"Recent posts
#91
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by franco - November 25, 2025, 03:52:28 PMIt's pretty interesting. I'll try to delete it when I see embedded links, but they mostly stick random stuff on here or repost old forum messages and only go back later and add links everywhere they already posted.
Cheers,
Franco
Cheers,
Franco
#92
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by meyergru - November 25, 2025, 01:51:55 PMSaw that only after it started advertising... damn AI slop.
#93
25.1, 25.4 Series / Re: Question about 2 vulnerabi...
Last post by franco - November 25, 2025, 01:32:43 PMYou both have been arguing with a bot :)
#94
25.7, 25.10 Series / Re: Problems Uploading Photos ...
Last post by AnthonyStark - November 25, 2025, 12:55:52 PMI was able to identify the issue. Contrary to the recommendations in the documentation - which I was not yet aware of at the time - I had mixed tagged and untagged VLANs on the switch port. All VLANs are now tagged, and the problem no longer occurs.
EDIT:
Too early, the problem unfortunately still occurs.
EDIT:
Too early, the problem unfortunately still occurs.
#95
General Discussion / Re: Site-2-Site VPN and additi...
Last post by tkrn - November 25, 2025, 12:53:45 PMI had a similar problem where I was just getting a single end point on my site-to-site VPN and I could not get a L3 subnet for a full route table between networks. My problem turned out to be that the common name has to match the client certificate which I issued to the other site. The common name did not match the common name within the certificate thus never applying the Client Specific Overrides which is the mechanism that pushes the routed subnets. As you expand the common name within Client Specific Overrides, it gave me the hint that "Enter the client's X.509 common name here."
After that was resolved, I forced a disconnect and it came back up as expected! Additionally, my OpenVPN role is SERVER, and type TUN, topology SUBNET. Let me know if you have any questions!
After that was resolved, I forced a disconnect and it came back up as expected! Additionally, my OpenVPN role is SERVER, and type TUN, topology SUBNET. Let me know if you have any questions!
#96
Virtual private networks / VPN Site-to-Site + LDAP
Last post by Jhon Luke - November 25, 2025, 12:45:01 PMPreciso criar uma VPN Site-to-Site, onde a filial se autenticará com o Active Directory da matriz e toda a navegação será controlada pela matriz.
Quem pode me ajudar a configurar essa VPN?
Envie-me uma mensagem privada.
I need to create a Site-to-Site VPN, where the branch office will authenticate with the headquarters' Active Directory, and all browsing will be controlled by headquarters.
Who can help me set up this VPN?
Message me privately.
Quem pode me ajudar a configurar essa VPN?
Envie-me uma mensagem privada.
I need to create a Site-to-Site VPN, where the branch office will authenticate with the headquarters' Active Directory, and all browsing will be controlled by headquarters.
Who can help me set up this VPN?
Message me privately.
#97
General Discussion / Re: GUI/Shell crashing
Last post by Mattps - November 25, 2025, 12:36:36 PMThank you,
I did try the tuneable (point 23) as you suggested previous - as indicated in post #3. Sorry, only just spotted Patrick's reply - this was installed before creating this post.
I did try the tuneable (point 23) as you suggested previous - as indicated in post #3. Sorry, only just spotted Patrick's reply - this was installed before creating this post.
#98
25.7, 25.10 Series / Re: VPN: IPsec: Status Overvie...
Last post by dstr - November 25, 2025, 11:41:53 AM25.7.7_4-amd64 fixed phase2 view
Thanks and regards
Thanks and regards
#99
Hardware and Performance / Re: N150 / N355 good fits?
Last post by Seimus - November 25, 2025, 11:32:16 AMQuote from: Billy2010 on November 24, 2025, 09:26:29 PMAre there good alternatives to Zenarmor?
Or are there better solutions offering this kind of configuration.
A dream machine pro max also has 5G with ids. And thats not even per core it seems on first glance
Well ZA is mainly a NGFW, the closest alternative or better to say the only alternative is Suricata. And I have a feeling Suricata supports multicore... But you would have to check. However Suricata is without the nice reporting that ZA provides on Device.
Unify solution for IDS is done bit differently from ZA, it reaches higher throughput thats true. But its not vendor agnostic.
Quote from: Billy2010 on November 24, 2025, 09:26:29 PMWould you suggest the i5 1335u (1334u was a typo).
They also have a H155 (6P+8E+2le cores).
If your use case and deployment requires an IDS/NGFW, I would target a system that can deliver the highest possible performance per CORE.
Regards,
S.
#100
25.7, 25.10 Series / Re: VPN: IPsec: Status Overvie...
Last post by Monviech (Cedrik) - November 25, 2025, 11:27:22 AMThat missing commands translation seems to be a small oversight here:
https://github.com/opnsense/core/pull/9453
https://github.com/opnsense/core/pull/9453
