Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - xoclutch

Pages: [1]

20.7 Legacy Series / Suricata/Transparent Firewall Randomly working/not working

« on: August 27, 2020, 01:13:34 pm »

I have a pretty basic Transparent Firewall running opnsense i setup using this guide: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

When I enabled IPS. It will start alerting to some traffic/test eicar files, but then will stop working.

It seems to be detecting traffic very rarely, and whenever i update the rule list, or change a setting, it stops working, then will randomly alert later.

I have tried every combination of settings/etc trying to get it working.

Does Suricata work in Transparent Bridge mode? I am running the latest version of opnsense. And recommendations on special settings that might help correct this strange issue? Logs look clear, and everything is running fine. It's just not alerting correctly. It seems like the more i mess with it, the less it works.

Thanks

20.7 Legacy Series / BGP Dead after upgrade to 20.7 (Solved)

« on: August 02, 2020, 11:48:39 am »

After upgrading to the latest (20.7) BGP refuses to transfer routes. It connects, shows established, says its transferring routes, but nothing is actually being transferred, nothing appearing in logs.

Just Broke. This is occurring with both Opnsense to Cisco Switch, and Opnsense to Mikrotik router. Everything works fines with other versions.

Trying to find log information, but nothing seems to be appearing in the logs related to the issue.

19.7 Legacy Series / BGP/VTI/IPSEC/Loopback/Cisco Woes

« on: September 02, 2019, 11:26:08 pm »

Been banging my head on VTI/Ipsec/BGP shit between these two sites. Have static routes working, Traffic flowing, But the BGP peer on the Opnsense2 Side wont even attempt to make a connection. frr seems to not like the setup, I've edited the conf file and added update-source lo0 and ebgp-multihop 255, but nothing seems to work. Thoughts? Setup below:

Cisco 9200 -> Opnsense1 -> IPSEC/VTI/Internet -> Opnsense2

Cisco 9200 = Loopback 0 = 192.168.0.21
router bgp 395021
neighbor 192.168.0.3 remote-as 65001
neighbor 192.168.0.3 ebgp-multihop 255
neighbor 192.168.0.3 update-source Loopback0

Opnsense2 = Loopback = 192.168.0.3
router bgp 65001
bgp router-id 192.168.0.3
neighbor 192.168.0.21 remote-as 395021

VTI:
Opsense1: 192.168.199.1
Opsense2: 192.168.199.2

Opsense2:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.21 4 395021 0 0 0 0 0 never Active

Cisco 9200:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.3 4 65001 0 1 1 0 0 00:00:23 OpenSent

Static Routes:

Opsense2:
192.168.0.21 - Gateway 192.168.199.1

Opsense1:
192.168.0.3 - Gateway 192.168.199.2

Cisco 9200:
Gets Routes via Ospf

#ping 192.168.0.3 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.21
!!!!!

Pages: [1]