"Recent posts
#91
Q-Feeds (Threat intelligence) / Re: Traffic from unassigned su...
Last post by Q-Feeds - December 05, 2025, 04:55:29 PMQuote from: Kets_One on December 01, 2025, 08:25:00 PMThanks for the suggestion.
However, I don't have managed switches installed. All other networking equipment I have monitored for years without such behaviour.
Strangely nslookup of 94.16.122.152 resolves s7.vonderste.in.
Not known as a part of the ntp.pool, maybe just an NTP client.
Indeed this doesnt explain the source ip.
Update:
Just now a new request was made from 192.168.90.100:123 to a different destination ip: 217.144.138.234, which appears to be an NTP server: ntp2.wup-de.hosts.301-moved.de. Again i am unable to locate the source ip / host on my LAN. Maybe some WireShark is in order...
94.16.122.152 is identified as a TOR node, that's why it's on our list :)
#92
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by viragomann - December 05, 2025, 04:45:17 PMDu hast aber die Remote IP und den Remote Identifier für jede Verbindung klar definiert?
Und es sind IKEv2?
Was steht im Log zum Nichtzustandekommen der weiteren Verbindung?
Und es sind IKEv2?
Was steht im Log zum Nichtzustandekommen der weiteren Verbindung?
#93
25.7, 25.10 Series / os-OPNWAF / Exchange 2019 auth...
Last post by humnab - December 05, 2025, 04:44:04 PMHello,
we're migration from a Sophos UTM to opnsense-business and try to replace the Sophos WAF with os-OPNWAF.
No we have the problem that we get authentication Popups in Outlook when we try to connect externally.
After canceling the popups or entering the password 2-3 times Outlook shows online.
When we do the same with the caddy plugin we have no popups (but no WAF), with the Sophos UTM WAF we also have no Popups.
Any idea whats wrong? The Web Protection is disabled in os-OPNWAF, the Locations are configured as "Exchange Server", the Remote destionatios with https://IP of Exchange...Thanks!
we're migration from a Sophos UTM to opnsense-business and try to replace the Sophos WAF with os-OPNWAF.
No we have the problem that we get authentication Popups in Outlook when we try to connect externally.
After canceling the popups or entering the password 2-3 times Outlook shows online.
When we do the same with the caddy plugin we have no popups (but no WAF), with the Sophos UTM WAF we also have no Popups.
Any idea whats wrong? The Web Protection is disabled in os-OPNWAF, the Locations are configured as "Exchange Server", the Remote destionatios with https://IP of Exchange...Thanks!
#94
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by gfroehlich - December 05, 2025, 04:36:02 PMdas dachte ich eigentlich auch, dass die ID egal ist. Es hat aber nur mit der echten IP bzw. FQDN funktioniert.
Wenn ich die zweite Seite ganz weglassen will, kann ich nur eine PSK anlegen, und müsste die für alle Verbindungen verwenden.
Das hab ich sogar versucht, da war auch immer nur eine Verbindung aktiv.
Wenn ich die zweite Seite ganz weglassen will, kann ich nur eine PSK anlegen, und müsste die für alle Verbindungen verwenden.
Das hab ich sogar versucht, da war auch immer nur eine Verbindung aktiv.
#95
General Discussion / Re: Behind ISP Router vs DMZ H...
Last post by Untoasted9563 - December 05, 2025, 04:23:25 PMHope its ok to jump into this slightly older thread, but my issue is related to that one. I switched to fiber, and my crappy ISP only provides modems/router with no bridge mode, meaning I also need to rely on placing my OPNsense into this pseudo-DMZ.
If OPNsense has the DMZ-host (private) IP on its WAN interface, what does that mean in terms of fire-walling? Do I lose all information about originating IPs? Will all inbound connections to OPNsense just show the ISP router IP 192.168.1.1? I rely heavily on geo-blocking and additional blocklists, which I cannot afford to lose.
Sorry if this is a bad place to ask, I can start a new thread if this seems like a hijack of that thread.
If OPNsense has the DMZ-host (private) IP on its WAN interface, what does that mean in terms of fire-walling? Do I lose all information about originating IPs? Will all inbound connections to OPNsense just show the ISP router IP 192.168.1.1? I rely heavily on geo-blocking and additional blocklists, which I cannot afford to lose.
Sorry if this is a bad place to ask, I can start a new thread if this seems like a hijack of that thread.
#96
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by MoonbeamFrame - December 05, 2025, 03:45:02 PMI'm using unique tokens on all firewalls.
I'm deducing that the maximum download exceeded is due to the firewall making multiple attempts to download the file, which matches the logs.
If I use curl to download the file from another location I see ?token=f2cbc8898bc30a appended to the filename.
I'm also seeing:
In order to use GeoIP, you need to configure a source in the GeoIP settings tab
When I go into the Firewall: Aliases
I'm deducing that the maximum download exceeded is due to the firewall making multiple attempts to download the file, which matches the logs.
If I use curl to download the file from another location I see ?token=f2cbc8898bc30a appended to the filename.
I'm also seeing:
In order to use GeoIP, you need to configure a source in the GeoIP settings tab
When I go into the Firewall: Aliases
#97
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by DEC670airp414user - December 05, 2025, 03:38:19 PMi am not using this product. but i did sign up for it. i stayed with Opnsense Business edition geoblocking
anyways. my lite account says unlimited requests using the API access.
seems weird they would be blocking all of a sudden?
anyways. my lite account says unlimited requests using the API access.
seems weird they would be blocking all of a sudden?
#98
General Discussion / Re: Some sites think I live in...
Last post by coffeecup25 - December 05, 2025, 03:33:29 PMQuote from: OPNenthu on December 01, 2025, 07:34:47 PMQuote from: coffeecup25 on December 01, 2025, 07:13:27 PMI'm sure they are expanding rapidly vs Comcast.They are a little late to the party, but coincidentally I just got an email today that they'll be working in my neighborhood next week to expand their multigig (symmetrical) service here. That's a huge deal as the 30-40Mbps upload cap is no longer viable, and they recognize it, but I don't expect the pricing to be competitive with lesser-known fiber ISPs.
Take a look at what they offer as soon as they are open for business in your area. My new company is very easy to work with. I'm using their free ont and my own router (obviously). No charge for home visit to install from the outdoor hookups. They came to bury the cable when they said they would. No drama of any kind.
Comcast was ok by me until they stopped negotiating better pricing at contract renewals. I tried t_mobile wifi, It offers well over 1 gb wireless at my house. I live very close to a tower. But the modem didn't have a bridge mode and it became very erratic when plugged into the WAN port. I had to send it back. They also had data caps for highest speed data.
Comcast is today offering 1 gb for $50 with a 5 year lock and no data caps. If they still have it in a few months, without typical Comcast drama, I will take a look at going back.
#99
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by meyergru - December 05, 2025, 03:30:50 PMIt works just fine for me and there is a very simple explanation that hides behind this log line:
Ipinfo has a daily download limit that you have exceeded, probably because you use the same token on multiple OpnSense instances.
Code Select
2025-12-05T11:42:13 Error firewall geoip update failed : You have reached your 10 downloads per day limit for ipinfo_lite.csv.gz from [ip.ad.dr.ess] Please reach out to increase your limit via support@ipinfo.io. [http_code: 429]
Ipinfo has a daily download limit that you have exceeded, probably because you use the same token on multiple OpnSense instances.
#100
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by viragomann - December 05, 2025, 03:24:16 PMHallo,
Die ID kann meines Wissens beliebig gewählt werden. Die beiden Seiten müssen sich nur einig sein.
Also deine IP ist bspw. guenter. Dann muss die Remoteseite guenter verifizieren.
Du solltest aber jede Seite auch so einstellen können, dass sie die Remote-ID gar nicht prüft.
Quote from: gfroehlich on December 05, 2025, 01:34:08 PMDer verzweifelte Versuch mit Fake ID's hat klarer Weise auch nicht funktioniert.Klar ist mir das nicht.
Die ID kann meines Wissens beliebig gewählt werden. Die beiden Seiten müssen sich nur einig sein.
Also deine IP ist bspw. guenter. Dann muss die Remoteseite guenter verifizieren.
Du solltest aber jede Seite auch so einstellen können, dass sie die Remote-ID gar nicht prüft.
