"Recent posts
#81
General Discussion / Re: Where is TCP processed - C...
Last post by chemlud - Today at 01:42:25 PMI have here after reboot:
So nothing really changed.
Code Select
sudo dmesg | grep ASPM
[ 0.018934] [ T0] PCIe ASPM is disabled
[ 0.121764] [ T1] acpi PNP0A08:00: _OSC: not requesting OS control; OS requires [ExtendedConfig ASPM ClockPM MSI]
Code Select
iperf -p 45678 -c FAST -t 30 -y C -P 1
20260121133626,SLOW,FAST,45678,1,0.0-30.0,3478388800,926208295
Other direction:
20260121133925,FAST,SLOW,45678,1,0.0-30.1,1693319232,450764744So nothing really changed.
#82
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by jfou1987 - Today at 01:34:35 PMQuote from: Monviech (Cedrik) on Today at 12:45:01 PMThen go to "Firewall - Aliases" and create a new alias that contains Belgium.
After saving and apply, go to "Firewall - Diagnostics - Aliases" and check the contents of the alias you just created.
I just did it, and the problem was solved ! Thank you for your help.
I thing robvdw was right, there was an issue at ipinfo yesterday.
#83
General Discussion / Re: Where is TCP processed - C...
Last post by chemlud - Today at 01:26:47 PM #84
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by robvdw - Today at 12:59:37 PMThanks! The current ipinfo file processes fine and fixes the aliases. I suspect there either was a severely truncated file online yesterday afternoon for a short while, or it contained something that crashed the script that extracts them.
I also noticed that the IPv6 files were not updated yesterday, which would be consistent with some kind of truncated file that only contained IPv4 until 5.something.
File sizes before re-download:
File sizes after re-download:
I also noticed that the IPv6 files were not updated yesterday, which would be consistent with some kind of truncated file that only contained IPv4 until 5.something.
File sizes before re-download:
Code Select
-rw-r----- 1 root wheel 288 Jan 20 13:41 BA-IPv4
-rw-r----- 1 root wheel 27668 Jan 19 13:40 BA-IPv6
-rw-r----- 1 root wheel 14 Jan 20 13:41 BB-IPv4
-rw-r----- 1 root wheel 13532 Jan 19 13:40 BB-IPv6
-rw-r----- 1 root wheel 14 Jan 20 13:41 BD-IPv4
-rw-r----- 1 root wheel 116040 Jan 19 13:40 BD-IPv6
-rw-r----- 1 root wheel 916 Jan 20 13:41 BE-IPv4
-rw-r----- 1 root wheel 565784 Jan 19 13:40 BE-IPv6
-rw-r----- 1 root wheel 14 Jan 20 13:41 BF-IPv4
-rw-r----- 1 root wheel 23354 Jan 19 13:40 BF-IPv6
-rw-r----- 1 root wheel 1233 Jan 20 13:41 BG-IPv4
-rw-r----- 1 root wheel 122141 Jan 19 13:40 BG-IPv6
File sizes after re-download:
Code Select
-rw-r----- 1 root wheel 8492 Jan 21 12:49 BA-IPv4
-rw-r----- 1 root wheel 27668 Jan 21 12:49 BA-IPv6
-rw-r----- 1 root wheel 4531 Jan 21 12:49 BB-IPv4
-rw-r----- 1 root wheel 13532 Jan 21 12:49 BB-IPv6
-rw-r----- 1 root wheel 65683 Jan 21 12:49 BD-IPv4
-rw-r----- 1 root wheel 114769 Jan 21 12:49 BD-IPv6
-rw-r----- 1 root wheel 158563 Jan 21 12:49 BE-IPv4
-rw-r----- 1 root wheel 566429 Jan 21 12:49 BE-IPv6
-rw-r----- 1 root wheel 5637 Jan 21 12:49 BF-IPv4
-rw-r----- 1 root wheel 23354 Jan 21 12:49 BF-IPv6
-rw-r----- 1 root wheel 118374 Jan 21 12:49 BG-IPv4
-rw-r----- 1 root wheel 122103 Jan 21 12:49 BG-IPv6 #85
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by meyergru - Today at 12:51:25 PMAs expected (but with the community edition):
You cannot view this attachment.
You cannot view this attachment.
#86
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by Monviech (Cedrik) - Today at 12:45:01 PMDo these steps, first execute:
/usr/local/opnsense/scripts/filter/download_geoip.py
Then go to "Firewall - Aliases" and create a new alias that contains Belgium.
After saving and apply, go to "Firewall - Diagnostics - Aliases" and check the contents of the alias you just created.
/usr/local/opnsense/scripts/filter/download_geoip.py
Then go to "Firewall - Aliases" and create a new alias that contains Belgium.
After saving and apply, go to "Firewall - Diagnostics - Aliases" and check the contents of the alias you just created.
#87
25.1, 25.4 Series / Re: Wireguard issue(s)
Last post by Bob.Dig - Today at 12:16:57 PMFor Android there is "WG Tunnel", that can cope with dynamic IPs. If your resolution is to restart WG on OPNsens though, you might have another problem und upgrading OPNsense is strongly advised to begin with.
#88
General Discussion / Re: Where is TCP processed - C...
Last post by Seimus - Today at 12:12:44 PMTo be honest usually you want to disable. e.g force disabled ASPM off globally on OS level cause the per-device per-line disabling may not work always as it should... I usually disable ASPM in BIOS on everything or if not available or I have suspicions its not enough I force disable it globally in Linux.
https://wiki.archlinux.org/title/Power_management#Active_State_Power_Management
Regards,
S.
https://wiki.archlinux.org/title/Power_management#Active_State_Power_Management
Regards,
S.
#89
General Discussion / Re: Where is TCP processed - C...
Last post by OPNenthu - Today at 12:07:05 PMUnderstood, although there might be a reason why Protectli found that ASPM must be disabled globally rather than disabling it on a per-device basis with PCI sysctls. Usually you don't use the nuclear option unless there's a reason, but who knows.
#90
General Discussion / Re: subdomains / haproxy not w...
Last post by Patrick M. Hausen - Today at 11:57:07 AMYou need to whitelist your internal addresses.
Either with this parser:
https://app.crowdsec.net/hub/author/crowdsecurity/log-parsers/whitelists
or manually following the documentation:
https://doc.crowdsec.net/u/getting_started/post_installation/whitelists/
Either with this parser:
https://app.crowdsec.net/hub/author/crowdsecurity/log-parsers/whitelists
or manually following the documentation:
https://doc.crowdsec.net/u/getting_started/post_installation/whitelists/
