Messages

Same here. The VPN comment above I made didn't completely solve things. I've also setup auto reboot @ 3 am. Better, but still occasional hangups.

There are several having a similar problem - Nord VPN for me. Works for a while, then nothing, and the dashboard is green all across. If I restart the VPN, then restart Unbound DNS from the dashboard then it all comes back up.

Quick question, do you have 'persist-key' in your custom commands? Not that it is the problem, but I'm seeing some chatter across different boards that this function might be broken with some providers, including Nord. I'll be investigating this tomorrow.

Looks like the auto reload / restart after reboot didn't make it into the .4 release, but the commands above work and hold after reboot.

Thank you! If the plug-in maintainers pop this in I'll try it and report back.

Hi Franco,

Thank you for the reply. Yes - I was aware of this behavior from the docs, so no surprise. I thought that someone may have set up a script or another work around for this. I've disabled moving /var to RAM for now. It isn't impacted that much with the SSD and the workload isn't that high. So I'm a happy camper either way.

Just tried to pkg add the older suricata: # pkg add -f https://pkg.opnsense.org/snapshots/suricata-3.2.2.txz

Received a pkg not found message. Has it been pulled?

I'm still getting DNS drops with Unbound, Suricata 4, and running a Nord VPN instance. Suri 3.2.2 seemed to work better. I've been trying them both for several days each with the recent 17.7.2 update and was flipping back to 3.2.2.

The new ClamAV service is a winner! Thank you to the team who made this happen.

For those of us running /var in RAM and who need to manually reload ClamAV signatures, is there a way to automate this such that it runs the reload after a reboot?

M4DM4NZ - Thank You! Excellent write-up.

I have exactly the opposite need - want my general traffic through the VPN (because everything you do on the internet now is fair game - thanks loads, congress), but since services like Netflix and Hulu block VPN traffic, I want to route only the Netflix, etc over a clear connection. Even though Nord states you can stream through their service, eventually Netflix and Hulu identify the exit node and block it - even if it is within the US.

I'm planning to go through this over the weekend and set up just the Netflix traffic. Any pointers on how to achieve that? My VPN is already set up and working fine. TIA

Yes, i've noticed similar. The 'submit' action when clicking a hotspot doesn't occur. The URL changes in the site toolbar above, but doesn't engage. If I hig the refresh button - the circular arrow - it works.

I've noticed this on a couple of sites. It's like there was an update of Firefox that made this change.

I use them in combo..

Alias block for a huge list of known offending countries: RU, China, etc. Then Suricata for finer work. This seems less resource intensive with no impact on throughput.

How di you managed to add the alias ?
I believe you did not add IP for IP as alias ?

Firewall/Alias/View - Add New

   On Add screen, first dropdown option is Type.

   At bottom of Type dropdown list is GeoIP.

   Once select Type, at bottom of page is Aliases, and Country selection dropdown.

   From the dropdown list, select the country you want to block and press the + sign.

   Repeat for additional countries. Save List.

Firewall/Rules on Lan and Wan tabs.

   + at bottom of page to Add New

   Action - Block
   Interface - Wan or Lan
   Source - dropdown list, find your Alias you created above.

Good HowTo here: https://docs.opnsense.org/manual/how-tos/ips-geoip.html

I use them in combo..

Alias block for a huge list of known offending countries: RU, China, etc. Then Suricata for finer work. This seems less resource intensive with no impact on throughput.

Or you could just not buy devices that spy on you. Increasingly difficult, I know.

Agreed... I have 1 IoT device - a D-Link IP Camera - that I found was 'reporting home' which I've simply blocked from accessing the internet. I have a couple of other devices - smart thermostats - that look up current weather and allow remote adjustment that, while I haven't seen phoning home, I've also blocked on principle. My inquiry was more related to the thermostats that I'd like to enable.

I use NordVPN and could allow through them, but with the DNS Lookup / Suricata issues I've had the VPN drops out at times leaving it exposed. So I'm not going to open this up until I've resolved the DNS dropouts.

Thank you all for your replies...

Thank you... trying now.

edit: upgraded to 17.7.1_2 and reverted to Suricata 3.2.2

Testing...

http://www.techrepublic.com/article/how-to-stop-isps-from-spying-on-your-iot-devices/

Can this be done with OpnSense?

A search through the forum and wiki don't turn up anything, general internet search and pfsense search doesn't hit either.

Seeing similar issues - all normal for a few hours, then loss of connectivity. Rebooting or restarting Unbound DNS restores connectivity. This apparently has been going on for several versions - having to intermittently reboot to reestablish connection. Note that the dashboard is green across all services when this happens. It seems also to have become more frequent with VPN enabled full-time.

Trying the 'reply-to' option noted above. Have not tried the patch above yet.

System 17.7, Suricata 4 with IPS/IDS enabled, Unbound DNS, Nord VPN with US Nord DNS server only, Comcast ISP.