Hi All,
After 5+ using pfsense, I decided to give opnsense a shot.
Few issues i'm having.
- I can't for the life of me get NUT to see my USB connected APC BACK-UPS CS500. On pfsense it would find it fine using USBHID driver, on OPNsense no such luck. If I disconnect the USB cable, the console shows the UPS model/make as disconnected. And reconnected when I plug back in. I have tried USBHID and APCSMART. Any ideas? Also, the NUT configuration page seems to lock up OPNsense gui for 30-45 seconds at a time. nut_upsmon is started but nut_daemon will not start.
- Suricata is a whole other beast on OPNsense. I just can't seem to get suricata to drop packets that match rules. It will send an alert fine. When I set a ruleset to action > drop, the gui still shows Alert? Also, in the alerts tab it shows allowed next to any traffic that matches rules. IPS and Promiscuous mode is ON. Maybe I'm misunderstanding things?
Appreciate any help on this matter. I don't want to cave in and restore that pfsense config!
nut issues.
Hi!
RE: Nut
https://forum.opnsense.org/index.php?topic=16105.0
maybe? :-)
RE: Suricata
Try it with the relatively new "Policy" tab in the "Intrusion Detection" menu. I used to turn on/off "drop" manually in the past, but that's no longer recommended...
Quote from: chemlud on March 24, 2021, 02:58:57 PM
Hi!
RE: Nut
https://forum.opnsense.org/index.php?topic=16105.0
maybe? :-)
Thanks. I've rebooted the OPNsense device countless times, no luck.
Logs show
2021-03-24T14:11:21 root[92642] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:11:21 upsmon[7994] upsmon parent: read
2021-03-24T14:11:21 upsmon[12422] Signal 15: exiting
2021-03-24T14:11:18 configctl[27774] event @ 1616595077.60 exec: system event config_changed
2021-03-24T14:11:18 configctl[27774] event @ 1616595077.60 msg: Mar 24 14:11:17 OPNsense.obscuredomain.net config[91606]: config-event: new_config /conf/backup/config-1616595077.6027.xml
2021-03-24T14:11:17 upsmon[12422] UPS APCBackupsCS500 is unavailable
2021-03-24T14:11:17 upsmon[12422] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation already in progress
2021-03-24T14:10:11 upsmon[12422] Communications with UPS APCBackupsCS500 lost
2021-03-24T14:10:11 upsmon[12422] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation timed out
2021-03-24T14:09:50 root[63060] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:08:56 upsmon[7994] Startup successful
2021-03-24T14:08:56 configctl[27774] event @ 1616594935.80 exec: system event config_changed
2021-03-24T14:08:56 configctl[27774] event @ 1616594935.80 msg: Mar 24 14:08:55 OPNsense.obscuredomain.net config[77203]: config-event: new_config /conf/backup/config-1616594935.8029.xml
2021-03-24T14:08:56 root[19237] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:08:55 upsmon[56962] upsmon parent: read
2021-03-24T14:08:55 upsmon[94389] Signal 15: exiting
2021-03-24T14:08:51 upsmon[94389] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation already in progress
2021-03-24T14:08:51 root[82563] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nutIn terms of Suricata. I have a single policy set with 0 priority. Settings attached but basically all rulesets selected and a new action of drop.
For the UPS, make sure that all the other drivers are not enabled. I use the SNMP driver, but for some reason, my usbhid driver was also enabled. It might not be the case with you, but still might be worthwhile double checking.
Alternatively, have you tried connecting to the appropriate port instead of using auto? port=/dev/ttyXX
For SNMP, I had to explicitly set port=<UPS network card IP> even though my UPS continuously broadcasts it's presence on that IP. Auto didn't work for me in SNMP.
Quote from: Inxsible on March 24, 2021, 03:53:27 PM
For the UPS, make sure that all the other drivers are not enabled. I use the SNMP driver, but for some reason, my usbhid driver was also enabled. It might not be the case with you, but still might be worthwhile double checking.
Well, I'll be dammed. I had USBHID and APCSMART enabled simultaneously. Disabling APCSMART resolved it. Can only imagine first time I enabled USBHID, I probably needed to reboot OPNsense (I didn't do it) and immediately moved on to APCSMART without disabling USBHID. Thanks!
Still trying to get Suricata blocking instead of just alerting.
Please check this video
https://www.youtube.com/watch?v=_yIq3GM4gjA
i was able to get it working.
i use Policy based blocking instead of rule based
Moreover, if you have Sensei installed, you might have to select WAN instead of LAN for it to work