Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: moe on January 02, 2021, 10:55:45 AM

Title: IPS Configuration (VLAN) not Clear
Post by: moe on January 02, 2021, 10:55:45 AM
Hi there,
i currently try to setup ips with opnsense. I followed the description in from the wiki.
As descripted i had to assign the IPS to the master Port, because i use on one port multiple vlans.
But if i do that, opnsense would be available again. Every Connection get lost.

I followed the instruction from the wiki to disable hw-offload and so on. But no way to get that working.
If i select the vlan-interfaces instead of the master interface it works, i see some drops and information, but whats now the right way?

PPPOE Session still not working or ?

Thanks for help.
Title: Re: IPS Configuration (VLAN) not Clear
Post by: moe on January 04, 2021, 05:24:36 PM
I thought the support for Opnsense was better than for Pfsense. But that thought was a mistake.
So what's the right way to use IPS, the recommendation from the wiki doesn't work.
Title: Re: IPS Configuration (VLAN) not Clear
Post by: franco on January 04, 2021, 07:43:09 PM
There too much info missing to be able to help: hardware NICs, which interfaces (WAN with PPPoE does not work and WAN should be avoided in general), is your setup bridged or routed, etc.

For lack of info I'll just refer to https://docs.opnsense.org/manual/ips.html and you let me know which step isn't working and if IDS works at least the way you want to. Better to double-check.


Cheers,
Franco
Title: Re: IPS Configuration (VLAN) not Clear
Post by: moe on January 12, 2021, 07:08:08 PM
Hey franco,
The brand of Nic hardware is HP, type 530SFP +.
But the underlying system is Proxmox and that's where I emulate E1000 adapters. As recommended by the wiki.

The Opnsense VM get's only two virtual adapters from the proxmox host. One as Trunk from the Core-Switch and the other is for Internet Access (VDSL) with special VDSL SFP Modem.

Settings from the Interface in Opnsense:
Code Select
Hardware CRC [x] Disable hardware checksum offload
Hardware TSO [x] Disable hardware TCP segmentation offload
Hardware LRO [x] Disable hardware large receive offload
VLAN Hardware Filtering: Enable

As already in another thread noticed, I also would recommend to rename the Hardware Settings from Disable to Enable, so it's clear if the box is checked its enabled.

So, if i know enable IPS on the physical interface as shown in the help and the wiki, my opnsense gets unavilable.
If I select the vlan-interfaces it works, but i am not sure if it's the right way.

thx
Title: Re: IPS Configuration (VLAN) not Clear
Post by: moe on January 28, 2021, 09:56:40 AM
Nobody know how opnsense should be configured right?

Or is the Suricata Implementation just in Beta-State?
Title: Re: IPS Configuration (VLAN) not Clear
Post by: franco on January 28, 2021, 10:09:02 AM
No.


Cheers,
Franco
Title: Re: IPS Configuration (VLAN) not Clear
Post by: moe on January 28, 2021, 10:14:50 AM
So please be so fine and give me an information about, what's wrong with my configuration.
Title: Re: IPS Configuration (VLAN) not Clear
Post by: moe on February 18, 2021, 09:41:31 PM
Still no answer or idea?
Text only | Text with Images