Messages

https://github.com/opnsense/core/commit/8b9764fa86

# opnsense-patch 8b9764fa86

On a sadder note: no bugs related to this raised in the issue tracker so far...


Cheers,
Franco

I don't have a github account but I guess I can  create one to report a bug, if that's helpful :).

Broken in Chrome. Works in Edge .

Wow that looks goofy.  Mine are just blank in firefox.  My Chrome doesn't look all janky like that.  Really strange.

Sent from my IN2025 using Tapatalk

Looks like the new traffic widget in 21.1.2 look like it isn't working in Firefox for some reason.  Seems to work ok in other browsers, anyone else seeing this or is it just something in my specific Firefox?

I run them side by side, suricata on my WAN connections and Sensei on my LAN connections.  Suricata is doing intrusion detection/prevention so it's better suited for the WAN side.  Sensei is more client focused on it's implementation and not really designed to sit on the WAN side.

I ended up pulling this back to the firewall itself.  Couldn't get it stable remotely.  It's def something with the update as leaving the server online with no connection to the firewall didn't produce the hangs and cpu spike.  Not sure what happened.  Maybe I'll rebuild it on remote at a later date.  Other than a lot of ram usage seems ok local.

Picking and choosing is going to be tough.  Best method is to enable an entire ruleset, for me I use Proofpoint Telemetry list.  Instructions here.  https://docs.opnsense.org/manual/etpro_telemetry.html

Enabled all these rules in IDS "Alert Mode".  Monitor it for a week or so and as alerts pop up determine if they are real threats or false positives and disable those rules as needed or resolve threats if found.  Once you've went through this process set the active rules to IPS "Block Mode".  You'll still need to monitor it for a bit. 

To make life easier I recommend setting up monit.  Instructions here https://docs.opnsense.org/manual/monit.html  See (Example 3) to get suricata alerts.  Saves you having to log in constantly to monitor it. 

Sorry to bump an old thread.

I'm also facing the same issue, SIP being blocked by the default rule, when I run a packet capture it looks good

Code Select Expand

Interface Capture output
WAN
hn0 17:19:25.796754 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887
WAN
hn0 17:19:26.296327 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887
WAN
hn0 17:19:27.397625 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887
WAN
hn0 17:19:29.397009 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887
WAN
hn0 17:19:33.395182 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887

Did you manage to get your SIP fixed? If so how? As my SIP trunk provider gave me a SIP proxy address.

No never got it figured out.  I gave up.  And I'm at a different job now so don't have the same need. 

Sent from my IN2025 using Tapatalk

Restarting the service appears to keep the service online.  But in a weird state.  I noticed this morning that it's like the service or the connection to it is flapping.  Each refresh of the dashboard in opnsense gives different results.  Sometimes it says service isn't running then next refresh it will be.  Sometimes reports load and sometimes they throw errors.  I don't know what happened after the 21.1 update but it's frustrating.  Might have to rebuild it.

Hi FullyBorked,

How was it last night? Service restart worked or?

It does appear to have kept it from fully hanging up.  Will monitor it a few more nights.  Still like to know the root cause.  Looked through logs on the elastic search server but saw nothing out of the ordinary.

Sent from my IN2025 using Tapatalk

Setup a cron job to restart the elasticsearch service every morning at 3 am as (hopefully) a stop gap.

Anyone know how to troubleshoot what might be happening?  Maybe enable some logging or something?  Starting to get old fixing this server every day.   :(

@FullyBorked, Is the ELK instance running on OPNsense ?

No it's remote, running on Ubuntu server. 

I've been using a remote elasticsearch server for awhile now.  It's been pretty much problem free.  Until the 21.1 update, now every night since that update, elasticsearch is pegged at 100% usage on all cores and unresponsive, requiring a force kill of the service to bring it back to life.  See screenshot, seems to be close to the same time spot each night.  Any idea's what might be running or changed in the 21.1 update that would be causing this to hang up?

Yea, can't resolve hostnames of dhcp leased windows clients. 

Sent from my IN2025 using Tapatalk

Which DNS server is windows using?

It's pointing to the opnsense box for dns.

Sent from my IN2025 using Tapatalk