Dear beloved OPNsense users,
Your opinion matters to us. Please help us decide the future of Zenarmor's UI on OPNsense
In the past year, Zenarmor's Cloud User Interface received significant improvements on the usability side. We want to bring those improvements to the Zenarmor OPNsense plug-in.
We have two options that we would like you to see and provide your feedback.
Please have a look at the Poll below and share your opinion with us.
https://docs.google.com/forms/d/1pWbiObQsKgdaUIduI_mImLo-MW695KmfftwxizxVBzc/viewform?ts=62a4f641
Best
Zenarmor Team
Looks like the cloud interface being integrated into OPNsense?
I'd still really like a good mobile view or an app, just checked the cloud interface with an iPhone and it's not very comfortable to use.
In general Zenarmor is working awesomely and speedy here. :)
Not sure if mobile is the right device to check / maintain / lookup topics on a firewall...
Quote from: Mbl on June 14, 2022, 11:25:30 AM
Not sure if mobile is the right device to check / maintain / lookup topics on a firewall...
For me it's perfect for a quick status check, e.g. regarding recent blocks or threats, or traffic usage of a client.
I think before the UI is updated, any current issues are resolved
Waiting to find out why whenever I start Zenarmor, I lose IPv6 connectivity whether in normal or bypass operation and can't restart the DHCPv6 Server :(
Hi @walkerx,
Yes, this is not directly related to Zenarmor. It's because of netmap(4); an Operating System subsystem we use to grab packets off the wire.
If you have IPv6 WAN tracking enabled in a netmap enabled interface and when an application opens the interface in netmap mode, netmap re-initializes the interface; causing the interface to go DOWN/UP. Since you have WAN tracking here, this in turn triggers the OPNsense code to re-configure the related WAN addresses. This whole process can take up to a minute, during which time you lose WAN connectivity.
The behavior is the same if you use Suricata in IPS mode, which utilizes netmap the same way we do.
Having said that, we are evaluating several options which would potentially solve these sort of issues and would add device-independent IPS capabilities. If we can work out a methodology at least in theory, we'll go ahead and sponsor a development on the Operating System side of things.
Stay tuned for more updates on that.
I hope this is helpful.
Hi @athurdent,
One of the reasons why we ideally want to have a single code base for both the OPNsense UI and Cloud is that this will significantly reduce our time to ship new features.
Mobile-friendly UI is on the roadmap. Once it's there, it'll work for both of the interfaces.
Quote from: mb on June 14, 2022, 08:57:22 PM
Hi @walkerx,
Yes, this is not directly related to Zenarmor. It's because of netmap(4); an Operating System subsystem we use to grab packets off the wire.
If you have IPv6 WAN tracking enabled in a netmap enabled interface and when an application opens the interface in netmap mode, netmap re-initializes the interface; causing the interface to go DOWN/UP. Since you have WAN tracking here, this in turn triggers the OPNsense code to re-configure the related WAN addresses. This whole process can take up to a minute, during which time you lose WAN connectivity.
The behavior is the same if you use Suricata in IPS mode, which utilizes netmap the same way we do.
Having said that, we are evaluating several options which would potentially solve these sort of issues and would add device-independent IPS capabilities. If we can work out a methodology at least in theory, we'll go ahead and sponsor a development on the Operating System side of things.
Stay tuned for more updates on that.
I hope this is helpful.
I can wait hours with zenarmor enabled and dhcpv6 can't be restarted
I have looked at setting the ipv6 manually based on the info i got from my isp for the pd and nd, but not sure how to set this up as the instructions in the guide were a bit confusing when not using the same references throughout
Quote from: mb on June 14, 2022, 09:05:07 PM
Hi @athurdent,
One of the reasons why we ideally want to have a single code base for both the OPNsense UI and Cloud is that this will significantly reduce our time to ship new features.
Mobile-friendly UI is on the roadmap. Once it's there, it'll work for both of the interfaces.
Hi @mb,
awesome, thank you! I really like the cloud interface and to have a consolidated view on Zenarmor locally and in the cloud is also a more streamlined user experience.
Looking forward to the new view.
Hope there will be more developer time to get L3 RSS / multicore support integrated then ... :-)
Provided my feedback hope it is useful. 8)