Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟯/𝟬𝟵/𝟭𝟭 (Valuable News - 2023/09/11) available.

😈 https://vermaden.wordpress.com/2023/09/11/valuable-news-2023-09-11/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Heute gab es wieder einmal Meldungen vom Monitoring, dass meine Firewall zu Hause ab und zu nicht erreichbar sei. Als ich dann per VPN kurz nachgeschaut habe, konnte ich ohne Probleme verbinden. Kurz nachgedacht und wieder mal die Statetable angeschaut. Auf der #OPNsense ist das Maximum der States per Default auf 200k limitiert. Diesen Wert musste ich in der Vergangenheit schon mehrfach erhöhen. Aber anscheind reichten meine 800k immer noch nicht...

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟯/𝟬𝟵/𝟬𝟰 (Valuable News - 2023/09/04) available.

😈 https://vermaden.wordpress.com/2023/09/04/valuable-news-2023-09-04/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Die ITler in meinem Alter sollten eigentlich alle wissen was #zfs im Detail ist und bedeutet ... aber es gibt ja auch noch den Nachwuchs. Zudem wollte ich mein Gedächtnis noch mal prüfen und Auffrischen und die Einführung von ZFS in #opnsense bot die Anlass sich die Thematik ZFS nochmals genau anzusehen. Hier der Link zu meinem Blogartikel zu dem Thema.

https://www.purrucker.de/2023/09/03/opnsense-mit-zfs/

Using #OPNSense, is there really no "self-service" web interface? Where a user can login and do nothing beside changing their password, setting up OTP, download a #VPN config and (if needed) renew their users #X509 #cert (for that VPN)?

Right now it seems, if using OTP, an admin has to create the initial secret. Tell that to the user somehow. Also tell them initial password. Then user can login - and change password / request new OTP seed. But *nothing* else.

There appears to be no way to get the user a VPN config safely, have them update their cert once a year (default lifetime 397 days). Except for an admin doing the work of exporting the VPN config/cert and storing those exports in some other system, to which the user then needs access to download their config (or updated cert).

Really?

I hope I only miss stuff, this would be a *huge* point against OPNsense, unfortunately. I can't have an admin go and recreate things all the time.

Soo, what did I miss?

#opnsense 23.7.3 released

https://forum.opnsense.org/index.php?topic=35682.0

Somehow I missed three releases of #opnsense. Time to upgrade...

🎶 Tonight, I'm gonna have myself a real good time... 🎵

🎉 DEFGUARD massive 0.7.0 🎉

1. Forward auth for reverse #proxy
2. Remote user enrollment
3. User onboarding after enrollment
4. Email/#SMTP support
5. Send debug/support information
6. Native #FreeBSD #Wireguard #Kernel support
7. #OPNSense Plugin
8. UI #React Components Library

Full release notes:

https://github.com/DefGuard/defguard/releases/tag/v0.7.0

#security #vpn #OpenSource #openid #privacy #selfHosted #SelfHosting

Aus dem nichts meldet OpnSense bei einem ipsec, das sonst super stabil läuft "Authentication failed" und killt die Verbindung. Nach forciertem Neustart der Verbindung gehts wieder. Sehr vertrauenserweckend.
#admin #opnsense

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟯/𝟬𝟴/𝟮𝟴 (Valuable News - 2023/08/28) available.

😈 https://vermaden.wordpress.com/2023/08/28/valuable-news-2023-08-28/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Und wieder einmal Code angeschaut und sofort nen Security Issue reporten müssen … #OPNsense

I had to make a change on my network's router which is an old Dell OptiPlex 7050 SFF with 24GB of RAM and a 256GB SSD. I replaced #OpenBSD with #OPNsense (aka #FreeBSD) because I need to be able to use #SlackHQ #Nebula to build out a software-defined wide area network. The idea is so I can support my family's computing needs remotely.

@jaharmi Not sure the source of your issue, but fwiw, I've been running #opnsense with 7 UniFi APs (including 2 in-walls) and a cloudkey for almost two years and have had no issues like you describe.

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟯/𝟬𝟴/𝟮𝟭 (Valuable News - 2023/08/21) available.

😈 https://vermaden.wordpress.com/2023/08/21/valuable-news-2023-08-21/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

@mejofi OFC, if that's a hard thing consider some thing like a professiomal prebuild.by a reputable systems integrator like #ThomasKrenn which they offer with #FrontIO and #OPNsense compatibility as well as #LongtermSupport and #SpareParts.
https://www.thomas-krenn.com/en/

For #redundancy via #CARP just choose two identical nodes and have them connect directly to each other via a dedicaded NIC/Port using a patch- or direct-attach-cable...

I enabled RSS in #OPNsense, and now I'm pushing ~10Gb between networks. I should really test it the same way without RSS enabled, but that requires a reboot, and the family isn't a fan of random reboots. :eyeroll:

#homelab #networking #freebsd

@curt if you’re open to non-Linux options, I started using #OPNsense two years ago (moving off a Unifi and PiHole combo) and absolutely love it. It’s #FreeBSD based.

Seems like I missed two version of #opnsense. Upgrade was as easy as clicking a button.

Only issue was the main gateway not coming up after the second upgrade and needed a manual restart.

At this point I still download the configuration file, but don't bother snapshotting the VM. (which will certainly get me one day :D)

…fixed it!
Of course it was DNS - somehow the #OPNsense updater disabled the unbound service.

Apparently, there's something wrong with the latest #OPNsense update (23.7.1_3) - lost connectivity, probably due to DNS.

Well, that's why i'm taking #ZFS snapshots of my VMs!

Bacon status: saved

Q'pla! 🖖 😅 🍻