OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: tigo003 on April 27, 2024, 08:20:31 am
-
I'm now getting the following error after the recent update of Zenarmor.
Zenarmor - v.1.17.1
Zenarmor Application DB: 1.17.24042216
I haven't changed anything with my configuration - and Zenarmor is strictly configured for the LAN interfaces across different VLANs.
Is anyone facing a similar problem?
"Possible deployment misconfiguration: devices with public IP addresses detected" To correct this, please see the following document: https://www.zenarmor.com/docs/opnsense/installing/web-ui-initial-configuration#3-deployment-mode--interface-selection
-
I'm currently experiencing the same issue. I've tried switching between the different deployment modes and removed all vpn interfaces so that there is only a lan interface being probed my zenarmor. all my ports are closed.
edit:
- ok I've disabled ipv6 thinking i don't understand that stuff to well maybe that's the culprit, but no still getting a misconfiguration warning twice a day.
- at some point in my trouble shooting adventures 700+ devices showed up (they appeared to be the endpoints of everything being queried within my network local & wan destinations)
- netmap appears to be installed and functioning nominally
- opnsense healthcheck produces this maybe related entry
Version 24.1.5 is correct.
>>> Check for missing or altered base files
Error 2 occurred.
etc/sysctl.conf:
size (299, 464)
sha256digest (0x45f469e7a9b4eef887bab7b55397305043fe101e1d6ce6f7e23d758e72f56dc6, 0x13f0a06a1c6d76492abd3424150cd1f80e55d8837409a6e11a2288a968ff9277)
- zenarmor database health check does not initiate the misconfiguration warning again & produces no warnings or error (only tailed the last 25 lines of mongodb.log file)
opnsense 24.1.6
zenarmor 1.17.1
Zenarmor Application DB: 1.17.24042216
-
Just ran a health check audit, and similarly, had a similar error 2 in regards to sysctl.conf - size issue.
-
I think this is a false positive on zenarmors part. dnsleaktest looks normal...
I'm pretty new to opnsense & freebsd in general so my diagnostics are bit rudimentary. I'd really like to get zenarmor functioning properly or understand why it isn't playing well w/ my setup before my 2 week trail is up.
But cant find any documentation on using zenarmor or os-sensei via cli or instructions on probing zenarmor notifications further. I guess I'm not really even sure what the error in question is trying to indicate. Any links or instruction on achieving this would be much appreciated.
I've simplified my network to defaults now using 8.8.8.8 1.1.1.1 on dns, only 1 lan 1 wan, only using ipv4. I've cycled through all combinations of the deployment modes and interface selection on zenarmors settings tab w/ the same results.
-
Hi,
Please can you share a report by checking Zenarmor logs and config checkboxes via Have Feedback option in UI?
-
Done - just sent the requested feedback.
Thank you,
-
Can the message mention the interface? I don't know what to do with this message, no clue what could cause it. in ntopng, for example, they would tell me explicitely, and i would see it visually in the GUI, but this message is mysterious and there's no clue in the GUI.
-
The recent update that was rolled out a couple of days ago - solves the issue. All is working correctly now.
-
the message pops up when it accumulates 10000+ devices so need to wait. Running health check on CLI won't make it appear asap.
So it still pops up on the new version. In subscription page, number of devices: 2500. I have only few devices. I track WG marked as WAN (as there's no "VPN" predefined => won't be treated as WAN). One of them is forward for few VPN clients.
-
so i investigated how to trigger the message in v1.17.3, here's how:
* configctl zenarmor notice-public-ip-devices
* in browser you do have to refresh the Dashboard view manually
then you get the popup instantly.
now with this procedure, i've checked interfaces, and the popup appears for ANY interface.
-> ignore the popup. just like "local", "remote" hosts, it doesnt' work.
-
Hi,
Do you see the device(s) with public IP address in device list?