Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - chemlud

#31
General Discussion / Re: website update looks great!
December 14, 2024, 12:00:55 PM
Quote from: dseven on December 13, 2024, 11:13:34 AM
Quote from: chemlud on December 13, 2024, 09:49:43 AMPS: Wo ist der Knopf für "Latest Posts" hingekommen?

You mean "Last Post", I assume? I just noticed that that very handy link is now missing too. I was very handy for catching up on running discussions :(

If you bookmark this

https://forum.opnsense.org/index.php?action=recent;start=0

it'S still there, but I don't see a button to access it directly from the forum main paige, as in the past.
#32
General Discussion / Re: website update looks great!
December 13, 2024, 09:49:43 AM
PS: Wo ist der Knopf für "Latest Posts" hingekommen?
#33
General Discussion / Re: website update looks great!
December 13, 2024, 09:47:40 AM
Runde Avatare sind doof. Wenn man nicht eingeloggt ist gibt's keinen "Reply" button, mit dem man schnell einloggt und direkt antworten kann? Dämliche ajax.googleapis.com sind bei mir standardmäßig geblockt... :-p
#34
German - Deutsch / Re: Migration von PC auf Sophos XG135
December 13, 2024, 09:45:08 AM
Jupp, if names von der frischen Installation übernehmen, am Besten manuell zuweisen, die Interfaces, dann hast du den genauen Überblick, welches physische Interface welchen Namen hat.
Und mit find die Config nach dem alten Interfacenamen durchsuchen, sollte aber eigentlich wirklich nur diesen eine Treffer jeweils (wie in deinem Beispiel) geben...
#35
German - Deutsch / Re: Migration von PC auf Sophos XG135
December 12, 2024, 09:48:57 PM
Vor dem Einspielen der config.xml die Interfaces händisch im .xml umbenennen. Die Plugins nach dem ersten Boot auf der neuen Hardware dann installieren, deren Konfiguration ist dann ja in derconfig.xml.
#36
Yepp, IPS is not "fire and forget" but I like to get a feeling for what is going on the various levels-of-trust LANs. Warnings/blockings by Suricata give a feeling if some client tries e.g. to resolve fishy domains or contact known malware IPs.

Problems normally originate from the LAN side and IPS should be active on LAN, not WAN, correct.
#37
Quote from: meyergru on November 27, 2024, 10:33:09 AM
,,,: "Operative Hektik ersetzt geistige Windstille".

Operative Hektik verdeckt geistige Windstille. ;-)
#38
Or maybe

System -> Settings -> General -> Networking -> DNS

127.0.0.1
#39
24.7, 24.10 Legacy Series / Re: DNS Over TLS Broken
November 22, 2024, 09:32:05 PM
...works just fine and stable here for years. Why complain?
#40
24.7, 24.10 Legacy Series / Re: DNS Over TLS Broken
November 22, 2024, 08:56:05 PM
I would never use DoT with less than 4-5 servers configured...
#41
Quote from: fastboot on November 22, 2024, 03:28:37 PM
Quote from: chemlud on November 22, 2024, 03:21:37 PM
If I have two different interfaces with different subnets there usually is a good reason for this and therefore all (but very limited) traffic between these two interfaces should be blocked. Yes, it needs a block rule, that's **sense 101 ;-)

Well... I have a lots of different subnets. And for some clients the traffic is surely allowed to reach the LAN, depending on the use case of the VLAN/Subnet. But I was still surpised, that its just routed.
Like already mentioned, this is a OPNsense design then. Because with any enterprise FW you do not have this behavior. For a good reason.

But maybe an additional Help-Text would be good to make this clear.
"Only accept connections from the selected interfaces. Leave empty to listen globally. Use with care."
This is definitely not that clear. At least not to me. Because the initial connection was not coming from the LAN interface ingress.
If you know this behavior, sure its clear then.

If you allow HTTPS to any, I see no good reason why this should not include any random LAN/VLAN in your setup. It might be "surprising", but it's absolutly covered by the general rules of logic ;-)
#42
If I have two different interfaces with different subnets there usually is a good reason for this and therefore all (but very limited) traffic between these two interfaces should be blocked. Yes, it needs a block rule, that's **sense 101 ;-)
#43
General Discussion / Re: Where is the log in prompt!
October 31, 2024, 08:48:22 PM
That's why I proposed booting linux to see which hardware exactly lives in this box... ;-)
#44
General Discussion / Re: Where is the log in prompt!
October 31, 2024, 04:48:59 PM
Serial for serial, VGA if you plan to have a monitor pluged in (from time to time).

Haven't tried recently installing with only one interface.

There should be a login promt at that stage, as can be seen here:

https://docs.opnsense.org/manual/install.html

under "Live Environment"...
#45
General Discussion / Re: Where is the log in prompt!
October 31, 2024, 03:49:50 PM
Try to install your favourite linux (or BSD, if applicable) distro and have a look for the details of the hardware. Post info...