Recent posts

#1

Hardware and Performance / Re: Starting homelab network -...

Last post by bimbar - Today at 10:50:53 AM

It's one of their weirdest products ever :
- € 200 for the Switch
- € 90 for the adapter

If you can get by with a PoE injector as Patrick suggested, then the non-PoE version of the same switch is the better deal.  But at that point the Mikrotik with its 8x 2.5GbE ports is practically begging, even with the fan.

And add to that Netgear and HPE switches.

I haven't tried the professional Netgear switches and I do expect better of them, but I had a terrible experience with a cheaper Netgear smart switch and had to return it.  It was leaking RAs across the VLANs.

We've had terrible experiences with professional Netgear switches regarding port speeds and compatibilities. Even if it works, for the homeuser Netgear switches the interface is terrible.

HPE Aruba might be on the expensive side.

#2

26.1 Series / The upgrade was aborted due to...

Last post by eric_zrgoq14k - Today at 10:12:18 AM

Hi,

I've tried updating to 26.1 in the console.
After fetching the packages etc, I got the message: "The upgrade was aborted due to an error."
I am left in the dark here, because I don't know what the error is.

Console output:

Fetching packages-26.1-amd64.tar: ......................... done
Fetching base-26.1-amd64.txz: ...... done
Extracting packages-26.1-amd64.tar... done
Extracting base-26.1-amd64.txz... done
Please reboot.
>>> Invoking upgrade script 'sanity.sh'
Passed all upgrade tests.
>>> Invoking upgrade script 'isc-dhcp-plugin.sh'
Skipping already installed legacy ISC-DHCP plugin...
>>> Invoking upgrade script 'cleanup.sh'
The upgrade was aborted due to an error.

*** OPNsense.localdomain: OPNsense 25.7.11_9 (amd64) ***


Cheers, Eric

#3

26.1 Series / Re: WiFi interface broken afte...

Last post by hakuna - Today at 09:20:02 AM

After getting it to work with a lot of effort only to have it break again after not even a day when updating I consider the wlan support so broken that I am ready to give up and look for a more stable solution and use an external access point.

This is a common bad decision, using one device for everything ( many with me included have been there ), if it dies or issues, there goes the entire network.

Like Seimus recommended, I have an Asus RT-AX53U running openwrt for years now.
You set it and forget, the latest release is 24.10.5 but if you few up to some adventure, you can get snapshot or RC images.

#4

26.1 Series / Re: Anti-Lockout Rule (Destina...

Last post by Patrick M. Hausen - Today at 09:19:16 AM

I had a rule exactly like this for interface "enc0" in my export which I needed to delete manually before migrating. No idea what the cause of this might be atm.

Same here. That specific rule was "hidden" before - I was unable to find it in the old rules under 26.1., but apparently, it was exported.

Since I did use IPsec and I did have an "allow all" rule on that tunnel years ago, I suspect I just removed the VPN configuration and the rule was left orphaned in the configuration.

#5

26.1 Series / Re: Anti-Lockout Rule (Destina...

Last post by meyergru - Today at 09:15:23 AM

I had a rule exactly like this for interface "enc0" in my export which I needed to delete manually before migrating. No idea what the cause of this might be atm.

Same here. That specific rule was "hidden" before - I was unable to find it in the old rules under 26.1., but apparently, it was exported.

[THE GOAL:]

#6

26.1 Series / Support to fwknop port knockin...

Last post by hakuna - Today at 09:08:42 AM

I did the upgrade last night to OPNsense 26.1_4 and everything went smooth.
Tonight I did the firewall rules upgrade and like many posts I was like "where are the rules??" after importing it over and over with no progress or anything really \o/


THE GOAL:
The above was necessary to do things right, once!
I do have WireGuard VPN, scanning access from my phone returns nothing and the firewall live log does show Default deny / state violation rule.

I wanna spice the relationship a bit and set the port knocking but....
I cannot find any os-fwknop plugin (or fwknop like openwrt), online forums didn't help much, the official documentation has zero mention of "port knocking" - https://docs.opnsense.org/index.html

Doesn't OPNSense support fwknop instead of the legacy way opening two more ports (assuming that works)???
I don't wanna do the weaker legacy way.

Thank you

#7

26.1 Series / Re: WiFi interface broken afte...

Last post by franco - Today at 08:53:23 AM

Are you referring to this commit? https://github.com/opnsense/core/commit/7e93cdb63f030

I'm not catching the error in either, which doesn't mean it's not there.

Might be worth checking the system log file as well for "ifconfig" failures.


Cheers,
Franco

#8

26.1 Series / Re: Schedules don't work for f...

Last post by franco - Today at 08:46:23 AM

Yep, see https://github.com/opnsense/core/issues/9690


Cheers,
Franco

#9

26.1 Series / Re: Imported redirect/associat...

Last post by franco - Today at 08:45:35 AM

I checked legacy associated rules in the config.xml and they appear to have source and destination. I export them and the CSV has source and destination.

Can you check on your end where the data goes missing? I don't see a lot of potential for losing the values since the CSV is the same structure for all rules.


Cheers,
Franco

#10

26.1 Series / Re: Suricata - Divert (IPS)

Last post by franco - Today at 08:37:35 AM

My understanding is no. No application on divert socket = no traffic passing through.


Cheers,
Franco