OPNsense Forum
Archive => 16.1 Legacy Series => Topic started by: interfaSys on February 05, 2016, 12:18:22 am
-
Ever since on 16.1.1, I can't enable Suricata in IDS mode any more without it blocking all traffic. Was the firewall grouping feature purely a visual feature or did it change something in the way rules are loaded?
The setup is as follows:
LAN -> VPN GW
VLAN1 -> VPN GW
VLAN1 has a DHCP with its own DNS, located on the outside
I've set Suricata to use analyse LAN
As soon as it's on, connections to the outside world are blocked. Disabling HW acceleration has no effect.
Also, when it was working, the VPN connection had to be restarted after each reboot, but that doesn't work any more.
-
I'm not sure if this is related but enabling IDS/IPS on 16.1 (tested all up to 16.1.2) when LibreSSL is selected prevents the firewall from being able to use DNS for some reason. In my case however packets go through (if they are ok of course) as long as they are not DNS packets as those for some reason are dropped (ie ping works dig does not).
I was just wondering whether you're seeing this issue with LibreSSL only or with both? If both then likely my issue is different than yours.
-
I'm using OpenSSL, but iirc it wasn't only DNS requests which were blocked as pings were blocked as well.
No problem in IPs mode though.
-
Ok then mine is definitely another issue, thanks for the confirmation.
-
Exactly same problem for me.