Messages

On 20.7.3 and I've tried about everything I can find, but I can't get SIP up and going through the OPNsense box.  Doesn't look like the traffic is getting blocked.  I've set static outbound NAT.  I even install the SIP proxy plugin but it did nothing at all best I could tell.

RingCental seemed to work fine but it might be using a different method. I'm using Zultys at the moment and it simply refuses to have a successful SIP connection.  I think they may use more traditional connectivity where RingCental may have not been.

Any thoughts on what else to try?

Sent from my GM1917 using Tapatalk

I can confirm 1.6.1 fixed my reporting issue. 

Hi @FullyBorked,

This might be related to a bug in TLS authentication /w Elasticsearch.

Stay tuned. 1.6.1 is shipping today/tomorrow with fixes.

Ok thanks.  I'll hold tight and be patient [emoji16].

Sent from my GM1917 using Tapatalk

[EDIT:]

Maybe I don't understand this.  So when you send report data to an external Elasticsearch server it doesn't query that data for reports locally?  It's expected you'll view that data with Kibana?  Why?  Why can't you query reports on the remote Elasticsearch server just as you would remotely. 

Feel like I may have just blown an afternoon here...

EDIT: Looks like based on the replies in this thread https://forum.opnsense.org/index.php?topic=19266.0 it should work just fine and not require Kibana.  So I guess it's just broken for some reason.  Maybe reporting is still pointed at the local Elasticsearch instance?

Just reinstalled Sensei to move the Elastisearch DB load to a remote server on my LAN.  The setup went well without error, I can see network traffic into my Elastisearch DB, so it appears to be connecting without issue.  But when I try and run a report it errors out saying that the service isn't running.  However if you navigate to the status page it shows status as 'Running'.  I'm a bit confused on why this isn't working.  Any ideas?

without meaning it badly, but did u even read?
I only mentioned this, because of the Ifirewall's advice. I wasn't 100% sure, but I know this myself.
I have it on all (non) WAN interfaces ... This means, I have it on all interfaces that are not directed to WAN...
Just LAN ...
Of course I know that you should only place it on non WAN interfaces, because sensei is advising this to you when you install it.
I also said, I uploaded my back up and it worked.
A back up places every setting as it was before. This also means, that I haven't done any config change in sensei or OPNsense itself. It was truly some kind of bug related to suricata.

My advice to you would be, read carefully before giving advices.

Yup, I misread very sorry to have offended you. 

My advice to you would be less of an asshat when someone is just trying to help you for free, taking time out of their busy day and schedule to spread some knowledge and help out a fellow user. 

Carry on I wish you well.

Btw ...
I already have sensei on all non WAN interfaces running.

Of course I turned Sensei off, when I was testing. I think it might break things, if I change the Interface from WAN to LAN, where Sensei already is listening on, or?

You should only have Sensei on your LAN interfaces it's not meant to be on WAN.  Suricata can be ran on WAN, but Sensei and Suricata can't be on the same interfaces. 

I have Sensei enabled on my LAN, and Suricata on my WAN1, WAN2, and DMZ.  I have outbound nat set to Static (there is only a very small hit to security here).  I also have UPnP setup, but it's rarely used I almost never see anything in status except for a few games.  I'll argue security here isn't a huge issue as long as you keep an eye on it.  I wouldn't have it in my corp environments but at home it's convenient and fine with me.   battle.net works just fine for me, I don't play star citizen though so can't speak to that.

My advice would be to slow down a bit.  Disable everything extra, disable Sensei, disable Suricata.  Get your games working then slowly enable things until it stops working then you'll know where to focus your energy.   

Guess nobody implemented it so it never got added.  Wish I knew how I'd implement it.

https://github.com/opnsense/core/issues/3517

I block IPV6, is there a way to filter out the "block all ipv6" log spam in the firewall logs?   I can't seem to figure out how to get rid of it. 

Is anyone having issues losing DNS? I have Unbound running and I can no longer resolve. I feel like this starts when I upgraded to 20.7.1.

I am going to fall back to 20.7 and see if DNS resolution stays steady.

DNS has been solid for me.  I had some issues like you describe when i was forwarding to DNSCrypt Proxy.  But now I just use unbound on it's own and it seems fine so far. 

@FullyBorked,

Not "max firewall states", which is 806000, but "max pfTables entries"...

Goldorak92

Crap, you are right, I'm dumb and can't read apparently.  And thank you very much because the fixed it.  I have entries now.  Awesome, so glad that filled that list now.

Hi,
Have you went to firewall->params and change the max entries pfTables up to 400.000 (default is 200.000)?

Goldorak92

Mine is set to 802000 by default.

Sent from my GM1917 using Tapatalk

Force it and then try.


https://forum.opnsense.org/index.php?topic=15409.60 Msg #62

Yea I've done this, I deleted everything and re-added them as mentioned in a few places.  I even created a test alias with a name I'd never used with only one country.  It simply refuses to work.  I can't seem to find any logs to understand why though.

It's ok that it isn't working I'm sure it's just a bug that will get squashed.  It worked just fine in 20.1.9 so I see no reason it won't work here soon.  Maybe they'll have it squashed in the next point release.

Sent from my GM1917 using Tapatalk

I'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.

Is it the GUI not displaying the GeoIP table or that GeoIP is not working.


Test the GUI by going to  Firewall > Diagnostics > pftables  and selecting the GeoIP rules to see what's there.
Test it's working by going to a site such as https://www.host-tracker.com/v3/en/check - there are many others.

GUI not displaying GeoIP table and the GeoIP is not working.  Soon as I enable it nobody can connect to anything.  Remove the GeoIP rule and add any as the source and all is fine again.  It doesn't work because the list is empty so there is no match on the rule and the default drop rule takes precedence. 

[Edit: Messing with my power settings https://forum.opnsense.org/index.php?topic=18450.0 seemed to "fix" this somehow. Very confused, maybe it was stuck in a low power mode? No idea but my speed is fine now, maybe try cycling your power settings.]

This isn't comprehensive by any means, but outlines what I am experiencing.  I've not found any workarounds for these issues.  I consider 1 and 2 more serious than the others.  I'll try and keep this up to date as issues are resolved or more are encountered. 

1. WAN throughput is very slow IPS on or off doesn't matter, I'm only getting about 15% of my actual WAN bandwidth.  A reboot fixes the issue temporarily but at some point it will drop back to being slow.  >:(

Edit: Messing with my power settings https://forum.opnsense.org/index.php?topic=18450.0 seemed to "fix" this somehow.  Very confused, maybe it was stuck in a low power mode?  No idea but my speed is fine now, maybe try cycling your power settings.

2. GEO IP Alias simply doesn't work, the zip file is being downloaded from maxmind.com but the alias won't populate, so any rules containing the alias fail to correctly function.

3. Dashboard traffic graphs don't show data with IPS enabled.  I'm on an Intel NIC, some have suggested it's driver related.  Worked ok in 20.1.9 though maybe there is a bug in the latest driver?  No workaround has resolved the issue as of yet.

4. Syslog-NG service doesn't start on it's own after reboot.  Starting it manually does seem to work, but is inconvenient after reboot.   This appears to be fixed with 20.7.1.

4. Restarting suricata service sometimes stops the ntpd service for some reason.  It can be manually started. 

5. Bogons alias is inexplicably empty at times.  Firewall > Diagnostics > pftables > bogons > "update bogons" does populate the list.   

6. Seeing log spam just like https://forum.opnsense.org/index.php?topic=18480.msg84175#msg84175 constantly in the log.  Not sure if this is cause of issue #1 or not.

Code Select Expand


kernel: pflog0: promiscuous mode enabled
kernel: pflog0: promiscuous mode disabled


I have observed many of the same issues.  #3,4,5,6 are the ones that seem to also affect my installation.

No observed issue with bandwidth slowdowns (#1), even with IPS and traffic shaping turned on. Power Saving settings have "Use PowerD" enabled and Hiadaptive set for all drop downs.

I'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.

I've seen a few folks that have been able to get GeoIP working.  Really wish I could get one of the workarounds to work for me.  I've deleted and recreated and even deleted rebooted and recreated to no avail.  Nothing I do will fill in anything in the pftables under the alias.  My download of the zip appears to be working as it should.