"Recent posts
#81
25.7, 25.10 Series / Re: Adding a VLAN takes 26 cli...
Last post by Patrick M. Hausen - November 23, 2025, 09:07:21 PMQuote from: johnmcallister on November 23, 2025, 08:56:02 PM*cough* that said, it sure would be nice to be able to copy-and-paste firewall rules between interfaces, say, by ticking the rule-selector checkbox and clicking "copy to Interface X"...
Click the "duplicate" symbol to the right, change interface in the opened rule edit dialog, possibly change some more things like source from "interface1 net" to "interface2 net", save, done. The UI will even take you to the "interface2" rules instead of where you started.
#82
25.7, 25.10 Series / Re: Adding a VLAN takes 26 cli...
Last post by johnmcallister - November 23, 2025, 08:56:02 PMJust chipping in my 2 bits --
While there are a lot of places where Opnsense's web UI could be improved or re-worked, IMO ALL of that sort of intention to polish and optimize the UI/UX -- 100% of it, every last bit -- is secondary, possibly even tertiary, to the reasons I use Opnsense in the first place:
• Stability
• Broad feature set with fine-grained configurability
• Frequent security updates.
Just continuing to keep the above 3 priorities fully-realized, as I believe they are now, is enough to keep me satisfied going forward.
Granted, ones's use case does influence such an opinion. That is to say as a small-time user who runs 3 small separate site networks on Opnsense, I probably only touch firewall rules, VLAN & interface assignments, etc. a few times a year, and when I do, all I care about is that they continue to work as-expected and reliably, regardless of whether it takes me 8 clicks or 58 clicks to make a change.
If I was a network admin in a enterprise setting, configuring one more new Opnsense instances a week, I might have a stronger wish for UI/UX polishing.
(*cough* that said, it sure would be nice to be able to copy-and-paste firewall rules between interfaces, say, by ticking the rule-selector checkbox and clicking "copy to Interface X"... although, thinking that through further, it might grease the rails overmuch towards people making broadly insecure and/or breaking changes to their firewall rule sets.)
While there are a lot of places where Opnsense's web UI could be improved or re-worked, IMO ALL of that sort of intention to polish and optimize the UI/UX -- 100% of it, every last bit -- is secondary, possibly even tertiary, to the reasons I use Opnsense in the first place:
• Stability
• Broad feature set with fine-grained configurability
• Frequent security updates.
Just continuing to keep the above 3 priorities fully-realized, as I believe they are now, is enough to keep me satisfied going forward.
Granted, ones's use case does influence such an opinion. That is to say as a small-time user who runs 3 small separate site networks on Opnsense, I probably only touch firewall rules, VLAN & interface assignments, etc. a few times a year, and when I do, all I care about is that they continue to work as-expected and reliably, regardless of whether it takes me 8 clicks or 58 clicks to make a change.
If I was a network admin in a enterprise setting, configuring one more new Opnsense instances a week, I might have a stronger wish for UI/UX polishing.
(*cough* that said, it sure would be nice to be able to copy-and-paste firewall rules between interfaces, say, by ticking the rule-selector checkbox and clicking "copy to Interface X"... although, thinking that through further, it might grease the rails overmuch towards people making broadly insecure and/or breaking changes to their firewall rule sets.)
#83
25.7, 25.10 Series / Re: WAN interface DNS to Veriz...
Last post by JMini - November 23, 2025, 08:44:30 PMI still saw the Verizon DNS in the logs. I did find the cause in AdGuard though.
"By default, AdGuard Home uses the following reverse DNS resolvers: "71.243.0.12:53", "71.250.0.12:53" "
So, this is for private IP stuff, so I just pointed it to DNSMasq on OPNSense which will resolve IPs for internal DHCP clients
"By default, AdGuard Home uses the following reverse DNS resolvers: "71.243.0.12:53", "71.250.0.12:53" "
So, this is for private IP stuff, so I just pointed it to DNSMasq on OPNSense which will resolve IPs for internal DHCP clients
#84
Web Proxy Filtering and Caching / Re: Nginx SNI SSL passthrough ...
Last post by Slydder - November 23, 2025, 08:34:48 PMHere is the actual config.
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
load_module /usr/local/libexec/nginx/ngx_http_naxsi_module.so;
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_http_brotli_filter_module.so;
load_module /usr/local/libexec/nginx/ngx_http_brotli_static_module.so;
load_module /usr/local/libexec/nginx/ngx_http_js_module.so;
load_module /usr/local/libexec/nginx/ngx_http_vhost_traffic_status_module.so;
user www staff;
worker_processes 1;
#error_log /var/log/nginx/error.log;
error_log syslog:server=unix:/var/run/log,facility=local6,nohostname warn;
events {
worker_connections 1024;
}
http {
include mime.types;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status';
log_format handshake '"$http_user_agent" "$ssl_ciphers" "$ssl_curves"';
log_format anonymized ':: - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#tcp_nopush on;
# https intercept detection
js_import /usr/local/opnsense/scripts/nginx/ngx_functions.js;
js_set $tls_intercepted ngx_functions.check_intercept;
# 200M should be big enough for file servers etc.
client_max_body_size 200M;
brotli_static on;
brotli on;
gzip_static on;
gzip on;
server_tokens off;
sendfile Off;
default_type application/octet-stream;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Map used in location.conf for proxy_ssl_name
map $ssl_server_name $upstream_sni_name {
default $ssl_server_name;
'' $host;
}
include http_post/*.conf;
# TODO add when core is ready for allowing nginx to serve the web interface
# include nginx_web.conf;
# UPSTREAM SERVERS
include opnsense_http_vhost_plugins/*.conf;
server {
listen 80;
listen [::]:80;
sendfile On;
server_name ucs-sso-ng.caritas-im-norden.de;
client_header_buffer_size 1k;
large_client_header_buffers 4 8k;
access_log /var/log/nginx/ucs-sso-ng.caritas-im-norden.de.access.log main;
access_log /var/log/nginx/tls_handshake.log handshake;
error_log /var/log/nginx/ucs-sso-ng.caritas-im-norden.de.error.log error;
#include tls.conf;
error_page 403 /opnsense_error_403.html;
error_page 404 /opnsense_error_404.html;
error_page 405 /waf_denied.html;
error_page 500 501 502 503 504 /opnsense_server_error.html;
location = /opnsense_error_403.html {
internal;
root /usr/local/etc/nginx/views;
}
location = /opnsense_error_404.html {
internal;
root /usr/local/etc/nginx/views;
}
location = /opnsense_server_error.html {
internal;
root /usr/local/etc/nginx/views;
}
proxy_intercept_errors off;
# location to ban the host permanently
set $naxsi_extensive_log 0;
location @permanentban {
access_log /var/log/nginx/permanentban.access.log main;
internal;
add_header "Content-Type" "text/plain; charset=UTF-8" always;
return 403 "You got banned permanently from this server.";
}
error_page 418 = @permanentban;
location = /waf_denied.html {
root /usr/local/etc/nginx/views;
access_log /var/log/nginx/waf_denied.access.log main;
}
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
proxy_pass http://127.0.0.1:43580;
}
# block based on User Agents defined in global http settings
if ($http_user_agent ~* Python-urllib|Nmap|python-requests|libwww-perl|MJ12bot|Jorgee|fasthttp|libwww|Telesphoreo|A6-Indexer|ltx71|okhttp|ZmEu|sqlmap|LMAO/2.0|l9explore|l9tcpid|Masscan|zgrab|Ronin/2.0|Hakai/2.0|Indy\sLibrary|^Mozilla/[\d\.]+$|Morfeus\sFucking\sScanner|MSIE\s[0-6]\.\d+) {
return 418;
}
location /opnsense-auth-request {
internal;
fastcgi_pass unix:/var/run/php-webgui.socket;
fastcgi_index index.php;
fastcgi_param TLS-Cipher $ssl_cipher;
fastcgi_param TLS-Protocol $ssl_protocol;
fastcgi_param TLS-SNI-Host $ssl_server_name;
fastcgi_param Original-URI $request_uri;
fastcgi_param Original-HOST $host;
fastcgi_param SERVER-UUID "532ac9d7-321f-4ce6-a569-8947c1ee60bc";
fastcgi_param SCRIPT_FILENAME /usr/local/opnsense/scripts/nginx/ngx_auth.php;
fastcgi_intercept_errors on;
include fastcgi_params;
}
if ($scheme != "https") {
return 302 https://$host$request_uri;
}
include 532ac9d7-321f-4ce6-a569-8947c1ee60bc_pre/*.conf;
include 532ac9d7-321f-4ce6-a569-8947c1ee60bc_post/*.conf;
}
}
stream {
# LOG FORMATS
log_format main '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
log_format anonymized ':: [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
# UPSTREAM SERVERS
upstream upstreama2f569d399594042bd3e87d44972480f {
server 10.200.1.2:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
upstream upstream9f39913216d146b9bba809e04c704161 {
server 10.200.6.2:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
upstream upstream33d1614fde14477b8286c258dbb57a74 {
server 10.200.1.4:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
upstream upstream7ec9246b91294af08d0f2dbd5373f412 {
server 10.200.1.5:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
upstream upstream419f7f5065ef436eae97b504c28d354b {
server 10.200.1.6:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
# upstream maps
map $ssl_preread_server_name $hostmap41cac9dd9a5f4a89a1e0be6c73445cc6 {
sub1.domain.tld upstream9f39913216d146b9bba809e04c704161;
sub2.domain.tld upstream9f39913216d146b9bba809e04c704161;
sub3.domain.tld upstream9f39913216d146b9bba809e04c704161;
sub4.domain.tld upstreama2f569d399594042bd3e87d44972480f;
sub5.domain.tld upstream33d1614fde14477b8286c258dbb57a74;
sub6.domain.tld upstream33d1614fde14477b8286c258dbb57a74;
sub7.domain.tld upstream33d1614fde14477b8286c258dbb57a74;
sub8.domain.tld upstream419f7f5065ef436eae97b504c28d354b;
sub9.domain.tld upstream7ec9246b91294af08d0f2dbd5373f412;
}
include opnsense_stream_vhost_plugins/*.conf;
# servers
server {
listen 443;
access_log /var/log/nginx/stream_843d8674-ab7a-48d0-b4ed-715b2036b605.access.log main;
error_log /var/log/nginx/stream_843d8674-ab7a-48d0-b4ed-715b2036b605.error.log info;
ssl_preread on;
include 843d8674-ab7a-48d0-b4ed-715b2036b605_pre/*.conf;
proxy_pass $hostmap41cac9dd9a5f4a89a1e0be6c73445cc6;
include 843d8674-ab7a-48d0-b4ed-715b2036b605_post/*.conf;
}
}
# mail {
# }
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
load_module /usr/local/libexec/nginx/ngx_http_naxsi_module.so;
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_http_brotli_filter_module.so;
load_module /usr/local/libexec/nginx/ngx_http_brotli_static_module.so;
load_module /usr/local/libexec/nginx/ngx_http_js_module.so;
load_module /usr/local/libexec/nginx/ngx_http_vhost_traffic_status_module.so;
user www staff;
worker_processes 1;
#error_log /var/log/nginx/error.log;
error_log syslog:server=unix:/var/run/log,facility=local6,nohostname warn;
events {
worker_connections 1024;
}
http {
include mime.types;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status';
log_format handshake '"$http_user_agent" "$ssl_ciphers" "$ssl_curves"';
log_format anonymized ':: - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#tcp_nopush on;
# https intercept detection
js_import /usr/local/opnsense/scripts/nginx/ngx_functions.js;
js_set $tls_intercepted ngx_functions.check_intercept;
# 200M should be big enough for file servers etc.
client_max_body_size 200M;
brotli_static on;
brotli on;
gzip_static on;
gzip on;
server_tokens off;
sendfile Off;
default_type application/octet-stream;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Map used in location.conf for proxy_ssl_name
map $ssl_server_name $upstream_sni_name {
default $ssl_server_name;
'' $host;
}
include http_post/*.conf;
# TODO add when core is ready for allowing nginx to serve the web interface
# include nginx_web.conf;
# UPSTREAM SERVERS
include opnsense_http_vhost_plugins/*.conf;
server {
listen 80;
listen [::]:80;
sendfile On;
server_name ucs-sso-ng.caritas-im-norden.de;
client_header_buffer_size 1k;
large_client_header_buffers 4 8k;
access_log /var/log/nginx/ucs-sso-ng.caritas-im-norden.de.access.log main;
access_log /var/log/nginx/tls_handshake.log handshake;
error_log /var/log/nginx/ucs-sso-ng.caritas-im-norden.de.error.log error;
#include tls.conf;
error_page 403 /opnsense_error_403.html;
error_page 404 /opnsense_error_404.html;
error_page 405 /waf_denied.html;
error_page 500 501 502 503 504 /opnsense_server_error.html;
location = /opnsense_error_403.html {
internal;
root /usr/local/etc/nginx/views;
}
location = /opnsense_error_404.html {
internal;
root /usr/local/etc/nginx/views;
}
location = /opnsense_server_error.html {
internal;
root /usr/local/etc/nginx/views;
}
proxy_intercept_errors off;
# location to ban the host permanently
set $naxsi_extensive_log 0;
location @permanentban {
access_log /var/log/nginx/permanentban.access.log main;
internal;
add_header "Content-Type" "text/plain; charset=UTF-8" always;
return 403 "You got banned permanently from this server.";
}
error_page 418 = @permanentban;
location = /waf_denied.html {
root /usr/local/etc/nginx/views;
access_log /var/log/nginx/waf_denied.access.log main;
}
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
proxy_pass http://127.0.0.1:43580;
}
# block based on User Agents defined in global http settings
if ($http_user_agent ~* Python-urllib|Nmap|python-requests|libwww-perl|MJ12bot|Jorgee|fasthttp|libwww|Telesphoreo|A6-Indexer|ltx71|okhttp|ZmEu|sqlmap|LMAO/2.0|l9explore|l9tcpid|Masscan|zgrab|Ronin/2.0|Hakai/2.0|Indy\sLibrary|^Mozilla/[\d\.]+$|Morfeus\sFucking\sScanner|MSIE\s[0-6]\.\d+) {
return 418;
}
location /opnsense-auth-request {
internal;
fastcgi_pass unix:/var/run/php-webgui.socket;
fastcgi_index index.php;
fastcgi_param TLS-Cipher $ssl_cipher;
fastcgi_param TLS-Protocol $ssl_protocol;
fastcgi_param TLS-SNI-Host $ssl_server_name;
fastcgi_param Original-URI $request_uri;
fastcgi_param Original-HOST $host;
fastcgi_param SERVER-UUID "532ac9d7-321f-4ce6-a569-8947c1ee60bc";
fastcgi_param SCRIPT_FILENAME /usr/local/opnsense/scripts/nginx/ngx_auth.php;
fastcgi_intercept_errors on;
include fastcgi_params;
}
if ($scheme != "https") {
return 302 https://$host$request_uri;
}
include 532ac9d7-321f-4ce6-a569-8947c1ee60bc_pre/*.conf;
include 532ac9d7-321f-4ce6-a569-8947c1ee60bc_post/*.conf;
}
}
stream {
# LOG FORMATS
log_format main '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
log_format anonymized ':: [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
# UPSTREAM SERVERS
upstream upstreama2f569d399594042bd3e87d44972480f {
server 10.200.1.2:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
upstream upstream9f39913216d146b9bba809e04c704161 {
server 10.200.6.2:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
upstream upstream33d1614fde14477b8286c258dbb57a74 {
server 10.200.1.4:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
upstream upstream7ec9246b91294af08d0f2dbd5373f412 {
server 10.200.1.5:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
upstream upstream419f7f5065ef436eae97b504c28d354b {
server 10.200.1.6:443 weight=1 max_conns=1000 max_fails=1000 fail_timeout=1000;
}
# upstream maps
map $ssl_preread_server_name $hostmap41cac9dd9a5f4a89a1e0be6c73445cc6 {
sub1.domain.tld upstream9f39913216d146b9bba809e04c704161;
sub2.domain.tld upstream9f39913216d146b9bba809e04c704161;
sub3.domain.tld upstream9f39913216d146b9bba809e04c704161;
sub4.domain.tld upstreama2f569d399594042bd3e87d44972480f;
sub5.domain.tld upstream33d1614fde14477b8286c258dbb57a74;
sub6.domain.tld upstream33d1614fde14477b8286c258dbb57a74;
sub7.domain.tld upstream33d1614fde14477b8286c258dbb57a74;
sub8.domain.tld upstream419f7f5065ef436eae97b504c28d354b;
sub9.domain.tld upstream7ec9246b91294af08d0f2dbd5373f412;
}
include opnsense_stream_vhost_plugins/*.conf;
# servers
server {
listen 443;
access_log /var/log/nginx/stream_843d8674-ab7a-48d0-b4ed-715b2036b605.access.log main;
error_log /var/log/nginx/stream_843d8674-ab7a-48d0-b4ed-715b2036b605.error.log info;
ssl_preread on;
include 843d8674-ab7a-48d0-b4ed-715b2036b605_pre/*.conf;
proxy_pass $hostmap41cac9dd9a5f4a89a1e0be6c73445cc6;
include 843d8674-ab7a-48d0-b4ed-715b2036b605_post/*.conf;
}
}
# mail {
# }
#85
Web Proxy Filtering and Caching / Nginx SNI SSL passthrough almo...
Last post by Slydder - November 23, 2025, 08:21:31 PMI have a strange situation here with Nginx and SNI SSL passthrough.
I have multiple OPNsense servers running similar configs for similar stacks on the backend.
Basically setup is as follows:
Stream Server is listening on 443 with "Route With" set to "SNI Upstream mapping" and the "SNI Upstream Mapping" is set to the SNI stack
SNI Based Routing has a single entry for all the domainnames are pointing to the correct "Upstream" entries
Upstream has all the correct entries pointing to the correct "Upstream servers"
Upstream Servers list all the correct backend server with IP:port settings priority 1 with 1000 for the rest of the settings.
Now here is where it gets interesting. Once I restart nginx it works great for anywhere between 10 seconds to 1 minute. but then no matter what I do I cat 404 errors 100% of the time after the initial working phase is over.
there are no errors in the logs and DNS is constant and correct.
Anyone have ANY ideas WTF is going on here?
thx
I have multiple OPNsense servers running similar configs for similar stacks on the backend.
Basically setup is as follows:
Stream Server is listening on 443 with "Route With" set to "SNI Upstream mapping" and the "SNI Upstream Mapping" is set to the SNI stack
SNI Based Routing has a single entry for all the domainnames are pointing to the correct "Upstream" entries
Upstream has all the correct entries pointing to the correct "Upstream servers"
Upstream Servers list all the correct backend server with IP:port settings priority 1 with 1000 for the rest of the settings.
Now here is where it gets interesting. Once I restart nginx it works great for anywhere between 10 seconds to 1 minute. but then no matter what I do I cat 404 errors 100% of the time after the initial working phase is over.
there are no errors in the logs and DNS is constant and correct.
Anyone have ANY ideas WTF is going on here?
thx
#86
Zenarmor (Sensei) / Zenarmor Packet Engine Not Sta...
Last post by GuruLee - November 23, 2025, 08:12:56 PMGreetings y'all. I searched back to June in this forum area and couldn't find any related posts, so here goes my issue:
I can no longer start the Zenarmor packet engine and I get these errors in notifications area:
* Error parsing lan interface configuration, bailing out
* Failed initializing network interfaces
netmap_register_if: igc2: NIOCREGIF ioctl failed for the interface: Cannot allocate memory
This issue started occurring after I set the following tunables on my Opnsense firewall:
dev.netmap.buf_num : 1000000
dev.netmap.ring_size : 4096
dev.netmap.generic_ringsize : 4096
dev.igc.0.fc : 0
dev.igc.1.fc : 0
dev.igc.2.fc : 0
hw.igc.max_interrupt_rate : 12000
My firewall was also restarted after making the above changes as well.
Current version and mode:
OPNsense 25.7.7_4-amd64
FreeBSD 14.3-RELEASE-p4
Zenarmor netmap is in emulated mode
I can no longer start the Zenarmor packet engine and I get these errors in notifications area:
* Error parsing lan interface configuration, bailing out
* Failed initializing network interfaces
netmap_register_if: igc2: NIOCREGIF ioctl failed for the interface: Cannot allocate memory
This issue started occurring after I set the following tunables on my Opnsense firewall:
dev.netmap.buf_num : 1000000
dev.netmap.ring_size : 4096
dev.netmap.generic_ringsize : 4096
dev.igc.0.fc : 0
dev.igc.1.fc : 0
dev.igc.2.fc : 0
hw.igc.max_interrupt_rate : 12000
My firewall was also restarted after making the above changes as well.
Current version and mode:
OPNsense 25.7.7_4-amd64
FreeBSD 14.3-RELEASE-p4
Zenarmor netmap is in emulated mode
#87
General Discussion / Re: GUI/Shell crashing
Last post by Mattps - November 23, 2025, 08:12:20 PMI believe the microcode update is in the latest BIOS update, which I have installed. I'll have a look at the other posts. Do you think this is an issue with the HP T730 or the PCIe NIC?
#88
General Discussion / Re: GUI/Shell crashing
Last post by meyergru - November 23, 2025, 07:57:49 PMDid you try installing the microcode updates? It does not look like it from the report...
There is definitely something off in the Power Management in your firmware:
If the uptime is exactly 20 Minutes, I would look for a BIOS watchdog. When you look at the forum search for HP T730, you will find a few other reports of systems freezing or crashing.
There is definitely something off in the Power Management in your firmware:
Quote[1] Firmware Warning (ACPI): Optional FADT field Pm2ControlBlock has valid Length but zero Address: 0x0000000000000000/0x1 (20221020/tbfadt-796)
If the uptime is exactly 20 Minutes, I would look for a BIOS watchdog. When you look at the forum search for HP T730, you will find a few other reports of systems freezing or crashing.
#89
Web Proxy Filtering and Caching / Re: Squid Proxy - How to route...
Last post by palleri - November 23, 2025, 07:56:03 PMHi, did you solve this?
I am trying to do the same.
Squid proxy through my ISP wireguard interface.
I am trying to do the same.
Squid proxy through my ISP wireguard interface.
#90
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by Patrick M. Hausen - November 23, 2025, 07:54:19 PMQuote from: emeliaerick on November 23, 2025, 07:29:02 PMHopefully a follow-up patch drops soon, because seeing those CVEs right after updating doesn't inspire much confidence.
The followup patch is 25.7. 25.1 is long EOL. Complaining about vulnerabilities in EOL software is a bit strange, don't you think. But you do you.
