"Recent posts
#1
26.1 Series / Just updated - hangs on boot t...
Last post by panda39 - Today at 08:30:03 PMHi everyone,
I just updated and it's stuck on boot and I saw that on the screen while trying to boot. I've waited 15 minutes and I've waited 10 minutes, but all it keeps getting stuck there.
I don't know how else to troubleshoot this.
I just updated and it's stuck on boot and I saw that on the screen while trying to boot. I've waited 15 minutes and I've waited 10 minutes, but all it keeps getting stuck there.
I don't know how else to troubleshoot this.
#2
Intrusion Detection and Prevention / Re: Adding IPv6 private addres...
Last post by Patrick M. Hausen - Today at 08:14:41 PMfc00::/7 is ULA, not link local.
#3
Intrusion Detection and Prevention / Re: Adding IPv6 private addres...
Last post by JamesFrisch - Today at 07:55:51 PMLink local IPv6s fe80::/64 don't need blocking, since they won't be routed anyway.
However, I did add my static /48 prefix I got from my ISP to my "local Network" alias, so that traffic to other VLANs is blocked.
However, I did add my static /48 prefix I got from my ISP to my "local Network" alias, so that traffic to other VLANs is blocked.
#4
General Discussion / Re: AmneziaWG on OPNsense and ...
Last post by RamSense - Today at 07:54:31 PM+1 i'm curious about the developments also. This is very useful when using an open wifi, e.g. at the airport, and not being able to use a vpn on it to securely connect to your home devices, email etc.
#5
26.1 Series / Re: Update from 26.1.3 to .4 h...
Last post by Baxajaun - Today at 07:40:45 PMHi !!!
Yesterday i updated from 26.1.3 to 26.1.4 without problems. All was OK.
Best regards,
Yesterday i updated from 26.1.3 to 26.1.4 without problems. All was OK.
Best regards,
#6
Intrusion Detection and Prevention / Re: Blocking traffic by geogra...
Last post by Diggy - Today at 07:13:49 PMQuote from: Patrick M. Hausen on Today at 07:03:33 PMYou do not need IDS/IPS for that, nor a special plugin. GeoIP aliases are supported in standard firewall rules.
Set up a free account with MaxMind or IPinfo, navigate to Firewall: Aliases: GeoIP settings, follow the documentation:
https://docs.opnsense.org/manual/aliases.html#geoip
Thank you for the fast and thorough response. I will definitely check it out.
#7
Intrusion Detection and Prevention / Adding IPv6 private address ra...
Last post by Diggy - Today at 07:12:07 PMWe are using private IPv6 addresses along with IPv4 addresses on our local network. I noticed that the IPv6 range "fc00::0/7" is not included in the default Home Networks list. Why? Does "Home Networks" not apply to IPv6? Are there any special considerations when adding "fc00::0/7" to the Home Networks list?
In advance, thanks for guidance on this matter.
In advance, thanks for guidance on this matter.
#8
German - Deutsch / Re: MSS Clamping IPv4 / IPv6
Last post by bamf - Today at 07:10:40 PMQuote from: Monviech (Cedrik) on Today at 01:50:27 PMAnsonsten in "Firewall: Settings: Normalization" bei einer Normalisierungsregel als "Protocol -> IPv6" wählen anstatt TCP.
Da wäre ich nicht drauf gekommen, in der Liste der Protokolle nach IPv6 zu suchen. Genau das wars, jetzt passt alles. Danke!
#9
Web Proxy Filtering and Caching / Chrome 146.0.7680.72 does not ...
Last post by obrad - Today at 07:10:23 PMHello,
I use Squid Transparent Proxy with "Transparent HTTP proxy" and "Enable SSL inspection" options enabled.
I updated OPNSense to version 26.1.4.
After updating Chrome to version 146.0.7680.72 it no longer accepts the OPNsense-SSL certificate.
Old Chromes below version 146 accept the OPNsense-SSL certificate and go online normally.
For now, Firefox and Edge are working normally.
Is the problem also related to the new version of OPNSense 26.1.4, or is some problem predicted with the new version of Chrome 146.0.7680.72 which for some reason no longer accepts the Squid certificate?
Do you have any idea what happened?
I use Squid Transparent Proxy with "Transparent HTTP proxy" and "Enable SSL inspection" options enabled.
I updated OPNSense to version 26.1.4.
After updating Chrome to version 146.0.7680.72 it no longer accepts the OPNsense-SSL certificate.
Old Chromes below version 146 accept the OPNsense-SSL certificate and go online normally.
For now, Firefox and Edge are working normally.
Is the problem also related to the new version of OPNSense 26.1.4, or is some problem predicted with the new version of Chrome 146.0.7680.72 which for some reason no longer accepts the Squid certificate?
Do you have any idea what happened?
#10
26.1 Series / Re: CALL FOR TESTING: Kea DDNS...
Last post by Monviech (Cedrik) - Today at 07:05:19 PMHello Maurice,
thank you for considering testing this. I really like how helpful you are in general.
About os-bind on OPNsense, I want to avoid dragging it into this as it's a Tier 3 community plugin. Spending effort on it is not my current intention due to scope reasons.
A standalone authoritative ISC BIND server that runs on the standard DNS port is my current requirement (or PowerDNS using the bind config adapter).
thank you for considering testing this. I really like how helpful you are in general.
About os-bind on OPNsense, I want to avoid dragging it into this as it's a Tier 3 community plugin. Spending effort on it is not my current intention due to scope reasons.
A standalone authoritative ISC BIND server that runs on the standard DNS port is my current requirement (or PowerDNS using the bind config adapter).
