"Recent posts
#91
High availability / Re: Strange Behaviour in OPNse...
Last post by iqt4 - December 31, 2025, 01:28:36 PMRunning OPNsense 25.7.10 and have similar issues. Setting "Persistent Maintenance Mode" on master does not trigger the failover. Switching CARP off or bringing the system down works as expected. See also https://github.com/opnsense/core/issues/7877#issuecomment-3381867596.
I tried to increase demotion on the command level with no success:
I can always see changes in the log but CARP failover does not happen anymore:
I tried to increase demotion on the command level with no success:
Code Select
root@ops-1:~ # sysctl net.inet.carp.demotion=240I can always see changes in the log but CARP failover does not happen anymore:
Code Select
2025-12-31T13:17:17Noticekernel <6>[817] carp: demoted by 240 to 240 (sysctl) #92
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - December 31, 2025, 01:24:34 PMI'm having the same problem. I transitioned from ISC to dnsmasq as part of my upgrade to 25.7. When dnsmasq works, it works extremely well. But I've just run into my 4th occurrence this morning where I found that most of my network was down because the devices could not renew their ip addresses. I have a desktop with a static IP and I used that to log into the firewall. I found the gateway monitor service, ddclient and dnsmasq all "off". I restarted dnsmasq plus the other services and my network is working again. I've checked the logs and it doesn't show anything meaningful (see attached), and my dmesg entries only show arp proxy ignoring request entries. Attached is also my configuration... I love the simplicity of dnsmasq and don't want to switch. Any help would be appreciated.
TIA
TIA
#93
25.7, 25.10 Series / Re: CVE-2025-14847 vulnerabili...
Last post by Seimus - December 31, 2025, 12:43:54 PMThere really is no reason to ask this other than on the ZA subsection on the forum.
If you want a faster responce you can always open the a ticket via the ZA GUI in OPNsense.
Regards,
S.
If you want a faster responce you can always open the a ticket via the ZA GUI in OPNsense.
Regards,
S.
#94
Virtual private networks / Re: OpenVPN Instances - Ignore...
Last post by senses118 - December 31, 2025, 12:13:40 PMQuote from: Patrick M. Hausen on September 20, 2024, 07:24:22 PMOPNsense is the server. Why would you configure a client side setting there? This goes into the config file for the client.
If you are using OPNsense as a client you did not say so and the most common scenario for OpenVPN is OPNsense as server and users with PCs, Macs, ... as clients.
I too would like some way to use "pull-filter ignore redirect-gateway" if it's possible.
Patrick, I have opted to use OpenVPN client instances with my setup where I simultaneously connect to both my provider's UDP and TCP servers in a failover group. The significant benefit of OpenVPN clients are their ability to hold a large list of server addresses in the client config and connect to them at random using the 'remote-random' option. I run all my WAN traffic through the VPN failover group 24/7 and this allows me to use Home Assistant automation to force either client to reconnect when latency or packet loss gets high during peak times. Some servers are usually less crowded than others. I find this works really well. WireGuard, to my knowledge, can't do this?
#95
German - Deutsch / Re: Caddy + ACME Client mit HT...
Last post by Patrick M. Hausen - December 31, 2025, 11:40:49 AMQuote from: viragomann on December 31, 2025, 10:52:52 AMHTTP-Anfragen auf Domains, die HTTPS bereitstellen, sollen automatisch auf HTTPS umgeleitet werden.
Das ist der Default bei Caddy. Du richtest den Reverse-Proxy (Domain und Handler) für HTTPS ein - Backend HTTPS oder HTTP je nachdem - und der gesamte Rest - ACME-Challenge auf Port 80, Umleitung 80 --> 443, ... passiert vollautomatisch.
#96
25.7, 25.10 Series / Re: CVE-2025-14847 vulnerabili...
Last post by PencilHCV - December 31, 2025, 11:38:01 AMI know I can change the Database engine to Elasticsearch and then the problem is gone, right? But it would be good to know if the vulnerability is there in the Mongo Database that Zenarmor uses.
best regards,
Hugo
best regards,
Hugo
#97
25.7, 25.10 Series / Re: CVE-2025-14847 vulnerabili...
Last post by PencilHCV - December 31, 2025, 11:35:03 AM2.31
#98
25.7, 25.10 Series / Re: CVE-2025-14847 vulnerabili...
Last post by sopex8260 - December 31, 2025, 11:32:38 AMWhich version of zenarmor are you using?
#99
25.7, 25.10 Series / Re: Why can't you host the ISO...
Last post by sopex8260 - December 31, 2025, 11:18:24 AMI fail to understand what the problem is.
Can you please explain what is the problem with the current iso file, without all the irrelevant details?
Can you please explain what is the problem with the current iso file, without all the irrelevant details?
#100
25.7, 25.10 Series / CVE-2025-14847 vulnerability M...
Last post by PencilHCV - December 31, 2025, 11:14:56 AMHello everyone and Happy New Year!
I know this belongs to "Zenarmor", but it's been a few days since I asked there with no response. Can anyone please answer my question:
"Is Mongo Database vulnerable to CVE-2025-14847?"
best regards,
Hugo
I know this belongs to "Zenarmor", but it's been a few days since I asked there with no response. Can anyone please answer my question:
"Is Mongo Database vulnerable to CVE-2025-14847?"
best regards,
Hugo
