"Recent posts
#1
26.1, 26,4 Series / Odd MAC address changes report...
Last post by really_lost - Today at 05:46:47 PMThis is not causing any issues. I just find it interesting. SNMP monitoring is reporting MAC address changes on remote devices. ARP on opnsense box does NOT show the same.
I've got an observium instance on a proxmox VM that pulls data from a number of systems, including opnsense. The opnsense box has multiple physical interfaces. I'm certain this is an snmp bug, whether on the opnsense side or possibly the observium side.
So, let's say a MAC address is aa:bb:cc:dd:ee:ff. SNMP from opnsense is reporting 3 different MAC addresses over the course of weeks:
Not all changing MAC's show all three patterns. Not all devices show changing MACs. I do see changing MACs on all five NICs.
Currently, my observium instance reports my ISP router MAC as changing from the first form to the last on the list five hours ago. An arp (both via GUI and commandline) reports the correct MAC.
Again, this is not a big deal. I'm not even looking for a fix. I am curious if anyone has seen anything similar?
I've got an observium instance on a proxmox VM that pulls data from a number of systems, including opnsense. The opnsense box has multiple physical interfaces. I'm certain this is an snmp bug, whether on the opnsense side or possibly the observium side.
So, let's say a MAC address is aa:bb:cc:dd:ee:ff. SNMP from opnsense is reporting 3 different MAC addresses over the course of weeks:
- aa:bb:cc:dd:ee:ff
- 00:bb:cc:dd:ee:ff
- aa:00:00:00:00:00
Not all changing MAC's show all three patterns. Not all devices show changing MACs. I do see changing MACs on all five NICs.
Currently, my observium instance reports my ISP router MAC as changing from the first form to the last on the list five hours ago. An arp (both via GUI and commandline) reports the correct MAC.
Again, this is not a big deal. I'm not even looking for a fix. I am curious if anyone has seen anything similar?
#2
General Discussion / Re: How many network cards doe...
Last post by nero355 - Today at 05:35:36 PMQuote from: lilsense on Today at 12:23:25 PM"OPNsense on a stick"Better than a jalapeño on a stick I guess :P
LOL
#3
General Discussion / Re: Roku DNS storm is impactin...
Last post by nero355 - Today at 05:33:10 PMQuote from: lilsense on Today at 12:13:36 PMNo smartTV should be on anyone's networkMWAHAHAHA!!!!! "It's funny because it's true!" :P
#4
General Discussion / Re: newbie trying to set up ne...
Last post by nero355 - Today at 05:26:35 PMQuote from: OPNenthu on Today at 05:02:59 AMSupposedly you can set it up easily from your phone with just the app making it basically plug & play. I haven't tried that method.Just... Don't.
I lost count of the number of times people were messing around with that thing and I always had to tell them :
- Use the UniFi Controller.
- Also use a nice PC or Laptop with a regular browser to access the webGUI.
And suddenly all the issues were solved like some kind of miracle! LOL!
All those phones and tablets and their stupid apps have really ruined this world... :'(
#5
High availability / Re: Updating backup instance
Last post by franco - Today at 05:20:58 PM> fetch: /usr/local/opnsense/changelog/changelog.txz.sig appears to be truncated: 0/1332 bytes
Usually a sign of DNS timeouts.
Usually a sign of DNS timeouts.
#6
Hardware and Performance / Re: Sanity check for N100 / i2...
Last post by nero355 - Today at 05:20:28 PMQuote from: pfry on Today at 02:03:29 AMI have an AMD B650 systemIMO those things should not exist in the first place :
The Mainstream CPUs and Chipsets are soo crippled compared to HEDT systems that there should only be the X models (for AMD) and Z models (for Intel) and nothing else, but sadly the world does not agree with me :'(
I know things have shifted slightly in the meantime, but the sweetness of something like my good old i7 3930K and the AsRock X79 Extreme11 was just too good to not to buy at the time! ^_^
#7
German - Deutsch / Re: OpenVPN massive Paketverlu...
Last post by hw_tobias - Today at 01:36:33 PMHallo zusammen,
ich möchte hier nochmal kurz Rückmeldung geben.
Unsere Probleme hatten nichts mit der OpnSense zu tun.
Es war ein Thema mit unserem Provider.
Viele Grüße
Tobias
ich möchte hier nochmal kurz Rückmeldung geben.
Unsere Probleme hatten nichts mit der OpnSense zu tun.
Es war ein Thema mit unserem Provider.
Viele Grüße
Tobias
#8
General Discussion / Re: How many network cards doe...
Last post by lilsense - Today at 12:23:25 PM"OPNsense on a stick"
LOL
LOL
#9
General Discussion / Re: Roku DNS storm is impactin...
Last post by lilsense - Today at 12:13:36 PMQuote from: RobertoZ on June 09, 2026, 07:23:51 PMI have a TCL TV that has Roku OS on it. It's constantly very chatty. I use ControlD for DNS so I have it blocked. I tried disconnecting the TV from the network, but then there is a bright white light on the front of the TV that constantly flashes with the intensity of a thousand suns.You can stop by your local friendly hardware store if you do not have a black electrical tape and cut a tiny piece and place it on the bright LED. :)
I looked for a new "dumb" TV with no smart features. I quickly found out unless you want to buy a professional display costing almost as much as a car you are stuck with this scheiße.
</rant>
No smartTV should be on anyone's network, even the world's BEST SONY Android TV's.
#10
General Discussion / Re: Crowdsec Observations
Last post by philippe_crowdsec - Today at 11:25:20 AM@dan786: Don't hesitate to discuss those points on our discourse.
The tables populated by CrowdSec are entirely dynamic. <TL/DR> It contains the IP your local machine blocks and a part of what the other in the network are blocking. The 1st step is really about checking your "stack health" in the SaaS console (or using the Claude Skill we published) to see that everything is properly configured.
The default 4h ban is meant to avoid a lengthy ban, since any IP caught locally will have its ban refreshed if needed, and if it is globally aggressive, it'll be added to a global blocklist (reputation vs. behavior).
CrowdSec now runs on hundreds of thousands of servers and we are confident the software is stable, behaving as intended, but this doesn't mean we can't have an OpenSense integration issue. So step 1: stack health or check the config with a Claude + the crowdsec skill. If it's cleared, please raise a bug and we'll investigate.
The tables populated by CrowdSec are entirely dynamic. <TL/DR> It contains the IP your local machine blocks and a part of what the other in the network are blocking. The 1st step is really about checking your "stack health" in the SaaS console (or using the Claude Skill we published) to see that everything is properly configured.
The default 4h ban is meant to avoid a lengthy ban, since any IP caught locally will have its ban refreshed if needed, and if it is globally aggressive, it'll be added to a global blocklist (reputation vs. behavior).
CrowdSec now runs on hundreds of thousands of servers and we are confident the software is stable, behaving as intended, but this doesn't mean we can't have an OpenSense integration issue. So step 1: stack health or check the config with a Claude + the crowdsec skill. If it's cleared, please raise a bug and we'll investigate.
