"Recent posts
#21
25.7, 25.10 Series / Re: The new configuration clea...
Last post by OPNenthu - Today at 09:13:14 AMYou know what, I only just realized after closer reading of Ad's commit message that this is how it works. It identifies config models by the version. https://github.com/opnsense/core/commit/c485a33ab7c9d366baf3665dfcbbda65052b04ad
My bad...
My bad...
#22
25.7, 25.10 Series / The new configuration cleanup ...
Last post by OPNenthu - Today at 08:53:11 AMI tried the new configuration cleanup tool under System->Configuration->Defaults->Components. It worked beautifully to remove the stale configs of several plugins that I'd uninstalled. It even helpfully highlighted which ones were not installed to guide the selection for cleanup :) Nice touch.
The only minor inconsistency is that the XML element start/end tags sometimes get removed and sometimes don't. I had limited configs to play with, but it might be the case that when there is no plugin version in the start tag then those get left intact, but the versioned ones get removed.
I'm not sure if this is expected or warrants a bug, but in either case the end result is that the configs are removed and the plugin would revert to its defaults when re-installed (so not really an issue).
Adding a couple diff snippets here to illustrate.
1. The 'bind' plugin did not have a version listed. The element start tag was <bind> and the end tag was </bind>. Everything between the tags was removed:
2. The 'stunnel' plugin had a version in the <start> tag and in that case everything including the tags was removed:
Thanks again for your work on this tool!
The only minor inconsistency is that the XML element start/end tags sometimes get removed and sometimes don't. I had limited configs to play with, but it might be the case that when there is no plugin version in the start tag then those get left intact, but the versioned ones get removed.
I'm not sure if this is expected or warrants a bug, but in either case the end result is that the configs are removed and the plugin would revert to its defaults when re-installed (so not really an issue).
Adding a couple diff snippets here to illustrate.
1. The 'bind' plugin did not have a version listed. The element start tag was <bind> and the end tag was </bind>. Everything between the tags was removed:
Code Select
6186,6234c6088,6089
< <record version="1.0.1">
< <records/>
< </record>
< <acl version="1.0.0">
< <acls/>
< </acl>
< <general version="1.0.12">
< <enabled>0</enabled>
< <disablev6>0</disablev6>
< <enablerpz>1</enablerpz>
< <listenv4>0.0.0.0</listenv4>
< <listenv6>::</listenv6>
< <querysource/>
< <querysourcev6/>
< <transfersource/>
< <transfersourcev6/>
< <port>53530</port>
< <forwarders/>
< <filteraaaav4>0</filteraaaav4>
< <filteraaaav6>0</filteraaaav6>
< <filteraaaaacl/>
< <logsize>5</logsize>
< <general_log_level>info</general_log_level>
< <maxcachesize>80</maxcachesize>
< <recursion/>
< <allowtransfer/>
< <allowquery/>
< <dnssecvalidation>no</dnssecvalidation>
< <hidehostname>0</hidehostname>
< <hideversion>0</hideversion>
< <disableprefetch>0</disableprefetch>
< <enableratelimiting>0</enableratelimiting>
< <ratelimitcount/>
< <ratelimitexcept>0.0.0.0,::</ratelimitexcept>
< <rndcalgo>hmac-sha256</rndcalgo>
< <rndcsecret>VxtIzJevSQXqnr7h2qerrcwjnZlMWSGGFBndKeNIDfw=</rndcsecret>
< </general>
< <domain version="1.1.1">
< <domains/>
< </domain>
< <dnsbl version="1.0.5">
< <enabled>0</enabled>
< <type/>
< <whitelists/>
< <forcesafegoogle>0</forcesafegoogle>
< <forcesafeduckduckgo>0</forcesafeduckduckgo>
< <forcesafeyoutube>0</forcesafeyoutube>
< <forcestrictbing>0</forcestrictbing>
< </dnsbl>
---
2. The 'stunnel' plugin had a version in the <start> tag and in that case everything including the tags was removed:
Code Select
6236,6243d6090
< <Stunnel version="1.0.4" persisted_at="1756512408.00">
< <general>
< <enabled>0</enabled>
< <chroot>0</chroot>
< <enable_ident_server>0</enable_ident_server>
< </general>
< <services/>
< </Stunnel>
Thanks again for your work on this tool!
#23
Hardware and Performance / Re: Any tips or gotchas with S...
Last post by patient0 - Today at 08:46:45 AMQuote from: Greg_E on Today at 06:39:18 AMbut the x710 should habe 2.5 and 5g support if I need to run a copper module.It may be OT but: would you be able to ELI5 how to determine if a chipset is supporting 2.5 and 5Gbit? On and off I look for an answer now for a year or two (more of an indication of limitation on my side).
I only have SFP+ adapters, no NBaseT; NBaseT only by using copper transceiver. Some Mikrotik switches support it 2.5/5Gbit, some cards support it others not. I read quite a few datasheets of SFP+ conroller but can't find an explanation.
Does the MAC has to support these speeds, or the PHY? Or modes like MII, RMII, XGMII etc.?
And since there are copper versions of the X710 (X710-TM4 & X710-AT2) which do support 2.5 and 5Gbit, is that a sure indication that SFP+ models also support these speeds?
The XL710/X710 datasheet (I'm not through yet) : https://cdrdv2-public.intel.com/332464/332464_710_Series_Datasheet_v_4_1.pdf
#24
German - Deutsch / Gelöst: Log Files der Firewall...
Last post by Schnuffel2008 - Today at 07:14:24 AMHi,
ich benötige einmal kurz Hilfe.
Leider werden mir keine Einträge unter den Ligs für die Firewall angezeigt.
Wenn ich Liveview Aufrufe, dann wird mir nur der Waiting+cursor angezeigt. Und auch bei Overview ist alles leer.
Zuletzt als ich flexcolor fertig gestellt habe, hatte ich diese Seiten immer geprüft, um zu schauen, dass mein theme sie richtig darstellt. Da war alles okay. Seitdem habe ich allerdings einiges in den Einstellungen verändert eben um zu schauen, ob der Skin funktioniert. Und ich habe das Update auf 25.7.8 durchgeführt. Jetzt eriß ich nicht was die Ursache für das Problem ist. Ich habe neu gestartet, habe neben meinem Theme auch den Original Skin getestet, aber das Problem bleibt. Jemand eine Idee wo ich etwas abgeschaltet haben könnte?
ich benötige einmal kurz Hilfe.
Leider werden mir keine Einträge unter den Ligs für die Firewall angezeigt.
Wenn ich Liveview Aufrufe, dann wird mir nur der Waiting+cursor angezeigt. Und auch bei Overview ist alles leer.
Zuletzt als ich flexcolor fertig gestellt habe, hatte ich diese Seiten immer geprüft, um zu schauen, dass mein theme sie richtig darstellt. Da war alles okay. Seitdem habe ich allerdings einiges in den Einstellungen verändert eben um zu schauen, ob der Skin funktioniert. Und ich habe das Update auf 25.7.8 durchgeführt. Jetzt eriß ich nicht was die Ursache für das Problem ist. Ich habe neu gestartet, habe neben meinem Theme auch den Original Skin getestet, aber das Problem bleibt. Jemand eine Idee wo ich etwas abgeschaltet haben könnte?
#25
25.7, 25.10 Series / Re: Firewall: Log Files: Live ...
Last post by OPNenthu - Today at 06:48:18 AMQuote from: pfry on November 26, 2025, 07:31:42 PMNitpick: It'd be nice if the line shade was consistent - not by position (as it is now), but by element (so the text shade remains the same as it scrolls). I find the changing light/dark shading makes it harder to follow a particular entry.
I agree, the zebra coloring behind the moving text is throwing me off. There are two challenges:
1) The fact that neighboring elements of the same type (e.g. multiple adjacent 'block' logs) have contrasting lighter/darker shades of the same color makes me think that those are different categories or types of log lines even though they're all just block actions.
2) As you mentioned, the row shade doesn't follow the text as it moves down the screen, so a 'pass' action will alternate between shades of green as it makes its way down. This causes me to visually lose track of the line.
If it's not too much, I think an option to toggle the zebra shading off would be useful for some.
#26
Hardware and Performance / Re: Any tips or gotchas with S...
Last post by Greg_E - Today at 06:39:18 AMThat's one reason I like to buy that brand, generally they are unlocked. The x520 version was limited to 1g or 10g, but the x710 should habe 2.5 and 5g support if I need to run a copper module.
#27
Hardware and Performance / Slow WAN speed after random pe...
Last post by hellrazo - Today at 05:43:39 AMHI all...
Got this dual lan card
em1@pci0:2:0:1: class=0x020000 rev=0x06 hdr=0x00 vendor=0x8086 device=0x105e subvendor=0x8086 subdevice=0x135e
vendor = 'Intel Corporation'
device = '82571EB/82571GB Gigabit Ethernet Controller D0/D1 (copper applications)'
class = network
subclass = ethernet
Its running through proxmox with a partial passthrough
It works well for a while, but after 24 hours or a couple of days, my 500MB connection drops to below 100mbps
I never had this issue on PFsense for several years with this model of card so thats why I dare to ask here.
The modem is not limiting anything, i tested with another NIC on another system.
The setup is:
This 2x1gbe card using only one port for WAN / other port is unused (the behavior is observed on both ports )
Another card at 2x10gbe using only one port for wan, the other port is for the proxmox upstream itself.
Any clue before I try to change for another model (is there a compatibility issue)
thanks for any input
Got this dual lan card
em1@pci0:2:0:1: class=0x020000 rev=0x06 hdr=0x00 vendor=0x8086 device=0x105e subvendor=0x8086 subdevice=0x135e
vendor = 'Intel Corporation'
device = '82571EB/82571GB Gigabit Ethernet Controller D0/D1 (copper applications)'
class = network
subclass = ethernet
Its running through proxmox with a partial passthrough
It works well for a while, but after 24 hours or a couple of days, my 500MB connection drops to below 100mbps
I never had this issue on PFsense for several years with this model of card so thats why I dare to ask here.
The modem is not limiting anything, i tested with another NIC on another system.
The setup is:
This 2x1gbe card using only one port for WAN / other port is unused (the behavior is observed on both ports )
Another card at 2x10gbe using only one port for wan, the other port is for the proxmox upstream itself.
Any clue before I try to change for another model (is there a compatibility issue)
thanks for any input
#28
25.7, 25.10 Series / Suricata IPS Mode
Last post by nicholaswkc - Today at 04:54:09 AMDear all, I'm using PPPOE connection and how to activate Suricata IPS mode?
#29
25.7, 25.10 Series / Re: Crowdsec Installation
Last post by nicholaswkc - Today at 04:53:36 AMI using command to install pkg install os-crowdsec.
I not able to start crowdsec services. When to check the log files?
I go System-Diagnotics-Services.
I not able to start crowdsec services. When to check the log files?
I go System-Diagnotics-Services.
#30
Hardware and Performance / Re: Any tips or gotchas with S...
Last post by pfry - Today at 03:13:22 AMInteresting design. I wonder if there's a way to expose the Nuvoton chip (NCT6683D-T monitor/fan controller). FreeBSD support would likely be pretty limited - perhaps the superio driver has some support. Should be irrelevant to normal operation; the card apparently has an overheat LED and external signal (JP2). For the heck of it, check the DIP switch settings.
Definitely check the NVM version. That should be about it. I wouldn't expect firmware locks (for SFP optics) on a Supermicro card.
Definitely check the NVM version. That should be about it. I wouldn't expect firmware locks (for SFP optics) on a Supermicro card.
