"Recent posts
#91
General Discussion / Re: Unable to syncronize NTP h...
Last post by LorneMalvo - December 01, 2025, 06:48:08 PMHere you have.
#92
General Discussion / Re: Unable to syncronize NTP h...
Last post by Patrick M. Hausen - December 01, 2025, 06:35:51 PMI cannot see anything. If you posted a picture please attach to the forum post. I block so called image hosting sites.
#93
Tutorials and FAQs / Re: How-To crowdsec protecting...
Last post by cookiemonster - December 01, 2025, 06:31:25 PMHi there. Yes I did want to test that to migrate it but I came to a total block. I asked the haproxy maintainer but he hasn't the time to look into properly https://github.com/opnsense/plugins/issues/4923 . It could very well that it can be overcome with some tactical measure but I can not see it.
The "problem" is down to the fact the haproxy plugin exposes your options in a UI and builds the config from it. That is expected of course. But we need to get that config to include the separate config of spoa i.e. read it in as if it was a "source" file so that the configuration includes it. That needs a change in the way the plugin currently works.
For this reason it is behind what the opnsense plugin maintainer can do and when.
The "problem" is down to the fact the haproxy plugin exposes your options in a UI and builds the config from it. That is expected of course. But we need to get that config to include the separate config of spoa i.e. read it in as if it was a "source" file so that the configuration includes it. That needs a change in the way the plugin currently works.
For this reason it is behind what the opnsense plugin maintainer can do and when.
#94
General Discussion / Re: Unable to syncronize NTP h...
Last post by LorneMalvo - December 01, 2025, 06:27:23 PMHi Patrick.
Thank you very much for your answer.
I've tried the following rule in LAN, but isn't working:
What I'm doing wrong? I've checked live logs and I can see WAN NTP logs working, but nothing about LAN.. Enable Logging on rule is marked.
Thank you very much for your answer.
I've tried the following rule in LAN, but isn't working:
What I'm doing wrong? I've checked live logs and I can see WAN NTP logs working, but nothing about LAN.. Enable Logging on rule is marked.
#95
Tutorials and FAQs / Re: How-To crowdsec protecting...
Last post by djbobyd - December 01, 2025, 06:11:48 PMHello,
I've been looking into your tutorial, thanks a lot for it, and I was wondering now that crowdsec actively promotes the HAproxy SPOA remediation component do you consider experimenting with it and possibly add a tutorial about using it instead of the old bouncer? I am not sure if it's possible at all but I assume it should be easier to integrate, or at least that is the impression I get from the crowdsec documentation :) . Thanks!
I've been looking into your tutorial, thanks a lot for it, and I was wondering now that crowdsec actively promotes the HAproxy SPOA remediation component do you consider experimenting with it and possibly add a tutorial about using it instead of the old bouncer? I am not sure if it's possible at all but I assume it should be easier to integrate, or at least that is the impression I get from the crowdsec documentation :) . Thanks!
#96
General Discussion / Re: Some sites think I live in...
Last post by OPNenthu - December 01, 2025, 05:47:45 PMI don't know if this applies to you but if you used a VPN (assuming it set your exit node to e.g. Canada), then your browser may have cookies and DNS caches still hanging around and causing sites to misplace you in that region long after you've disconnected from the VPN. This used to happen to me sometimes when I used VPN apps on my client. It's probably a good idea to do VPN browsing in a private or incognito browser window.
CDNs might also cause some troubles, I guess.
CDNs might also cause some troubles, I guess.
#97
General Discussion / Re: Some sites think I live in...
Last post by meyergru - December 01, 2025, 05:06:47 PMYou cannot fix that on your end. It might be that your ISP inherited an IP netblock that once was located in Canada.
Different geolocation services may yield different results, so depending on which are used by the sites you visit, some may think you are in Canada and some may already know the correct location. You can check your WAN IP against some publicly available services like ipinfo.io (https://ipinfo.io/) or Maxmind (https://www.maxmind.com/en/geoip-demo). Note, however, that there are other services as well.
Probably, you can ask your ISP to ask those service suppliers to correct their data. The only other way of fixing it would be to use a VPN service that can put you in the USA when you select an appropriate exit node.
This has nothing to do with how OpnSense does the geolocation - it does not matter to external sites. BTW: You can choose between Maxmind (https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html) and IPinfo (https://docs.opnsense.org/manual/how-tos/ipinfo_geo_ip.html) there, with IPinfo usually being more accurate - but it does not fix the problem on the sites you visit.
Different geolocation services may yield different results, so depending on which are used by the sites you visit, some may think you are in Canada and some may already know the correct location. You can check your WAN IP against some publicly available services like ipinfo.io (https://ipinfo.io/) or Maxmind (https://www.maxmind.com/en/geoip-demo). Note, however, that there are other services as well.
Probably, you can ask your ISP to ask those service suppliers to correct their data. The only other way of fixing it would be to use a VPN service that can put you in the USA when you select an appropriate exit node.
This has nothing to do with how OpnSense does the geolocation - it does not matter to external sites. BTW: You can choose between Maxmind (https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html) and IPinfo (https://docs.opnsense.org/manual/how-tos/ipinfo_geo_ip.html) there, with IPinfo usually being more accurate - but it does not fix the problem on the sites you visit.
#98
General Discussion / Re: boost-libs: missing redis
Last post by franco - December 01, 2025, 05:05:16 PMI'd just reinstall boost-libs from the GUI. The reference to redis is likely coincidental.
Cheers,
Franco
Cheers,
Franco
#99
General Discussion / Some sites think I live in Can...
Last post by coffeecup25 - December 01, 2025, 04:51:10 PMSome sites I connect to started thinking I live in Toronto, Canada, rather than the Midwest USA where I have always lived. Not all. Some that appear to make an effort to geolocate me get my actual location right.
I think I am using Unbound / AdGuard Home for my DNS. Ipconfig on Windows shows my router as the DNS server. I followed instructions for Adguard Home that claim I am using Unbound for DNS.
This Canada thing is an annoyance. Is there any way to fix it? I suppose I could write down a list of external DNS servers on my KEA DNS page. But, after a debate a few months ago, I like things this way now.
I think I am using Unbound / AdGuard Home for my DNS. Ipconfig on Windows shows my router as the DNS server. I followed instructions for Adguard Home that claim I am using Unbound for DNS.
This Canada thing is an annoyance. Is there any way to fix it? I suppose I could write down a list of external DNS servers on my KEA DNS page. But, after a debate a few months ago, I like things this way now.
#100
General Discussion / Re: Is public-dns.info still a...
Last post by meyergru - December 01, 2025, 04:47:13 PMNot a single IPv6 in that list (as the comment already suggests) - but worse, the IPv4 ones used by Mozilla are not in that list, either:
The RPZ-type lists could be used in Unbound, but there is no automation in OpnSense.
Code Select
Name: mozilla.cloudflare-dns.com
Address: 172.64.41.4
Name: mozilla.cloudflare-dns.com
Address: 162.159.61.4
Name: mozilla.cloudflare-dns.com
Address: 2a06:98c1:52::4
Name: mozilla.cloudflare-dns.com
Address: 2803:f800:53::4
The RPZ-type lists could be used in Unbound, but there is no automation in OpnSense.
