Recent posts

#1
Quote from: Richard090969 on Today at 05:59:16 PM... whether an upgrade would noticeably improve protection
That is not something I am able to test specifically. Improved protection through increased frequency of update is something I have to assume without measurement of practical difference. However, I have found that the ability to look up IPs can be useful, including getting a site unblocked by qfeeds after some review. I subscribed to qfeeds Plus at an early stage, and have uninstalled crowdsec.
#2
26.1 Series / Re: Upgrade to 26.1.3 - my fir...
Last post by drosophila - Today at 11:39:07 PM
The reserved 5% on Linux ext4 is for the system so that ordinary users cannot fill up the drive and thus the OS can still operate and root can install stuff. The problem is that updates always are done by root (who is fully entitled to these 5%), so if root fills these up, be it through an update or otherwise, they're gone. On ext4 this isn't for the FS to remain usable, ext doesn't run into any issue when it fills up. ZFS is the only one I've ever been made aware of having this odd problem. Obviously its benefits outweigh these shortcomings, at least for corporate storage servers. On a data pool, this is easily avoided by having only normal users use it for storage (remote root access always is bad even without this). Obviously, this cannot be avoided with RootOnZFS.
#3
26.1 Series / Re: Upgrade to 26.1.3 - my fir...
Last post by OPNenthu - Today at 11:28:46 PM
Thank you.  I just took the advice there and reserved 250GiB for the root dataset and children in TrueNAS.
#4
The tunnel address you assign to the "road warrior" device "dialing in".
#5
26.1 Series / Re: Upgrade to 26.1.3 - my fir...
Last post by Patrick M. Hausen - Today at 11:13:41 PM
/sys/module/zfs/... does not exist on FreeBSD.

https://forums.truenas.com/t/zfs-pool-ko-after-filling-at-100/57356/9
#6
26.1 Series / Re: Upgrade to 26.1.3 - my fir...
Last post by nero355 - Today at 10:51:19 PM
Quote from: Patrick M. Hausen on Today at 10:19:40 PMWe had multiple incidents of unrepairable pools over in TrueNAS land. Once it's 100% full it's toast.
IMHO that should not be possible unless someone did some very weird things with the value mentioned above and set it to 0 somehow ??

What is the default value for OPNsense installs when OpenZFS is chosen ?
#7
General Discussion / Re: Internet access problems
Last post by nero355 - Today at 10:47:43 PM
Quote from: Jebecca on Today at 09:19:39 PMISC DHCPv4 Server and Dnsmasq DNS/DHCP are running.
AFAIK you can not run those at the same time ?!
#8
General Discussion / Re: Opnsense DOSing upstream D...
Last post by nero355 - Today at 10:44:38 PM
Quote from: gardener on Today at 08:54:40 PMI think pihole caches.
Pi-Hole's FTLDNS (which is DNSmasqd with additional features!) ofcourse caches everything it processes, but only for the length of the TTL of a specific A/AAAA/SRV and all other DNS Records.

So if you want 20 or 40 minutes for certain records you will have to add some DNSmasqd magic to your pihole.toml file for all the DNS Records that need to be remembered longer !!

My guess is that the new feature called HostWatch is doing nasty things so try disabling it and see what happens afterwards :)



But the real question is : Why does your OPNsense query Pi-Hole at all ?!
IMHO you should only give the Pi-Hole DNS IP Address to your DHCP Clients and nothing more than that!
#9
@Patrick M. Hausen What do you mean by " only the IP address of the system connection goes into "AllowedIPs" ? The Adress of the Firewall itself ? So the lokal IP Adress? Or do you mean my public IP ?

@vimage22 Are you sure? In the tutoral they said that those fields must be blank in the Peer Gererator. Only when you create a manuel peer you should put these information in
#10
Quote from: computer_freak_8 on March 08, 2026, 08:27:21 PM- Problem #2 is that OPNsense does not seem to accept a WireGuard VPN connection from an endpoint that's on the same subnet as the interface accepting it. So, for example, the HomeLab instance, when the ISP_C range is (for example) 70.0.0.5/24, then it cannot accept any connections from 70.0.0.6/24, because it's in the same subnet.
Sounds like : https://docs.opnsense.org/manual/firewall_settings.html#disable-reply-to ?!

But I have no idea what other effects it will have on your setup since I don't use Multi-WAN or any VPN so it's up to you to figure that out :)