"
have the same challenge, not wanting to go with additional router in front of the OPNSENSEs. Not sure how to monitor the WAN gateway insead of using CARP, as I have only one WAN address.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
24.7, 24.10 Legacy Series / Suricata stops after failover
February 09, 2025, 10:41:35 AM
hey
I'm currently running OPNsense on my Proxmox cluster and have encountered an issue where the Suricata service stops after a failover. While I can restart the service manually without any problems, I'd like to fix it - or at least to automate this. I believe that Monit could do that.
I've attempted to set up Monit to monitor the Suricata service I'm not certain about the correct configuration parameters, especially regarding the PID file and the appropriate start/stop commands.
Has anyone ideas how to fix it, or anyone has successfully configured Monit to monitor and automatically restart the Suricata service in OPNsense?
thx
I'm currently running OPNsense on my Proxmox cluster and have encountered an issue where the Suricata service stops after a failover. While I can restart the service manually without any problems, I'd like to fix it - or at least to automate this. I believe that Monit could do that.
I've attempted to set up Monit to monitor the Suricata service I'm not certain about the correct configuration parameters, especially regarding the PID file and the appropriate start/stop commands.
Has anyone ideas how to fix it, or anyone has successfully configured Monit to monitor and automatically restart the Suricata service in OPNsense?
thx
#3
24.7, 24.10 Legacy Series / Traffic source on S2S VPN tunnel
August 21, 2024, 02:50:08 PM
hey
I see some packets are being blocked coming from a S2S wireguard tunnel to the OPNSENSE. On the other side (also OPNSENSE) I don's see any device that is talking on that port.
Does anybody have an idea how to investigate that?
Topology is:
OPNSENSE1 <---S2S WG-->OPNSENSE2
thx
I see some packets are being blocked coming from a S2S wireguard tunnel to the OPNSENSE. On the other side (also OPNSENSE) I don's see any device that is talking on that port.
Does anybody have an idea how to investigate that?
Topology is:
OPNSENSE1 <---S2S WG-->OPNSENSE2
thx
#4
General Discussion / Static Routing vs Firewall based
May 31, 2024, 02:11:29 PM
Hi
is there a general difference in using static routes configuration vs configuring routes using FW rules and pointing them to the right gateway?
I did some tests and both works, I see more flexibility in using FW rules. Would like to ask if there is a general case when static routes should be used?
thx
is there a general difference in using static routes configuration vs configuring routes using FW rules and pointing them to the right gateway?
I did some tests and both works, I see more flexibility in using FW rules. Would like to ask if there is a general case when static routes should be used?
thx
#5
Intrusion Detection and Prevention / Re: Suricata stopped working after updating to 22.10 BE
November 01, 2022, 07:37:15 AM
figured out it was an issue within the zenarmor installation. I was not able to save any change without a error message about the configuration.
In the end I had to reset the config and re-install zenarmor to get it back to work.
In the end I had to reset the config and re-install zenarmor to get it back to work.
#6
Intrusion Detection and Prevention / [resolved] Suricata stopped working after updating to 22.10 BE
October 31, 2022, 11:44:41 AM
Hi
the service stopped working after updating to 22.10 business edition. This is what I can see in the logs, tried to activate on different interfaces, all the same issue.
Any ideas?
greY
the service stopped working after updating to 22.10 business edition. This is what I can see in the logs, tried to activate on different interfaces, all the same issue.
Any ideas?
Code Select
2022-10-31T11:39:31 Error suricata [107141] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:ix0/R failed: Cannot allocate memory
2022-10-31T11:39:02 Error suricata [107014] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:38:35 Error suricata [106896] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:38:08 Error suricata [106796] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:12:50 Error suricata [101682] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb6^ failed: Cannot allocate memory
2022-10-31T11:10:00 Error suricata [100664] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb6^ failed: Cannot allocate memorygreY
#7
Zenarmor (Sensei) / Re: Adding trunk interface breaks vlan routing
October 24, 2022, 11:13:14 AM
Hi @mb
yes I'm referring to th OPNsense Business Edition.
Versions
OPNsense 22.4.3_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1q 5 Jul 2022
Zenarmor
Engine Version: 1.11.5
UI Version: 22.9.22
Database Version: 1.11.22092202
yes I'm referring to th OPNsense Business Edition.
Versions
OPNsense 22.4.3_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1q 5 Jul 2022
Zenarmor
Engine Version: 1.11.5
UI Version: 22.9.22
Database Version: 1.11.22092202
#8
Zenarmor (Sensei) / Re: Adding trunk interface breaks vlan routing
October 23, 2022, 12:45:40 AM
yes, forgot to mention that. The bypass mode has no impact, only removing the interface enables the vlan routing again. This box is a Hyper-V guest.
I also tested the behavior on a business edition hardware box which seems not to have this issue.
I also tested the behavior on a business edition hardware box which seems not to have this issue.
#9
Zenarmor (Sensei) / Adding trunk interface breaks vlan routing
October 22, 2022, 08:41:53 PM
Hi,
looks like adding the trunk interface to the protected interfaces breaks the routing between VLANs.
Can anybody confirm?
Adding single VLANs seems to be OK, but then not able to protect the LAN...
Deployment mode: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver
Engine Version: 1.11.5 View Release Notes Version History
UI Version: 22.9.22
Database Version: 1.11.22092202
OPNsense 22.7.6-amd64
HW offload is default/disabled
greY
looks like adding the trunk interface to the protected interfaces breaks the routing between VLANs.
Can anybody confirm?
Adding single VLANs seems to be OK, but then not able to protect the LAN...
Deployment mode: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver
Engine Version: 1.11.5 View Release Notes Version History
UI Version: 22.9.22
Database Version: 1.11.22092202
OPNsense 22.7.6-amd64
HW offload is default/disabled
greY
#10
22.7 Legacy Series / Activation issue
October 14, 2022, 12:26:25 PM
Hi
trying to activate business edition from the community edition (22.7.5).
Seems it has an issue getting the right packages
I attached a few screenshots of the configuration, any ideas how to fix it?
Would like to avoid a fresh install of BE if possible.
greY
trying to activate business edition from the community edition (22.7.5).
Seems it has an issue getting the right packages
I attached a few screenshots of the configuration, any ideas how to fix it?
Would like to avoid a fresh install of BE if possible.
greY
#11
Zenarmor (Sensei) / Re: VLAN DHCP not working
March 13, 2021, 11:35:12 AM
Sensei is running as "Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver", bypass mode is not active (see attached)
My OPNsense is runing as a Hyper-V guest.
But driver issue makes sense to me. I have one another box running on dedicated hardware with a quite similar configuration regarding VLANs, without issues.
My OPNsense is runing as a Hyper-V guest.
But driver issue makes sense to me. I have one another box running on dedicated hardware with a quite similar configuration regarding VLANs, without issues.
#12
Zenarmor (Sensei) / VLAN DHCP not working
March 12, 2021, 09:58:35 PM
Hi
my setup is:
- LAN with 3 VLANS (10, 11 and 1010)
- DHCP relay, forwarding do an MS DHCP service
- Sensei 1.8
If sensei is configured for the parent LAN interface, all VLANs will not get IPs over DHCP. If sensei is configured for all VLANS (but LAN), DHCP for all interfaces is working as expected.
Does anybody have an idea what is going on there?
br
greY
my setup is:
- LAN with 3 VLANS (10, 11 and 1010)
- DHCP relay, forwarding do an MS DHCP service
- Sensei 1.8
If sensei is configured for the parent LAN interface, all VLANs will not get IPs over DHCP. If sensei is configured for all VLANS (but LAN), DHCP for all interfaces is working as expected.
Does anybody have an idea what is going on there?
br
greY
#13
General Discussion / Re: Firewall Rule
February 16, 2021, 09:31:58 AM
makes sense, thank you
setting firewall to "conservative" fixed it
setting firewall to "conservative" fixed it
#14
General Discussion / Firewall Rule
February 15, 2021, 10:36:23 PM
Hi
hope, somebody can help to understand or to fix a FW rule issue between LAN and a VLAN.
I have a screenshot attached, with a blocked packet due to a "default deny rule".
At the same time there is a "Default allow LAN to any rule" ;) ...
Any ideas what's the issue could be? I'm on OPNsense 21.1.1-amd64
thx
greY
hope, somebody can help to understand or to fix a FW rule issue between LAN and a VLAN.
I have a screenshot attached, with a blocked packet due to a "default deny rule".
At the same time there is a "Default allow LAN to any rule" ;) ...
Any ideas what's the issue could be? I'm on OPNsense 21.1.1-amd64
thx
greY
#15
General Discussion / Re: Rondom WAN drop out
November 26, 2020, 11:29:32 AM
experiencing possibly the same issue with 20.7.5
...mostly during MS Teams sessions.
...mostly during MS Teams sessions.
