I am going with 25.1, not 25.7

Started by someone, October 06, 2025, 04:27:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 06, 2025, 04:27:28 PM
After installing 25.7 there are to many problems
packages - missing half
dashboard - unstable traffic graph
missing IPV4 - no drop down for wan IPV4 for dns input in system>settings>dns server input
No IPS logs in syslog when checked
October 06, 2025, 04:48:22 PM #1
https://forum.opnsense.org/index.php?topic=49185.msg249108#msg249108

And have you actually installed 25.7.4 or just 25.7?
October 06, 2025, 05:07:40 PM #2
I was just going to say that
I will download again and reinstall and test it
I am sure it will be fixed
I will keep monitoring
It may be fixed already

Not sure now, its gone

Oh, let me check the tar version, it does say 25.7, thats all
will download the updated version, and try again
you guys are fast
Thanks, and thanks again
October 07, 2025, 05:58:15 PM #3 Last Edit: October 07, 2025, 06:08:17 PM by someone
Same version 25.7.4
The dashboard is fixed
The IPV4 is not fixed unless you plan to leave it that way
Example
Dashboard and system settings missing IPV4 default gateway
New Way- The IPV4 gateway name and IP appears only after obtaining dhcp address
Old way the default gateway name was always there, IP appear after dhcp address obtained
So in system>settings>general>networking
old way - had default IPV4 gateway to attach our dns servers to before going online
therefore you had specific servers to use
new way - No IPV4 gateway in dashboard,it will bring up a dhcp gateway in dashboard and in networking
only after connecting to the internet, then the IPV4 gateway appears in the dropdown
then we can connect the gateway to the dns servers
Problem with that is security
you are going online with no dns
it could go anywhere

workaround was to manually create a IPV4 gateway to attach dns before going online
then you have two IPV4 gateways in the dashboard

After that I guess we could delete one if we had to
Gotta remember, I am attacked every 5 seconds
My ISP doesnt use filters
Last years filters dont apply, internet has changed
We have to recreate them
I counted connection to 35 servers all over the world just to go to one popular store site
Some of these new servers are using old banned IP ranges, many re asiigned
October 07, 2025, 06:14:17 PM #4
I said packages but meant plugins
Am interested in seeing wazuh-agent
October 07, 2025, 06:26:27 PM #5
Packages/plugins are there. I would still like to point you to the "Show community plugins" checkbox.

For another issue it would benefit from you breaking one issue down because it's not clear what you mean for each one.

o You say IPv4 gateway missing but you don't tell us what your WAN setup is.

o DNS security is certainly important but asking root servers is a good standard setup?

o Also not sure which threat scenarios you are trying to protect against. We have a number of services for that like Crowdsec, Intrusion detection and a firewall which blocks incoming traffic by default.


Cheers,
Franco
Today at 05:33:21 AM #6 Last Edit: Today at 06:30:30 AM by someone
First thanks
Basic setup, router PC and OS PC
Wan is default and facing internet
Yes something is missing in 25.7-25.7.5
The IPV4 gateway in system>settings>general drop down box next to the dns servers
It was in all previous versions
I explained why we need it, I think
I explained that I have to go online without a dns setting and wait for a IPV4 gateway to show up in
system> settings>general to connect dns servers to
This for me makes opnsense dns work, its easy to setup for a noob
I prefer not to mention vulnerabilities in other methods
thanks
Today at 05:38:14 AM #7 Last Edit: Today at 06:27:35 AM by someone
Yes I am using 25.7.5, it works
But would like that setting back
IPV6 is there, why cant we put IPV4 back in the drop down box like on previous versions
I use it. Its the only way I get it unbound to work, ive tried many other methods though,
didnt last longer than 3 days. I am always interested in learning, to many attack vectors here,
some were major corporations I cant name, dont see them any more, these settings are the only way I keep opnsense running
that I have found, and still have to reload every two weeks
thanks again
help always appreciated
yes I am looking at crowdsec and aparmour, I have to read the forum about them, I havnt seen that they are better than suricata
I update my blocklists from global security sites
Except I need endpoint monitoring
My operating system has aparmour built in. Learning how to use it, no gui.
Info, Yes a forced connection can bypass the firewall.
Intrusions are from the browser 75 percent of the time, others are bots, scans of all kinds, trying to force connections, ack attacks
from servers already connected, etc
I even tried locking down the lan via the firewall, only allowing by ip direction, that didnt work to good.
They know your ip when they steal your logs
Oh and please dont think ill of me the way I explain getting dns to work when they are under attack or compromised to a noob, it works
If anyone has another method, feel free , I will try all, still looking for more permanent, thanks again
Print
Go Up Pages1
User actions