"Recent posts
#21
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by emeliaerick - November 23, 2025, 07:23:57 PMQuote from: holunde on July 04, 2025, 12:18:17 PMI'm just wondering, why a release is coming out with these 2 new vulnerabilities?"It's definitely frustrating to see a release ship with fresh vulnerabilities still present. Sometimes the upstream packages haven't been patched yet, or the update cycle in OPNsense hasn't caught up with the fixes. Hopefully a follow-up patch drops soon, because seeing those CVEs right after updating doesn't inspire much confidence."
Currently running OPNsense 25.1.10 (amd64) at Fri Jul 4 11:50:37 CEST 2025
Fetching vuln.xml.xz: .......... done
php83-8.3.22 is vulnerable:
php -- Multiple vulnerabilities
CVE: CVE-2025-1220
CVE: CVE-2025-6491
CVE: CVE-2025-1735
WWW: https://vuxml.freebsd.org/remove bgfreebsd/d607b12c-5821-11f0-ab92-f02f7497ecda.html
sudo-1.9.17 is vulnerable:
sudo -- privilege escalation vulnerability through host and chroot options
CVE: CVE-2025-32463
CVE: CVE-2025-32462
WWW: https://vuxml.freebsd.org/freebsd/8x8 cube24f4b495-56a1-11f0-9621-93abbef07693.html
2 problem(s) in 2 installed package(s) found.
***DONE***
#22
Hardware and Performance / N150 / N355 good fits?
Last post by Billy2010 - November 23, 2025, 06:59:34 PMSoon we will make the swith to a 8,5G fiber connection.
The main switch is a Mikrotik 10G
Behind it are 2 more 1G switches.
Connected to the network that are :
2 servers (10G), 8 workstations (Mix of 10G, 2.5G, 1G), 6 mobile devices, 16 iot devices (1G,100M).
Split in 3 vlans.
I am now looking to run opnsense with zenarmor on a baremetal (I ran it on my PE homeserver but thats 100W) to sit between the modem and the main switch.
The main purpose is ofcourse FW/IDS.
But if its "capable" of having more bells and whistles then thats just better.
I have been browseing around and keep coming across these N150/N355 devices.
Most of these devices(CWWK/MNBOXCONET..) have 2x sfp+ and 2x2.5G connections.
But I also came across ROUAFWIT which seems to have 2x2SFP+ and 4x2.5G. I have seen these boxes with other hardware aswell.
I have listed these with 32Gb ram + 1T ssd:
N150 (+-450€)
N355 (+-560€)
N355 (+-704€) <- the one with 4x2.5G instead of 2x.
i5 1334U (850€) 4x2.5G, 20pci lanes vs 9.
Ofcourse I now have a few questions.
1. Are aforementioned devices capable of functioning as desired (throughput wise etc?
2. With the 4x2.5G one I would add 2 extra ports to my cabinet and I might move the 2 switches that are connected to the main swith to this device directly. Another would temporary serve for the current modem (copper) and one for admin.
3. Any advice with does and dont's?
4. Good alternate devices that are within given budgets with similar or better punch?
Ty.
The main switch is a Mikrotik 10G
Behind it are 2 more 1G switches.
Connected to the network that are :
2 servers (10G), 8 workstations (Mix of 10G, 2.5G, 1G), 6 mobile devices, 16 iot devices (1G,100M).
Split in 3 vlans.
I am now looking to run opnsense with zenarmor on a baremetal (I ran it on my PE homeserver but thats 100W) to sit between the modem and the main switch.
The main purpose is ofcourse FW/IDS.
But if its "capable" of having more bells and whistles then thats just better.
I have been browseing around and keep coming across these N150/N355 devices.
Most of these devices(CWWK/MNBOXCONET..) have 2x sfp+ and 2x2.5G connections.
But I also came across ROUAFWIT which seems to have 2x2SFP+ and 4x2.5G. I have seen these boxes with other hardware aswell.
I have listed these with 32Gb ram + 1T ssd:
N150 (+-450€)
N355 (+-560€)
N355 (+-704€) <- the one with 4x2.5G instead of 2x.
i5 1334U (850€) 4x2.5G, 20pci lanes vs 9.
Ofcourse I now have a few questions.
1. Are aforementioned devices capable of functioning as desired (throughput wise etc?
2. With the 4x2.5G one I would add 2 extra ports to my cabinet and I might move the 2 switches that are connected to the main swith to this device directly. Another would temporary serve for the current modem (copper) and one for admin.
3. Any advice with does and dont's?
4. Good alternate devices that are within given budgets with similar or better punch?
Ty.
#23
General Discussion / Re: Proxmox & Opnsense VLAN Co...
Last post by user2311 - November 23, 2025, 06:54:23 PM #24
General Discussion / Proxmox & Opnsense VLAN Config...
Last post by user2311 - November 23, 2025, 06:51:25 PMHello everyone,
I am currently trying proxmox with opnsense as a VM and trying to understand more the VLAN functions und firewall rules. I have made a config and it is working but I am asking myself why some things work and some don't. Maybe one of you can answer them.
1. Why am I able to connect to the firewall and proxmox when my PC on switch port 5 is VLAN 10 untagged but the port 2 (Switch -> proxmox) is tagged VLAN 10?
2. When I put VLAN 10 untagged on port 2 and tagged vlan 20 & 30, I can't connect to the firewall or proxmox anymore.
3. I want to add new WLAN SSIDs called Users (e.g VLAN 11) and Guest (VLAN 12) on the access point. Do I need to add new linux bridges and linux VLANs? If so, do I need to make the bridge vlan aware? And on the opnsense VM: I would have to add the bridges to the network settings and add a VLAN tag (VLAN tag 11 and 12) to them right?
4. In the 192-168-178-0/24 network, the firewall is reachable with its WAN ip-address 192-168-178-254. Isn't this a security risk since it's reachable from the 192-168-178-0/24 network?
5. How does my current setup work when the opnsense VM doesn't have VLAN tag 10,20,30 assigned in the network settings?
This is my proxmox setup:
/etc/network/interfaces
auto lo
iface lo inet loopback
iface enp1s0 inet manua
liface wlp2s0 inet manual
auto enp1s0.10
iface enp1s0.10 inet manual
#LAN VLAN 10
auto enp1s0.20
iface enp1s0.20 inet manual
#WAN VLAN 20
auto vmbr0
iface vmbr0 inet manual
bridge_ports enp1s0.20
bridge_stp off
bridge_fd 0
#WAN → no IP-Adress
auto vmbr1
iface vmbr1 inet static
address 192-168-100-2
netmask 255-255-255-0
gateway 192-168-100-1
bridge_ports enp1s0.10
bridge_stp off bridge_fd 0
bridge_vlan_aware yes
bridge_vids 2-4094
#LAN → Management-Access
I have added some screenshots of the configs.
If you need any more information, let me know. Thank you for any help :)
I am currently trying proxmox with opnsense as a VM and trying to understand more the VLAN functions und firewall rules. I have made a config and it is working but I am asking myself why some things work and some don't. Maybe one of you can answer them.
1. Why am I able to connect to the firewall and proxmox when my PC on switch port 5 is VLAN 10 untagged but the port 2 (Switch -> proxmox) is tagged VLAN 10?
2. When I put VLAN 10 untagged on port 2 and tagged vlan 20 & 30, I can't connect to the firewall or proxmox anymore.
3. I want to add new WLAN SSIDs called Users (e.g VLAN 11) and Guest (VLAN 12) on the access point. Do I need to add new linux bridges and linux VLANs? If so, do I need to make the bridge vlan aware? And on the opnsense VM: I would have to add the bridges to the network settings and add a VLAN tag (VLAN tag 11 and 12) to them right?
4. In the 192-168-178-0/24 network, the firewall is reachable with its WAN ip-address 192-168-178-254. Isn't this a security risk since it's reachable from the 192-168-178-0/24 network?
5. How does my current setup work when the opnsense VM doesn't have VLAN tag 10,20,30 assigned in the network settings?
This is my proxmox setup:
/etc/network/interfaces
auto lo
iface lo inet loopback
iface enp1s0 inet manua
liface wlp2s0 inet manual
auto enp1s0.10
iface enp1s0.10 inet manual
#LAN VLAN 10
auto enp1s0.20
iface enp1s0.20 inet manual
#WAN VLAN 20
auto vmbr0
iface vmbr0 inet manual
bridge_ports enp1s0.20
bridge_stp off
bridge_fd 0
#WAN → no IP-Adress
auto vmbr1
iface vmbr1 inet static
address 192-168-100-2
netmask 255-255-255-0
gateway 192-168-100-1
bridge_ports enp1s0.10
bridge_stp off bridge_fd 0
bridge_vlan_aware yes
bridge_vids 2-4094
#LAN → Management-Access
I have added some screenshots of the configs.
If you need any more information, let me know. Thank you for any help :)
#25
General Discussion / Re: GUI/Shell crashing
Last post by Mattps - November 23, 2025, 06:43:58 PMThanks Meyergru, I'll try that. I managed to get the Firmware > Report output before it crashed, I've attached in case that's helpful.
#26
Intrusion Detection and Prevention / Re: pid xxx (suricata), jid 0,...
Last post by kevingg - November 23, 2025, 06:37:35 PMI have increase my RAM. But still issues. Now I am using texttoolz
#27
General Discussion / Re: GUI/Shell crashing
Last post by meyergru - November 23, 2025, 06:36:09 PMTry using the tuneable "hw.pci.enable_aspm = 0" to disable ASPM if your BIOS does not support it. Those freezing issues often point to ASPM issues.
#28
General Discussion / GUI/Shell crashing
Last post by Mattps - November 23, 2025, 06:17:38 PMHi Forum,
I need a some troubleshooting an unstable OPNSense installation. I've moved from a virtualised OPNSense instances to running of dedicated hardware:
HP T730 Mini PC 8GB RAM, 64GB NVMe, Intel Pro/1000 ET 82576 Quad NIC
I'm using the latest VGA image with no additional plugins. OPNSense will suddenly lock up, GUI/Shell become unresponsive and the NIC ports link lights stop. Rebooting the PC resolves the issue. Yesterday with just 1 LAN and WAN interface configured it would crash after about 20 mins. I installed Windows 11 IoT over the top, updated the BIOS, ran hardware diagnostics - all passed. With Windows it ran without issue. Confident that it was fixed I reinstalled OPNSense and it seemed to work - ran for over 90 mins without issue.
Today I have configured 3 additional LAN interfaces and the problem is back, except now it will stay on for about 2 mins before dying. Any had any experience of this or where I can check logs to see what is going on?
Thanks in advance,
Matt
I need a some troubleshooting an unstable OPNSense installation. I've moved from a virtualised OPNSense instances to running of dedicated hardware:
HP T730 Mini PC 8GB RAM, 64GB NVMe, Intel Pro/1000 ET 82576 Quad NIC
I'm using the latest VGA image with no additional plugins. OPNSense will suddenly lock up, GUI/Shell become unresponsive and the NIC ports link lights stop. Rebooting the PC resolves the issue. Yesterday with just 1 LAN and WAN interface configured it would crash after about 20 mins. I installed Windows 11 IoT over the top, updated the BIOS, ran hardware diagnostics - all passed. With Windows it ran without issue. Confident that it was fixed I reinstalled OPNSense and it seemed to work - ran for over 90 mins without issue.
Today I have configured 3 additional LAN interfaces and the problem is back, except now it will stay on for about 2 mins before dying. Any had any experience of this or where I can check logs to see what is going on?
Thanks in advance,
Matt
#29
25.7, 25.10 Series / Re: LCP negotiation with MRU o...
Last post by camellia - November 23, 2025, 05:58:33 PMQuoteBut I'm not sure where the issue is since you haven't published your MTU settings (both interface and PPP device).MTU settings for both interface and PPP device are blank.
MPD5 version for both OPNsense 23.7.2 and OPNsense 23.7.3 is 5.9_16. Also, MPD5 has not been reinstalled on OPNsense 23.7.3. However, results of automatic MTU setting are clearly different between OPNsense 23.7.2 and OPNsense 23.7.3.
Since the results of the automatic MTU setting are different even though there is no change in MPD5, I don't think it's an MPD5 issue.
I noticed that the behavior of MTU settings for PPP devices is significantly different between OPNsense 23.7.2 and OPNsense 23.7.3.
[OPNsense23.7.2]
MTU setting for PPP devices in OPNsense 23.7.2 respects the result of LCP negotiation.
- If I set a value larger than 1454, that is not reflected in the actual MTU.
- If I set a value smaller than 1454, that is reflected in the actual MTU.
- If I set it to 1492, the actual MTU remains at 1454.
[OPNsense23.7.3]
MTU setting for PPP devices in OPNsense 23.7.3 ignores the result of LCP negotiation.
- If I set a value larger than 1454, that is reflected in the actual MTU.
- If I set a value smaller than 1454, that is reflected in the actual MTU.
- If I set it to 1492, the actual MTU is 1492.
OPNsense may be implemented in such a way that if the MTU setting is blank, it assumes that 1492 is set. If this assumption is correct, the results of the automatic MTU setting in OPNsense 23.7.2 and OPNsense 23.7.3 will be consistent with the expected MTU.
I am concerned about the statement in the MTU setting help that says "MTU will default to 1492".
#30
German - Deutsch / Probleme bei der Installation ...
Last post by juergen2025 - November 23, 2025, 05:39:49 PMHallo zusammen,
ich habe OPNsense 25.7 auf eine neue M.2 SSD installiert, und die Installation lief problemlos. Leider habe ich dann festgestellt, dass die neuesten Updates nicht korrekt installiert werden – sie bleiben hängen und werden nicht abgeschlossen.
Daraufhin habe ich die alte M.2 SSD wieder eingebaut, auf der bereits die neueste Version von OPNsense installiert ist, und das System funktioniert einwandfrei.
Kennt jemand dieses Problem und hat vielleicht eine Lösung, warum die Updates auf der neuen SSD nicht abgeschlossen werden? Ich würde mich über jede Hilfe freuen!
Danke im Voraus!
ich habe OPNsense 25.7 auf eine neue M.2 SSD installiert, und die Installation lief problemlos. Leider habe ich dann festgestellt, dass die neuesten Updates nicht korrekt installiert werden – sie bleiben hängen und werden nicht abgeschlossen.
Daraufhin habe ich die alte M.2 SSD wieder eingebaut, auf der bereits die neueste Version von OPNsense installiert ist, und das System funktioniert einwandfrei.
Kennt jemand dieses Problem und hat vielleicht eine Lösung, warum die Updates auf der neuen SSD nicht abgeschlossen werden? Ich würde mich über jede Hilfe freuen!
Danke im Voraus!
