Fitlet2 J3455 alternative?

« on: January 06, 2019, 07:02:46 pm »

I also observe these small PCs but for such moneay always will take second hand brand PC with haswell i5 + i340-T4 also second hand, and there is no comparison in performance and options...
Just players on the market are too few, and i will give them a time to evolve before buy something from them.
On other side HP, Dell, Lenovo are always stable for such use. I never had strange behavior or failure with them.
As i read this forum and pfSense that can't be said for Qotom.

135

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: December 27, 2018, 09:04:14 pm »

Also thanks from me for the update.

"12. Fixed Rebellion Theme compatibility issues."

In session details the headers of the columns are still with white text on white background:

https://www.dropbox.com/s/0v72em2bch0rk0q/Reb.jpg?dl=0