"Recent posts
#1
26.1 Series / Re: I'm getting "SSH Key misma...
Last post by nero355 - Today at 03:12:46 PMIMHO you should let the OpenSSH Server Keys simply be what they are and only take care of your own OpenSSH User Private/Public Keys.
I can remember upgrading FreeBSD in the past via the whole /usr/src/ and /usr/ports/ procedure and then from time to time you had to supply some random keystrokes to OpenSSH Server during the first boot after it was upgraded and I was perfectly fine with that! :)
Sometimes there also security related reasons for regenerating the keys, so if your Server does it then consider it on the Client side too !!
This is a story from the FreeBSD 4/5/6 era but it still applies today IMHO when it comes to the security aspect of it!
I can remember upgrading FreeBSD in the past via the whole /usr/src/ and /usr/ports/ procedure and then from time to time you had to supply some random keystrokes to OpenSSH Server during the first boot after it was upgraded and I was perfectly fine with that! :)
Sometimes there also security related reasons for regenerating the keys, so if your Server does it then consider it on the Client side too !!
This is a story from the FreeBSD 4/5/6 era but it still applies today IMHO when it comes to the security aspect of it!
#2
German - Deutsch / Re: Squid - Access Control Li...
Last post by myperl - Today at 03:10:50 PMMeine Konfiguration habe ich jetzt unterhalb von /usr/local/etc/squid/pre-auth abgelegt. So wird sie zumindest nicht mehr überschrieben.
#3
General Discussion / Re: VLANs with multiple switch...
Last post by nero355 - Today at 03:04:15 PMQuote from: strangerinusall on Today at 06:08:10 AMThis one does have SSH access, and I presume that would have been easier, but I felt there were more chances I would mess something up this way. Certainly if you're comfortable to syntax then that's a way to go.Good to know! Thnx! :)
QuoteHere we go:Is this now A or B ?
The whole 'Administrative VLANs vs. Operational VLANs' thing still seems to have no exact purpose by the looks of it ?!
#4
Zenarmor (Sensei) / Re: update to 2.4.2 hangs
Last post by dirtyfreebooter - Today at 03:01:41 PMQuote from: sy on Today at 02:53:58 PMHi,
- @dirtyfreebooter, Regarding the speed issue, we will check the update server for any slowness. You should not experience any problems at the moment.
- @RutgerDiehard, Concerning the interrupted update issue, could you please share a report using the "Have Feedback" option located in the bottom-left corner of the UI?
i just let it sit there and after 40+ minutes, it finally finished and completed the install. today i tried downloading with curl and the speed has returned. i am sure it was just some networking issue *shrug*
Code Select
$ curl https://repo.zenarmor.net/opnsense/FreeBSD:14:amd64/25.10/latest/All/os-sensei-2.4.2.pkg
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 111.6M 100 111.6M 0 0 88.92M 0 00:01 00:01 82.40M #5
Zenarmor (Sensei) / Re: update to 2.4.2 hangs
Last post by sy - Today at 02:53:58 PMHi,
- @dirtyfreebooter, Regarding the speed issue, we will check the update server for any slowness. You should not experience any problems at the moment.
- @RutgerDiehard, Concerning the interrupted update issue, could you please share a report using the "Have Feedback" option located in the bottom-left corner of the UI?
- @dirtyfreebooter, Regarding the speed issue, we will check the update server for any slowness. You should not experience any problems at the moment.
- @RutgerDiehard, Concerning the interrupted update issue, could you please share a report using the "Have Feedback" option located in the bottom-left corner of the UI?
#6
26.1 Series / SNAT to multiple openvpn inter...
Last post by bimbar - Today at 02:40:23 PMSo I have several openvpn interfaces on the firewall in question, let's say
ovpnc1 10.172.192.3/24 (the address being pushed by the server)
ovpns2 172.28.1.1/30 (being chosen by me)
So no I have the necessity to do SNAT on ovpnc1, because there is not necessarily a return route on the other side, but the only interface I can choose is "openvpn" and the only mode it goes to is:
nat on openvpn inet from any to <SOME NETWORK> -> (openvpn:0) port 1024:65535 round-robin
That means it chooses the 172.28.1.1 address in 50% of cases, so it works half of the time. I can statically SNAT this, but there is no guarantee the address I'm being pushed is static.
Surely there's some way to do this I haven't found?
ovpnc1 10.172.192.3/24 (the address being pushed by the server)
ovpns2 172.28.1.1/30 (being chosen by me)
So no I have the necessity to do SNAT on ovpnc1, because there is not necessarily a return route on the other side, but the only interface I can choose is "openvpn" and the only mode it goes to is:
nat on openvpn inet from any to <SOME NETWORK> -> (openvpn:0) port 1024:65535 round-robin
That means it chooses the 172.28.1.1 address in 50% of cases, so it works half of the time. I can statically SNAT this, but there is no guarantee the address I'm being pushed is static.
Surely there's some way to do this I haven't found?
#7
26.1 Series / Re: Wireguard configuration wi...
Last post by vimage22 - Today at 01:29:31 PMYes, create a normalization rule.
#8
Zenarmor (Sensei) / Re: Zenarmor performance @ Int...
Last post by Seimus - Today at 01:21:01 PMCorrect, the MultiCore is still not available for ZA.
Correct, the Multicore if released will be most likely a paid feature (Higher paid tiers) per the roadmap. Even tough several times people asked ZA to clear this point they did not. and only side tracked the question. But assuming whats on the roadmap this looks like the case.
I have one with 2x10G AQ NICs + 4x2.5G i226V, and its rock solid. Still looking for a good 10G switch option thou....
Regards,
S.
Correct, the Multicore if released will be most likely a paid feature (Higher paid tiers) per the roadmap. Even tough several times people asked ZA to clear this point they did not. and only side tracked the question. But assuming whats on the roadmap this looks like the case.
Quote from: Greg_E on March 26, 2026, 02:33:50 PMI'm looking at an n355 device for my next hardware, something with at least 6 i226 ports and maybe trade a couple for some SFP+ (10g lan to lan would be NICE).
I have one with 2x10G AQ NICs + 4x2.5G i226V, and its rock solid. Still looking for a good 10G switch option thou....
Regards,
S.
#9
26.1 Series / Re: Hide items from menu(s) / ...
Last post by Greelan - Today at 12:51:16 PMQuote from: sopex8260 on Today at 12:41:07 PMIn my opinion, the biggest problem with the menu is that you can "middle click" to nothing. If you have not reached the last level of the menu with the actual settings...
Not sure I understand what you mean by this?
#10
26.1 Series / Re: Hide items from menu(s) / ...
Last post by Greelan - Today at 12:49:42 PMQuote from: sopex8260 on Today at 12:41:07 PMDisabling automatic menu collapsing in my mind would quickly lead to a monstrosity.
I agree - I would never use the toggle xD
