Messages

ended up, having all WAN (1G) ports at queues=1 and all LAN (10G) ports at queues=2. I guess LAN ports could be set to 4 or 8, I just currently have no time for deeper tests and performance seems to be the same as before.

It made all working again. Especially having WAN ports at 4 I also had weird issues with gateway groups. Doesn't matter if load balancing or failover mode, there were connection issues (instable) to SSH targets.

Hi
I'd try to export configuration, do the replacements/re-mappings (simply search and replace) there and import it back.

[Setup (simplified)]

Hello,

I am running OPNsense 25.10.1_2 (Business) as a virtual machine (KVM/Proxmox) and am experiencing a reproducible issue with Suricata IPS in combination with Insight (flowd_aggregate).

Setup (simplified)

• OPNsense running as a VM in ProxMox (9.1)
• Multiple WAN interfaces (Multi-WAN setup)
• Suricata enabled (for WAN interfaces only)
• Insight / Traffic graphs enabled

Observed behavior

• With Suricata disabled → Insight and traffic graphs work normally.
• With IPS enabled + Promiscuous mode OFF → Insight works.
• With IPS enabled + Promiscuous mode ON →

          Traffic graphs stop updating after ~1 minute
          Insight data disappears
          flowd_aggregate fails to start

I see that flowd_aggregate service does not start with:
"WARNING: failed to start flowd_aggregate
Unable to lock on the pidfile"



Is this a known limitation of Suricata IPS + Promiscuous mode on Multi-WAN, especially in virtualized environments?

Is there an official recommendation or roadmap regarding Insight compatibility with netmap/IPS in such setups?


Thanks in advance for any clarification or confirmation


*update*
Looks like it has something to do with the queues setting on the configured VM interfaces in ProxMox. Still investigating...

[Packet Loss or High Latency]

Hi

there is a difference between documentation and the implementation of the trigger levels in gateway groups.
Maybe somebody can confirm how it is implemented, I'm talking here about the Packet Loss or High Latency trigger.

The documentations says, there is a OR - but in the current UI there is a AND. I did some tests and it seems to be a AND operator how it is being ipmlemented.

*added related screenshots

have the same challenge, not wanting to go with additional router in front of the OPNSENSEs. Not sure how to monitor the WAN gateway insead of using CARP, as I have only one WAN address.

hey

I'm currently running OPNsense on my Proxmox cluster and have encountered an issue where the Suricata service stops after a failover. While I can restart the service manually without any problems, I'd like to fix it - or at least to automate this. I believe that Monit could do that.

I've attempted to set up Monit to monitor the Suricata service I'm not certain about the correct configuration parameters, especially regarding the PID file and the appropriate start/stop commands.

Has anyone ideas how to fix it, or anyone has successfully configured Monit to monitor and automatically restart the Suricata service in OPNsense?

thx

hey

I see some packets are being blocked coming from a S2S wireguard tunnel to the OPNSENSE. On the other side (also OPNSENSE) I don's see any device that is talking on that port.

Does anybody have an idea how to investigate that?

Topology is:
OPNSENSE1 <---S2S WG-->OPNSENSE2

thx

Hi

is there a general difference in using static routes configuration vs configuring routes using FW rules and pointing them to the right gateway?

I did some tests and both works, I see more flexibility in using FW rules. Would like to ask if there is a general case when static routes should be used?

thx

figured out it was an issue within the zenarmor installation. I was not able to save any change without a error message about the configuration.
In the end I had to reset the config and re-install zenarmor to get it back to work.

Hi

the service stopped working after updating to 22.10 business edition. This is what I can see in the logs, tried to activate on different interfaces, all the same issue.
Any ideas?

Code Select Expand


2022-10-31T11:39:31 Error suricata [107141] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:ix0/R failed: Cannot allocate memory
2022-10-31T11:39:02 Error suricata [107014] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:38:35 Error suricata [106896] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:38:08 Error suricata [106796] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:12:50 Error suricata [101682] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb6^ failed: Cannot allocate memory
2022-10-31T11:10:00 Error suricata [100664] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb6^ failed: Cannot allocate memory

greY

Hi @mb
yes I'm referring to th OPNsense Business Edition.

Versions   
OPNsense 22.4.3_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1q 5 Jul 2022

Zenarmor
Engine Version:   1.11.5
UI Version: 22.9.22
Database Version: 1.11.22092202

yes, forgot to mention that. The bypass mode has no impact, only removing the interface enables the vlan routing again. This box is a Hyper-V guest.

I also tested the behavior on a business edition hardware box which seems not to have this issue.

Hi,
looks like adding the trunk interface to the protected interfaces breaks the routing between VLANs.
Can anybody confirm?

Adding single VLANs seems to be OK, but then not able to protect the LAN...

Deployment mode: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver
Engine Version: 1.11.5 View Release Notes Version History
UI Version: 22.9.22
Database Version: 1.11.22092202
OPNsense 22.7.6-amd64

HW offload is default/disabled


greY

Hi
trying to activate business edition from the community edition (22.7.5).
Seems it has an issue getting the right packages

I attached a few screenshots of the configuration, any ideas how to fix it?
Would like to avoid a fresh install of BE if possible.

greY

Sensei is running as "Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver", bypass mode is not active (see attached)

My OPNsense is runing as a Hyper-V guest.

But driver issue makes sense to me. I have one another box running on dedicated hardware with a quite similar configuration regarding VLANs, without issues.