OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: dcol on November 13, 2017, 12:55:56 am

Title: Unbound restarts
Post by: dcol on November 13, 2017, 12:55:56 am

Figured I start a new thread instead of reviving an old one.
Unbound DNS restarts every few seconds when IPS Mode is enabled. DHCP server is disabled, I don't need it.
If I uncheck the IPS Mode, then Unbound DNS stays on as well as the internet connection.

This is a fresh install of OPNsense 17.7 on a Supermicro system with an 8 core Intel C2758.Using all the default IDS settings. Everything works great until I turn on IPS mode. Tried 2 different Intel igb NIC's.

[UPDATE] Reinstalled OPNsense from scratch and now there are no more issues with Unbound.

Title: Re: Unbound restarts
Post by: franco on November 14, 2017, 04:45:54 am

Hi dcol,

Suricata seemed to have unspecified allergies against the resolver operation somewhere between late 17.1.x and early 17.7.x. We never got to the bottom of it. Some said older suricata worked better, but we suspected an interaction with et open rules but now it seems to be resolved either through latest suricata or new rulesets.

More dat points are alwasys useful so here are two questions. :)

Did you use a subset of et open? Did you upgrade after 17.7 install before trying IPS in both cases?


Cheers,
Franco

Title: Re: Unbound restarts
Post by: dcol on November 14, 2017, 03:52:17 pm

Thanks for the response. I have more data.
I thought the issue disappeared because I switched the WAN and gateway to DHCP. As soon as I went back to Static, Unbound is again having restart issues when IPS is enabled.

Here is why. I am using the same gateway on a pfsense box with a different WAN IP,
I was assigned 4 IP's by my ISP with one gateway. So the OPNsense box is clashing with the pfsense box competing with the same gateway. This seems to be a problem for IPS. Pfsense box is running Suricata in legacy mode, not inline. The pfsense box has never been able to run inline because of too many netmap bad packet errors.

And ys, I used the ET open rules and updated them. Everything worked when I was using DHCP for the WAN except when I left it to run overnight, the internet connection was broken the next day.

My question is, is there a way to isolate the gateway from the two firewalls boxes?