Messages

This is the Output of the Log this morning in the GUI:

Jun 16 08:17:38 apinger: alarm canceled: VLAN11_USGW(192.168.2.1) *** down ***
Jun 16 08:17:37 apinger: alarm canceled: WANGW(MY-WANIP) *** down ***
Jun 16 08:17:10 apinger: ALARM: WANGW(MY-WANIP) *** down ***
Jun 16 08:12:17 apinger: alarm canceled: WANGW(MY-WANIP) *** down ***
Jun 16 08:09:34 apinger: ALARM: VLAN11_USGW(192.168.2.1) *** down ***
Jun 16 08:09:33 apinger: ALARM: WANGW(MY-WANIP) *** down ***

So far I found out that there is an Realtek RTL8111/8168/8169/8411 chip inside. I found this in the Net so I can check when I'm home. Or is there a way to see that?

And of course I disable all Hardware offloading.  :P

[IPS mode]

So I just test it again.
As soon I activate IPS mode the WAN Interface will go offline in less than 4 minutes.

Are there some logfiles or settings which I can check?

I just use the rulesets   
abuse.ch/Dyre SSL IPBL
abuse.ch/Feodo Tracker
abuse.ch/SSL Fingerprint Blacklist
abuse.ch/SSL IP Blacklist

this of course loaded 2294 Rules.

I'm using 8068 MB

I tested it again. starting a download will not raise the Memory usage wich is at 10%. It seem's that simply the WAN intreface Status says offline.

Hi,

I'm using the actual updated OPNsense on a ZOTAC-CI323nano cube. Configured physical WAN Interface and one LAN Interface with some VLANS.
So far the Performance is really great.
As soon I activate the Intrusion Detection IPS mode the download rate goes down by 30%.
The CPU load is below 20% then.
In case I activate the abuse.ch/* rules the Internet Connection will drop after a few minutes. In the alert tab I do not see any drop packets.

Any Idea or in which area I should look?

Hi,

first thanks. I think my explanation was a bit unclear.  :o  My use case is that I'm using two VLANS here. One VLAN is used for local I-Net traffic. Most of my clients using in that NW. The other VLAN is only for the US I-Net. The US VLAN should be isolated like a guest network. Actually I managed to isolate it via an access rule connecting to the other VLANs. As soon I will ping my local WAN address it gets a direct reply from OPNsense. Is there a way to block this?
The goal is that all the traffic in the US VLAN should go the VPN and has no connection somewhere else.

I hope it makes it a bit clearer. :P

Hi,

I think I need a little help from someone who can point me in the right direction.
Just a little bit to my setup. I have one WAN connection and several VLANS to keep the things separated. I have a permanent VPN to the US which is currently connected to a FritzBox over there. The Tunnel phase2 is set to one VLAN. So far so good most of the traffic in this VLAN goes to the VPN. But when I ping my local WAN address OPNsense decide to send the traffic directly to my local WAN interface. Is there a way to deny that? I managed with a simple access rule with an Alias that the traffic goes not to the other VLAN's. I really like to access my wan interface but from my US IP-Address.

Many thanks for some good ideas  ;)