Messages

Thank you Franco, Splunk is powerful but it isn't what I'm lookin for.
I'm searching for something simple like LogMX.
1. I export LOG from the last 30 days in CSV format from Reporting - Insight - Export - FlowSourceAddrDetails
2. I import them in a simple software
3. the software resolve the hostname of the public IP

Any other idea?

Hello, I need to create a report or an audit from the LOG files of the last month in OPNsense.
What software I can use? What files I must export?

Good morning, will Sensei one day consume less resources in terms of RAM and CPU?
For example an Atom CPU or a Celeron with 4GB or 8GB of ram?

Hello, I've found on different OPNsense firmware version that NAT rules are not applied until I reboot OPNsense.
Outbound NAT is in Manual outbound NAT rule generation (no automatic rules are being generated).
It's there a way to reload Outbound NAT without reboot?

I share an interesting reading about some test between FreeBSD and Linux:
https://medium.com/@matteocroce/linux-and-freebsd-networking-cbadcdb15ddd?fbclid=IwAR1Z5WOODJWTey3eEQZEtHGUP7uQTczcwLAT4qyLOa2Dlm_yBj-80mTwahM

Here the reply of a FreeBSD developer
https://twitter.com/ocochardlabbe/status/1063347386393743361

And here is the paper he wrote:
https://people.freebsd.org/~olivier/talks/2018_AsiaBSDCon_Tuning_FreeBSD_for_routing_and_firewalling-Paper.pdf

Have a nice read

Hello, I need help or suggestion with creation of OPNsense report.
The first report that I need is weekly report of Social Network usage:
- global;
- per source MAC address or source IP;
- can I specify what Social Network? For example Facebook?

The second report is daily with bandwith usage:
- global;
- per source MAC address or source IP;

In both report can I resolve destination IP to display the FQDN of destination?
Thank you

Hello, I'm trying to make working Suricata with OPNsense in Transparent Bridged mode.
According to this page:
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
I must setup (Suricata) Interface on WAN or BRIDGE or LAN?
What about (Suricata) Home Networks: blank (any) or the broadcast address of the transparent network?

I need to know how it's configured to work, for example: if I set only WAN as interfaces
A packet arrives from WAN, pass through Suricata and then it goes to BRIDGE?
PACKET --> WAN --> SURICATA --> BRIDGE --> LAN
or
PACKET --> SURICATA --> WAN --> BRIDGE --> LAN

Can I suggest to insert this settings of Suricata on OPNsense Web Configuration Page?
https://github.com/StamusNetworks/SELKS/wiki/Initial-Setup---Suricata-IPS
interface: WAN
threads: 4 # or a number that is below half the number of cores available
defrag: yes
cluster-type: cluster_flow
cluster-id: 98
copy-mode: ips
copy-iface: LAN
tpacket-v3: no
ring-size: 2048
use-mmap: yes

interface: LAN
threads: 4 # or a number that is below half the number of cores available
defrag: yes
cluster-type: cluster_flow
cluster-id: 98
copy-mode: ips
copy-iface: WAN
tpacket-v3: no
ring-size: 2048
use-mmap: yes

With the availability of this settings, I can make a transparent firewall with 3 interfaces:
em0 Management of OPNsense with IP
em1 WAN without IP
em2 LAN without IP
in this mode I don't need to create a bridge and all traffic is copied from "copy-iface:" option in Suricata (transparent).
The rule can be written on WAN or LAN indifferently.

Thank you for any precious help

The problem was the switch installed on WAN
Extreme Network X430
https://www.extremenetworks.com/product/x430-series/

Changed with another and the problem was gone, I think is IGMP Snooping problem like this post
https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#Switch.2FLayer_2_Issues

The other problem is that the connection speed slow down because both want to be the master.
Problem with OpenVPN, both reply on WAN.
If you shutdown, for example, the backup firewall, the connection speed drastically increase.

No, two identical hardware with OPNsense installed bare metal

Hello, I have setup an OPNsense with one WAN public IP and four Virtual Public IPs Alias.
How I can setup OPNsense to not surf on internet with the four Virtual IP Alias, but only the WAN IP?
Every client continue to change Public IP on which it surf internet.
Thank you

Anyone can help me?

Hello, I have two firewall with CARP VIP configured like the attached images.
On fw1 all IP are Master.
On fw2 3 IPs remain Master this 3 IPs simultaneously and I don't understand why?
If on fw1 I enter in CARP Maintenance Mode the fw2 becomes the Master on all IPs correctly.

Any help appreciated

Make sure Unbound has your VPN Subnet in there. By default, it only does the /32 and won't work.

https://imgur.com/a/eIeKp

I have a separate entry there for my VPN Network.

Thank you.
You are right, there is no VPN Subnet in Unbound Access List

I have an OPNsense with OpenVPN Server up and running.
In OpenVPN I have setup DNS and domain.
When I connect from Mac OSX with Viscosity I can't resolve name of internal server:
Tried short name
server
Tried long name
server.domain.local

Working with IP I don't have any problem.
Any suggestion?
Thank you