Messages

121

Zenarmor (Sensei) / Re: 1.17.6 update problem

« on: August 06, 2024, 10:39:54 pm »

That's the same version of OPN that I'm on. I'm using an Intel Xeon E3-1230v5 with 16gb of ram if that matters.

Have you tried a reboot to see if anything is recovered when it comes back up?

Did you try to update from the Zenarmor dashboard or through the system like I ended up doing?

Have you looked in system --> firmware --> packages and tried to reinstall the two Sensei packages? I'm not sure if you can uninstall the packages and then reinstall them and keep your settings.

Kind of out of ideas after that.

122

Zenarmor (Sensei) / 1.17.6 update problem

« on: August 06, 2024, 08:39:35 pm »

This is mostly an FYI.

I noticed today that the dashboard in Zenarmor said there was an update, so I clicked on the button to start this process... It never went farther than 30%, after about an hour, I went to system --> firmware --> status and checked for updates. This found the 1.17.6 update and was able to get this installed.

I know the Zenarmor Dashboard way has worked for me in the past, but not today.

I'm running current Business version of OPN.

123

General Discussion / Re: Proper way to delay boot up

« on: August 06, 2024, 05:24:50 pm »

Not what any of us would want (because of $), but what about a programmed PDU to turn the power back on after the time elapses?

Is there a delay in the BIOS that you can set? Maybe how long the BIOS function keys are displayed? I've done this in the past when I needed something to wait 2 minutes before loading the OS, but I don't think too many of my current servers even support this anymore.

I don't think there is a setting in the OPN config file for this, which is why it keeps getting written over during an update. And from my point of view, this isn't really a strange request, I try to do this with my VMs so that they don't all try to boot at the same time and drag the disk array down to a crawl.

124

General Discussion / Re: 2 hour delay

« on: August 06, 2024, 05:11:26 pm »

Can you grab a screen shot?

125

24.7 Production Series / Re: No serial port - Console Access using USB?

« on: August 06, 2024, 03:09:15 pm »

You will probably need a null-modem coupler between the two serial connections, especially since they will likely both have the same connector on the end.

126

Hardware and Performance / Re: Wifi 6 mini pcie cards?

« on: July 19, 2024, 10:20:37 pm »

I would trust what they have said, again I've tried and failed so I'm just at the point where it won't work for me or I might be doing it for some odd cases I have once in a while. I bought a cheap GLi-net router for those odd cases, which is not at all wifi6 as I don't need that kind of speed.

If you want to challenge their advice, you are going to need to build it and show us that it can be done. Yes you are right in that a 2021 paper on wifi6 is probably not current, but I'd guess it also hasn't changed a huge amount as we do need to stick to standards. And every single device beyond the first is going to pull down those speeds, the airwaves are shared.

127

Hardware and Performance / Re: Sophos SG 310 Rev. 1 vs Intel(R) N5105 @ 2.00GHz (4 cores)## NAT Performance

« on: July 18, 2024, 07:23:29 pm »

For peace of mind, I'd probably go with something more powerful and at least 16GB of RAM. An N300 would probably be good (if buying new), if buying used, look for something with an Intel i3 or i5 9th generation or newer processor, or comparable AMD processor or comparable Xeon processor, something with 8 threads (or more). Supermicro x10 or x11 series main board would be a good choice the Xeon E3-1230v5 that I have in my x11 based system would probably handle this, and maybe even do it with Zenarmor running (maybe).

Part of the question will be if you are going to run IDS/IPS, Zenarmor, Crowdsec, etc. Zenarmor specifically wants the fastest processor clock you can get for high throughput, a recent thread says an Intel i3-14100 will handle 2.5gbps with Zenarmor running.

Other people will probably tell you that at only 300mbps connection, an n100 or n5105 would be fine. But it sounds like there could be money at stake here (an event of 300-500 people), I would error on the side of too much performance to give a little safety net.

Only other advice I'd give is make sure you use an Intel NIC for the wired connections, an i350 would be fine for this use case. The Realtek might be OK, but in the end when I bet my paycheck, I go with Intel because it is almost definitely supported (i350 is definitely supported).

128

Hardware and Performance / Re: Wifi 6 mini pcie cards?

« on: July 18, 2024, 07:07:25 pm »

I have a couple Mikrotik products in production, I like them even though I'm not really using all the features. I keep thinking of phasing out my old Cisco stuff and going with Mikrotik as the replacement, this is all lab stuff and working with Cisco is an ever diminishing return as I get closer to retirement age.

129

Hardware and Performance / Re: Wifi 6 mini pcie cards?

« on: July 18, 2024, 04:19:47 pm »

OK, I'll ask this. Suppose I buy an ax version AP like this one https://mikrotik.com/product/cap_ax ... Why does it need all of the router OS to run it if the firewall/router is handling all the vlans and stuff? This is an area that I just haven't need to get into.

As far as learning router OS, there are a few good books on Amazon, and if you get the Kindle version they can be pretty cheap. Not sure how many have been updated to RouterOS 7 yet, but I'm guessing v6.x is close enough for learning the ropes.

130

Zenarmor (Sensei) / Re: Upgraded to Fiber 2.5 at home

« on: July 18, 2024, 04:11:29 pm »

It will be nicer when we have the multithreaded version. Just want to make sure that this isn't forgotten. 

How are other functions working on that processor? I'm just thinking about my next hardware step and keeping options open. Probably going with OPNsense hardware, but I may need to build my own again. On my E3-1230v5 with 16gb of ECC ram, I get around 600-700 mbps download with ZenArmor, IDS/IPS, and Crowdsec all turned on, we have a 1gbps connection to the web that often does show a real gigabit speed without all the filters.

131

Intrusion Detection and Prevention / Re: Can't download rules and enable IDS

« on: July 18, 2024, 04:03:29 pm »

You just need to enable the rule first, then you can download it and edit it later. That caught me when I went from testing to production hardware and free to Business and I forgot I have to enable the rule before it would download.

It does kind of make sense, no reason to download a rule if it isn't going to be enabled to alert or drop, this helps prevent the rule list from being really big, which should improve scanning time.

132

General Discussion / Re: Dell 7070 Micro Build

« on: July 17, 2024, 03:56:36 pm »

You are connecting the PC directly to the Realtek NIC? If so you may need to try using a crossover cable, not all of the modern cards support auto MDI/MDIx like a switch will. There is also an alternate Realtek driver that you load through the packages section in the GUI, the hard part is getting to that GUI if the port isn't working.

Alternate is to connect a switch to that LAN port, and then connect your computer to the switch and see if it gets a connection. Any cheap 5 port switch should do what you need here. If the light on the switch doesn't light, then you know the card is either defective, or a drive doesn't load.

Second alternate, load a linux live disk and make certain that the m.2 card is really working by connecting it to a network.

Last thought is see if you can connect and configure a USB ethernet adapter, you might be able to use it to get into the GUI and gather more info about that m.2 card.

And if you figure it out, please post the solution, I have a couple of mini-pc that I'd like to try this with, most of these don't need the wifi and an extra wired port would be nice to have.

133

Hardware and Performance / Re: What NICs are recommended for 1Gbps symetric PPPoE on a virtualized OPNSense

« on: July 16, 2024, 09:21:39 pm »

Just look at this table from the I210 datasheet and the ranks are:

• I350
• I210
• I211
• 82574

Where does i225 and i226 fit in that chart, prices between i350 and i225/226 are not that different, especially used. Yes I know i225/226 are 2.5gbps, but they handle gigabit just fine too.

134

Hardware and Performance / Re: Wifi 6 mini pcie cards?

« on: July 16, 2024, 09:19:32 pm »

I am probably wrong, but I don't think every wifi card can be an AP, I think they may have special firmware. Someone please correct me if I'm wrong so I can maybe make use of this too.

I've tried making the included wifi card in my old HP T620 into an AP, and I don't remember being successful. That was with pfsense though, so maybe a difference. I might have also tried this with an AWOW J4105 mini-PC and suffered the same failure, but that would have again been PF.

135

Hardware and Performance / Re: Intel Ultra 5 125H Processor - anyone tried OPNSense on one of these

« on: July 16, 2024, 09:16:09 pm »

I hope you took my advice about the CPU, since the 13th gen also seem to be unstable as hell.

And 14th gen too, which is what I recently rolled out into a classroom... I'm hoping I get the updated version that Intel is shipping for replacements. These were purchased in May, HP Z2 with i7-14xxx which I'm told are really just i9-13xxx with a new name and probably some bad cores logically turned off. Gamer's Nexus has been making videos about this Intel issue, jump on Youtube and give them a watch if you haven't yet.

Sometimes using old leftover hardware has advantages, my production machine is running a Xeon E3-1230v5 that has already proven to be stable. I'll get a couple more years out of it before pushing to buy a DEC2770 (or whatever is current in that level of performance).