OPNsense Forum

English Forums => General Discussion => Topic started by: nspritz on October 14, 2016, 01:42:51 pm

Title: IDS Alerts not Working (APU)
Post by: nspritz on October 14, 2016, 01:42:51 pm

Are there any known problems with IDS reporting (Alerts) with 16.7.6 firmware on APU boards over PPPoE interface?
I had this working on earlier firmware versions, but with the last couple firmware updates, IDS alert logs are now completely null (no results found).

After some testing, it looks like 'User defined GeoIP blocking' IPS is also not working.

My other Opnsense installations on x86 hardware works just fine.
Would this be affecting APU hardware only? -or perhaps something to do with PPPoE interfaces?

------------------------------------------------
Hardware specs:
PC Engines - APU1D4 (AMD G-T40E)
Firmware: 16.7.6-amd64 (LibreSSL)
WAN Interface -> PPPoE (DHCP)

IPS mode: Enabled
Promiscuous mode: Disabled
------------------------------------------------

Thanks for your help!

Title: Re: IDS Alerts not Working (APU)
Post by: franco on October 14, 2016, 02:52:12 pm

There seems to be something with Suricata not seeing those packets, and we have another thread here about to push a report to their bugtracker:

https://forum.opnsense.org/index.php?topic=3630


Cheers,
Franco

Title: Re: IDS Alerts not Working (APU)
Post by: nspritz on October 15, 2016, 12:20:01 pm

Thanks Franco.

Just want to add that this problem also exist on my LAN (Realtek RTL8111E) interface.
Either than this IDS issue, I have not experienced any other problems on this APU device.