Recent posts

#81
General Discussion / Re: Where is TCP processed - C...
Last post by chemlud - Today at 01:42:25 PM
I have here after reboot:

sudo dmesg | grep ASPM
[    0.018934] [      T0] PCIe ASPM is disabled
[    0.121764] [      T1] acpi PNP0A08:00: _OSC: not requesting OS control; OS requires [ExtendedConfig ASPM ClockPM MSI]


iperf -p 45678 -c FAST -t 30 -y C -P 1
20260121133626,SLOW,FAST,45678,1,0.0-30.0,3478388800,926208295

Other direction:

20260121133925,FAST,SLOW,45678,1,0.0-30.1,1693319232,450764744

So nothing really changed.

#82
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by jfou1987 - Today at 01:34:35 PM
Quote from: Monviech (Cedrik) on Today at 12:45:01 PMThen go to "Firewall - Aliases" and create a new alias that contains Belgium.
After saving and apply, go to "Firewall - Diagnostics - Aliases" and check the contents of the alias you just created.

I just did it, and the problem was solved ! Thank you for your help.

I thing robvdw was right, there was an issue at ipinfo yesterday.

#83
General Discussion / Re: Where is TCP processed - C...
Last post by chemlud - Today at 01:26:47 PM
OK, so best bet is:

pcie_aspm=off
added to kernel boot line and reboot.

Will try... :-)
#84
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by robvdw - Today at 12:59:37 PM
Thanks! The current ipinfo file processes fine and fixes the aliases. I suspect there either was a severely truncated file online yesterday afternoon for a short while, or it contained something that crashed the script that extracts them.

I also noticed that the IPv6 files were not updated yesterday, which would be consistent with some kind of truncated file that only contained IPv4 until 5.something.

File sizes before re-download:
-rw-r-----  1 root wheel      288 Jan 20 13:41 BA-IPv4
-rw-r-----  1 root wheel    27668 Jan 19 13:40 BA-IPv6
-rw-r-----  1 root wheel       14 Jan 20 13:41 BB-IPv4
-rw-r-----  1 root wheel    13532 Jan 19 13:40 BB-IPv6
-rw-r-----  1 root wheel       14 Jan 20 13:41 BD-IPv4
-rw-r-----  1 root wheel   116040 Jan 19 13:40 BD-IPv6
-rw-r-----  1 root wheel      916 Jan 20 13:41 BE-IPv4
-rw-r-----  1 root wheel   565784 Jan 19 13:40 BE-IPv6
-rw-r-----  1 root wheel       14 Jan 20 13:41 BF-IPv4
-rw-r-----  1 root wheel    23354 Jan 19 13:40 BF-IPv6
-rw-r-----  1 root wheel     1233 Jan 20 13:41 BG-IPv4
-rw-r-----  1 root wheel   122141 Jan 19 13:40 BG-IPv6

File sizes after re-download:
-rw-r-----  1 root wheel     8492 Jan 21 12:49 BA-IPv4
-rw-r-----  1 root wheel    27668 Jan 21 12:49 BA-IPv6
-rw-r-----  1 root wheel     4531 Jan 21 12:49 BB-IPv4
-rw-r-----  1 root wheel    13532 Jan 21 12:49 BB-IPv6
-rw-r-----  1 root wheel    65683 Jan 21 12:49 BD-IPv4
-rw-r-----  1 root wheel   114769 Jan 21 12:49 BD-IPv6
-rw-r-----  1 root wheel   158563 Jan 21 12:49 BE-IPv4
-rw-r-----  1 root wheel   566429 Jan 21 12:49 BE-IPv6
-rw-r-----  1 root wheel     5637 Jan 21 12:49 BF-IPv4
-rw-r-----  1 root wheel    23354 Jan 21 12:49 BF-IPv6
-rw-r-----  1 root wheel   118374 Jan 21 12:49 BG-IPv4
-rw-r-----  1 root wheel   122103 Jan 21 12:49 BG-IPv6
#85
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by meyergru - Today at 12:51:25 PM
As expected (but with the community edition):

You cannot view this attachment.
#86
Do these steps, first execute:

/usr/local/opnsense/scripts/filter/download_geoip.py

Then go to "Firewall - Aliases" and create a new alias that contains Belgium.
After saving and apply, go to "Firewall - Diagnostics - Aliases" and check the contents of the alias you just created.
#87
25.1, 25.4 Series / Re: Wireguard issue(s)
Last post by Bob.Dig - Today at 12:16:57 PM
For Android there is "WG Tunnel", that can cope with dynamic IPs. If your resolution is to restart WG on OPNsens though, you might have another problem und upgrading OPNsense is strongly advised to begin with. 
#88
General Discussion / Re: Where is TCP processed - C...
Last post by Seimus - Today at 12:12:44 PM
To be honest usually you want to disable. e.g force disabled ASPM off globally on OS level cause the per-device per-line disabling may not work always as it should... I usually disable ASPM in BIOS on everything or if not available or I have suspicions its not enough I force disable it globally in Linux.

https://wiki.archlinux.org/title/Power_management#Active_State_Power_Management

Regards,
S.
#89
General Discussion / Re: Where is TCP processed - C...
Last post by OPNenthu - Today at 12:07:05 PM
Understood, although there might be a reason why Protectli found that ASPM must be disabled globally rather than disabling it on a per-device basis with PCI sysctls.  Usually you don't use the nuclear option unless there's a reason, but who knows.
#90
You need to whitelist your internal addresses.

Either with this parser:

https://app.crowdsec.net/hub/author/crowdsecurity/log-parsers/whitelists

or manually following the documentation:

https://doc.crowdsec.net/u/getting_started/post_installation/whitelists/