Recent posts

#1
26.1, 26,4 Series / Re: Unbound reporting stop wor...
Last post by nero355 - Today at 06:44:11 PM
Quote from: wincent on Today at 03:33:39 AMI have no idea if I can replace the Checkpoint equipment CPU manually.
I also have a brand new Checkpoint 4600(serving as a cold backup), and I can give it a try to upgrade its CPU.
I think a lot of Intel Atom and ARM based AArch64 SoCs are waaaaay faster and consume less power by now :)
#2
Quote from: Greg_E on Today at 05:41:49 PMI ended up with a Protectli box, everything else was just too much money.
This isn't cheap either IMO =>
QuoteOnly an i5 4c/8t and 16gb of RAM
About $900usd
:o
Quotewhich seems kind of high for what you are really getting, but in the 5 days between quote and request, the price of ram went up again.
What does 16 GB RAM cost then these days ?!

Buying used hardware might be the better option if you can score a good deal...
#3
General Discussion / Re: Hello all! And thank you ...
Last post by nero355 - Today at 06:37:35 PM
Quote from: donkeydiq on Today at 05:15:15 AMIts just frusterating when i watch 100 youtube videos and these folks are getting it up and running in 10 minutes.
That's because they have a lot of knowledge about the theoretical part behind all the pieces of the puzzle :)

I have setup Proxmox + pfSense + A shitload of VMs attached to the LAN side of the pfSense VM without reading any kind of documentation a very long time ago, but that's because I understood what I was doing and if you don't have that knowledge... then... well... you need to get it somehow...

Simply don't rush things and don't get frustrated when doing things like this for the first time : It's normal to have to start all over from zero again many times! ;)
#4
26.1, 26,4 Series / OPNSense not able to re-claim ...
Last post by Afif - Today at 06:19:17 PM
Hi,
I have a strange issue where memory fill up very quickly and then swap get running out of space error causing the system/router crashed. This has been happening since last year and I have to reboot every 2 days before my whole network down. I tried to reduce the RAM from 16G to 4G (I thought it was required more RAM but the issue still happening but it delays the system crashed up to 1 weeks) and add 2G to swap (enabled in settings). I also reduce the plugins and the issue is still there. I also tried to deploy from scratch and import the config but the issue still persist. I attached my system log and I don't have any clue what was causing this, So I need your advice/help on this. Thanks in advance.

Regards,
Afif
#5
Zenarmor (Sensei) / Re: Provide firm date on multi...
Last post by Greg_E - Today at 05:43:17 PM
I wasn't thinking about it as logically assigned, that makes sense to just logically limit to a single thread.
#6
Hardware and Performance / Re: quad interface fierwall PC...
Last post by Greg_E - Today at 05:41:49 PM
I ended up with a Protectli box, everything else was just too much money. Only an i5 4c/8t and 16gb of ram, but I think I do get dual boot drives which will be nice. About $900usd which seems kind of high for what you are really getting, but in the 5 days between quote and request, the price of ram went up again.
#7
General Discussion / Re: Crowdsec Observations
Last post by ruzamai - Today at 05:14:48 PM
Let's take a real life scenario.

On ipv6 only, port 443, I have a Drupal website. This website is behind Opnsense at network level, firewalld at server level, then an application firewall built in Nginx.

At the network level Opnsense firewall I have open source blocklists that rarely block anything anyway not already blocked but give me insight and interesting logs.

The network firewall also blocks all ASNs of known scanners, from a dynamic list.

Server level - firewalld, 443 open tcp/udp.

Application firewall:

All HTTP/0.9/1.0/1.1 queries blocked. If you speak HTTP/2 I am your friend.

All WordPress query strings and paths blocked. All unsavoury user agents blocked.

What can Crowdsec now offer me?
#8
26.1, 26,4 Series / Re: WireGuard not starting cor...
Last post by cds - Today at 03:14:22 PM
Quote from: franco on April 21, 2026, 02:35:27 PM> Devs will say: Wrong config, will break some day.

No, but what we're saying is:

> "Name does not resolve: `xx.yyy.de:51820'

That's a DNS error. No dev can reasonable resolve xx.yyy.de for you.


Cheers,
Franco

xxx.yyy.de of course is a valid URL - just removed here ---
#9
26.1, 26,4 Series / Re: OPNSense forwarding packet...
Last post by ChristopherL - Today at 12:07:18 PM
Logically its a flat layer 2 network, with the two firewalls, the hosts and the gateways all connected to some Cisco switches running spanning tree.

So effectively:
border-routera   border-routerb   dmzhosta    dmzhost<x>
      |                 |            |           |
      --------------------------------------------
            |               |              |
         office-fwa    office-fwa       dmzhostb
The default gateway for everything points at a VRRP address shared between border-router1 and border-router2.
The office firewalls run CARP, and the border routers and the hosts have routes to the office-fw1 address ranges pointing at the CARP address.
#10
It looks like it might have been an isolated issue that you had.

Glad you could resolve it. I also run two OPNsense (2x DEC750) in community version in HA, and I update them frequently. I didn't have issues yet, I mostly do this to catch issues like these early as well.