Recent posts

#1
Obviously the Q-Feeds IP blacklist blocks IPs that belong to the Tor network, therefore a connection is not possible.

Only if you enable the obfs4/Snowflake/meek bridge you can connect again with the Tor Browser. Which is much slower than a normal connection.

Maybe an option "Don't block TOR IPs" would be possible in the options, although it's probably hard to differentiate those IPs from other ones.
#2
26.1 Series / Re: [Solved] OpnSense 25.7.11_...
Last post by oldRaven - Today at 04:05:54 PM
I also had to SSH and reinstall the pkg after receiving an upgrade error.   Thanks for all of the hard work.  26.1_4 is running exceptionally well.
#3
26.1 Series / Re: WiFi interface broken afte...
Last post by apraile - Today at 04:03:43 PM
Same here on PC Engines APU2C4 and wle200nx card (Atheros AR9280).
The installation log is available at the following link, in case it is helpful:
https://paste.debian.net/hidden/22cde1ad

Thanks.

#4
26.1 Series / Initialization of RRD files fa...
Last post by snyke - Today at 04:00:55 PM
Hi,

fresh install of 26.1_4, I did some configuration and enabled data gathering for RRDs.

In the syslog I find tons of:

Quote/usr/local/opnsense/scripts/health/updaterrd.php: The command </usr/local/bin/rrdtool create '/var/db/rrd/ntpd.rrd' --step 0 DS:'offset:GAUGE:120:-1000:1000' DS:'sjit:GAUGE:120:0:1000' DS:'cjit:GAUGE:120:0:1000' DS:'wander:GAUGE:120:0:1000' DS:'freq:GAUGE:120:0:1000' DS:'disp:GAUGE:120:0:1000' RRA:'MIN:0.5:1:1200' RRA:'MIN:0.5:5:720' RRA:'MIN:0.5:60:1860' RRA:'MIN:0.5:1440:2284' RRA:'AVERAGE:0.5:1:1200' RRA:'AVERAGE:0.5:5:720' RRA:'AVERAGE:0.5:60:1860' RRA:'AVERAGE:0.5:1440:2284' RRA:'MAX:0.5:1:1200' RRA:'MAX:0.5:5:720' RRA:'MAX:0.5:60:1860' RRA:'MAX:0.5:1440:2284'> returned exit code 1 and the output was "ERROR: step size: value must be positive"

Basically no single RRD is created, of course creation with a stepsize of 0 fails.

Is this a known bug or a feature to save some disk space? ;-)

I don't think/see the bit of configuration I did on top of the fresh install caused this.

After I created all of the databases with a (guessed) stepsize of 60 the errors stopped.

Best wishes

#5
General Discussion / os-adguardhome-maxit
Last post by Monju0525 - Today at 03:54:38 PM
What is the latest version of os-adguardhome-maxit (installed)   1.16? How do I get the latest? How do I upgrade?

fetch -o /usr/local/etc/pkg/repos/mimugmail.conf.new https://www.routerperformance.net/mimugmail.conf
pkg update'''fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
pkg update

#6
26.1 Series / Re: Cannot console upgrade to...
Last post by Monju0525 - Today at 03:37:01 PM
Quote from: Monju0525 on Today at 02:31:35 PM
Quote from: patient0 on Today at 02:06:26 PM
Quote from: Monju0525 on Today at 01:51:18 PM#1
Versions
OPNsense 25.7.11_9-amd64
FreeBSD 14.3-RELEASE-p7
OpenSSL 3.0.18

#2
Yes
See below


Proceed with this action? [26.1/y/N]: 26.1

Hi there,

For over 11 years now, OPNsense is driving innovation through
...
etc,etc,etc
Mmmh that looks good, what key are you pressing at the end of the text, 'q'?

I was selecting enter. When the ':' I enter 'q'. An it is now installing.
Thank u very much!

===
Download links, an installation guide[1] and the checksums for the images
can be found below as well.

Fetching packages-26.1-amd64.tar: ...




Update: via console took about an hour to upgrade to 26.1_4 and the vpn + other packages worked
#7
26.1 Series / Re: Another smooth upgrade exp...
Last post by TheRealDoug - Today at 03:29:26 PM
Also a smooth upgrade experience for me.  Upgraded my lab firewall (virtual on proxmox) on release day and then upgraded my hardware firewall (Protectli VP2430/8GB) this morning without issue.

My hardware appliance took a little bit longer than I expected to reboot and I was getting pretty nervous but it came back up!

I am a pretty new OPNsense user and have been using it full time since November (25.7) and immediately started using Automation rules vs the now legacy rules.  I only had to migrate 4 rules between the two firewalls.  I love the Automation/New Rules and category grouping, it really helps me visualize traffic flow much easier so I don't duplicate rules or have them out of order.


Great work OPNSense team!
#8
26.1 Series / Re: Suricata - Divert (IPS)
Last post by agh1701 - Today at 03:19:06 PM
so, I guess I divert from the wan? What I am looking for is an example rule to start with.
#9
26.1 Series / Re: Suricata - Divert (IPS)
Last post by Monviech (Cedrik) - Today at 03:07:52 PM
https://docs.opnsense.org/manual/firewall.html#divert-to

The divert to can be added to any firewall rule that already exists, also multiple ones, to redirect the traffic to suricata after it matched in the firewall.
#10
You can look into frankenphp which is caddy with php, it should work nicely for web apps (never tried it though).

You can still keep caddy on the firewall and just reverse proxy to the caddy in your dmz.