"Recent posts
#21
General Discussion / Re: GUI/Shell crashing
Last post by meyergru - November 23, 2025, 07:57:49 PMDid you try installing the microcode updates? It does not look like it from the report...
There is definitely something off in the Power Management in your firmware:
If the uptime is exactly 20 Minutes, I would look for a BIOS watchdog. When you look at the forum search for HP T730, you will find a few other reports of systems freezing or crashing.
There is definitely something off in the Power Management in your firmware:
Quote[1] Firmware Warning (ACPI): Optional FADT field Pm2ControlBlock has valid Length but zero Address: 0x0000000000000000/0x1 (20221020/tbfadt-796)
If the uptime is exactly 20 Minutes, I would look for a BIOS watchdog. When you look at the forum search for HP T730, you will find a few other reports of systems freezing or crashing.
#22
Web Proxy Filtering and Caching / Re: Squid Proxy - How to route...
Last post by palleri - November 23, 2025, 07:56:03 PMHi, did you solve this?
I am trying to do the same.
Squid proxy through my ISP wireguard interface.
I am trying to do the same.
Squid proxy through my ISP wireguard interface.
#23
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by Patrick M. Hausen - November 23, 2025, 07:54:19 PMQuote from: emeliaerick on November 23, 2025, 07:29:02 PMHopefully a follow-up patch drops soon, because seeing those CVEs right after updating doesn't inspire much confidence.
The followup patch is 25.7. 25.1 is long EOL. Complaining about vulnerabilities in EOL software is a bit strange, don't you think. But you do you.
#24
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by meyergru - November 23, 2025, 07:47:41 PMIt does not become any more true by repeating this. As pointed out, the PHP vulnerabilities were detected after the 25.1.10 release, so there never was "a release ship with fresh vulnerabilities still present" like you say.
The sudo vulnerabilities are not applicable to OpnSense, so they were a false alarm.
Anyway, 25.1.10 was long ago succeeded by 25.7.x, were the referenced vulnerabilities have been fixed.
So, what is your actual complaint? Not having updating to 25.7.7_4? That would be on you, I guess.
The sudo vulnerabilities are not applicable to OpnSense, so they were a false alarm.
Anyway, 25.1.10 was long ago succeeded by 25.7.x, were the referenced vulnerabilities have been fixed.
So, what is your actual complaint? Not having updating to 25.7.7_4? That would be on you, I guess.
#25
General Discussion / Re: GUI/Shell crashing
Last post by Mattps - November 23, 2025, 07:46:26 PMIt stayed up for about 20 mins and then died again unfortunately.
#26
25.7, 25.10 Series / Re: WAN interface DNS to Veriz...
Last post by JMini - November 23, 2025, 07:45:59 PMIn System/Settings/General
I added 1.1.1.1 into the DNS server list (Selected the WAN_DHCP gateway)
And, crucially I think, I UNCHECKED "Allow DNS server list to be overridden by DHCP/PPP on WAN"
I've only been using OPNSense for a little over a week now and am still coming to grips with everything.
Thanks.
I added 1.1.1.1 into the DNS server list (Selected the WAN_DHCP gateway)
And, crucially I think, I UNCHECKED "Allow DNS server list to be overridden by DHCP/PPP on WAN"
I've only been using OPNSense for a little over a week now and am still coming to grips with everything.
Thanks.
#27
Zenarmor (Sensei) / Re: [Sloved] - Netmap packet d...
Last post by kozistan - November 23, 2025, 07:35:02 PMI'd like to share my experience:
After updating the X710 firmware to dev.ixl.0.fw_version: fw 9.155.78849, I can confirm that with the deployment mode set to "routed", using the native netmap driver, there are no longer any dropped packets.
Tunables:
After updating the X710 firmware to dev.ixl.0.fw_version: fw 9.155.78849, I can confirm that with the deployment mode set to "routed", using the native netmap driver, there are no longer any dropped packets.
Tunables:
Code Select
dev.ixl.0.iflib.override_nrxds="2048"
dev.ixl.0.iflib.override_ntxds="2048"
dev.netmap.buf_num="1000000"
dev.netmap.buf_size="2048"
dev.netmap.ring_size="36864"
net.inet.udp.recvspace="1048576"
#28
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by emeliaerick - November 23, 2025, 07:29:02 PMQuote from: holunde on July 04, 2025, 12:18:17 PMI'm just wondering, why a release is coming out with these 2 new vulnerabilities?"It's definitely frustrating to see a release ship with fresh vulnerabilities still present. Sometimes the upstream packages haven't been patched yet, or the update cycle in OPNsense hasn't caught up with the fixes. Hopefully a follow-up patch drops soon, because seeing those CVEs right after updating doesn't inspire much confidence."
Currently running OPNsense 25.1.10 (amd64) at Fri Jul 4 11:50:37 CEST 2025
Fetching vuln.xml.xz: .......... done
php83-8.3.22 is vulnerable:
php -- Multiple vulnerabilities
CVE: CVE-2025-1220
CVE: CVE-2025-6491
CVE: CVE-2025-1735
WWW: https://vuxml.freebsd.org/remove bgfreebsd/d607b12c-5821-11f0-ab92-f02f7497ecda.html
sudo-1.9.17 is vulnerable:
sudo -- privilege escalation vulnerability through host and chroot options
CVE: CVE-2025-32463
CVE: CVE-2025-32462
WWW: https://vuxml.freebsd.org/freebsd/24f4b495-56a1-11f0-9621-93abbef07693.html
2 problem(s) in 2 installed package(s) found.
***DONE***
#29
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by emeliaerick - November 23, 2025, 07:23:57 PMQuote from: holunde on July 04, 2025, 12:18:17 PMI'm just wondering, why a release is coming out with these 2 new vulnerabilities?"It's definitely frustrating to see a release ship with fresh vulnerabilities still present. Sometimes the upstream packages haven't been patched yet, or the update cycle in OPNsense hasn't caught up with the fixes. Hopefully a follow-up patch drops soon, because seeing those CVEs right after updating doesn't inspire much confidence."
Currently running OPNsense 25.1.10 (amd64) at Fri Jul 4 11:50:37 CEST 2025
Fetching vuln.xml.xz: .......... done
php83-8.3.22 is vulnerable:
php -- Multiple vulnerabilities
CVE: CVE-2025-1220
CVE: CVE-2025-6491
CVE: CVE-2025-1735
WWW: https://vuxml.freebsd.org/remove bgfreebsd/d607b12c-5821-11f0-ab92-f02f7497ecda.html
sudo-1.9.17 is vulnerable:
sudo -- privilege escalation vulnerability through host and chroot options
CVE: CVE-2025-32463
CVE: CVE-2025-32462
WWW: https://vuxml.freebsd.org/freebsd/8x8 cube24f4b495-56a1-11f0-9621-93abbef07693.html
2 problem(s) in 2 installed package(s) found.
***DONE***
#30
Hardware and Performance / N150 / N355 good fits?
Last post by Billy2010 - November 23, 2025, 06:59:34 PMSoon we will make the swith to a 8,5G fiber connection.
The main switch is a Mikrotik 10G
Behind it are 2 more 1G switches.
Connected to the network that are :
2 servers (10G), 8 workstations (Mix of 10G, 2.5G, 1G), 6 mobile devices, 16 iot devices (1G,100M).
Split in 3 vlans.
I am now looking to run opnsense with zenarmor on a baremetal (I ran it on my PE homeserver but thats 100W) to sit between the modem and the main switch.
The main purpose is ofcourse FW/IDS.
But if its "capable" of having more bells and whistles then thats just better.
I have been browseing around and keep coming across these N150/N355 devices.
Most of these devices(CWWK/MNBOXCONET..) have 2x sfp+ and 2x2.5G connections.
But I also came across ROUAFWIT which seems to have 2x2SFP+ and 4x2.5G. I have seen these boxes with other hardware aswell.
I have listed these with 32Gb ram + 1T ssd:
N150 (+-450€)
N355 (+-560€)
N355 (+-704€) <- the one with 4x2.5G instead of 2x.
i5 1334U (850€) 4x2.5G, 20pci lanes vs 9.
Ofcourse I now have a few questions.
1. Are aforementioned devices capable of functioning as desired (throughput wise etc?
2. With the 4x2.5G one I would add 2 extra ports to my cabinet and I might move the 2 switches that are connected to the main swith to this device directly. Another would temporary serve for the current modem (copper) and one for admin.
3. Any advice with does and dont's?
4. Good alternate devices that are within given budgets with similar or better punch?
Ty.
The main switch is a Mikrotik 10G
Behind it are 2 more 1G switches.
Connected to the network that are :
2 servers (10G), 8 workstations (Mix of 10G, 2.5G, 1G), 6 mobile devices, 16 iot devices (1G,100M).
Split in 3 vlans.
I am now looking to run opnsense with zenarmor on a baremetal (I ran it on my PE homeserver but thats 100W) to sit between the modem and the main switch.
The main purpose is ofcourse FW/IDS.
But if its "capable" of having more bells and whistles then thats just better.
I have been browseing around and keep coming across these N150/N355 devices.
Most of these devices(CWWK/MNBOXCONET..) have 2x sfp+ and 2x2.5G connections.
But I also came across ROUAFWIT which seems to have 2x2SFP+ and 4x2.5G. I have seen these boxes with other hardware aswell.
I have listed these with 32Gb ram + 1T ssd:
N150 (+-450€)
N355 (+-560€)
N355 (+-704€) <- the one with 4x2.5G instead of 2x.
i5 1334U (850€) 4x2.5G, 20pci lanes vs 9.
Ofcourse I now have a few questions.
1. Are aforementioned devices capable of functioning as desired (throughput wise etc?
2. With the 4x2.5G one I would add 2 extra ports to my cabinet and I might move the 2 switches that are connected to the main swith to this device directly. Another would temporary serve for the current modem (copper) and one for admin.
3. Any advice with does and dont's?
4. Good alternate devices that are within given budgets with similar or better punch?
Ty.
