Messages

1

24.7 Production Series / Re: High CPU Interrupt Usage in XCP-NG

« on: August 01, 2024, 05:09:42 pm »

@Franco do you think this is possible? or is there an easy way to incorporate this FreeBSD patch within OPNsense?

I took a look at the FreeBSD patch documentation, but it didn't seem to be as simple as I would like. Also not sure if the FreeBSD patch command would even work correctly in OPNsense.

2

24.7 Production Series / High CPU Interrupt Usage in XCP-NG

« on: July 26, 2024, 07:20:30 pm »

I was wondering if the following fix could be implemented in to the next point release to resolve this false positive in regards to high cpu interrupt usage status for OPNsense VMs running in XCP-NG.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277231

3

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: May 29, 2024, 04:50:47 pm »

FYI, It looks like the FreeBSD maintainer that caused all this is trying to work with the upstream dev.
https://github.com/miniupnp/miniupnp/pull/671

However progress only just picked back up again by the looks of it.

4

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: May 27, 2024, 05:27:48 pm »

It does seem that this miniupnpd package is modified a fair bit from the upstream version from the original developer. I think maybe calling it a port is not really accurate, probably closer to say that it's a fork from the main developer.

Which blurs the lines a bit, but either way I do think that the FreeBSD maintainers seem to be lacking on maintaining their packages, or at least this one in particular.

I'm sure things will get sorted out eventually, it's just a shame on how this bug was handle by the FreeBSD maintainers. Notablely the individual that caused the issue in the past commit and then ultimately fixed it... although in a completely different repository

5

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: May 27, 2024, 04:27:58 pm »

Ya seems to be some favoritism here, I left a new comment on the FreeBSD bugzilla questioning this exact thing. Probably end up getting deleted if they really are playing favorites 

6

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: April 25, 2024, 03:28:58 pm »

OPNsense uses the FreeBSD port of miniupnpd, it is the FreeBSD port maintainers that need to update the package.

Link to the FreeBSD port of miniupnpd:
https://www.freshports.org/net/miniupnpd/

Link to the FreeBSD bugzilla for this issue:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277226

7

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: April 15, 2024, 05:20:25 pm »

Well I created a freebsd bugzilla account and commented on bug 277226. Not sure if it will make a difference, but I figure the more noise that is made... the more likely it will be fixed

8

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: April 11, 2024, 09:12:08 pm »

This issue appears to have been resolved upstream by the miniupnp devs with version 2.3.5
https://github.com/miniupnp/miniupnp/issues/719

I'm not familiar with how freebsd ports work... how do you get the maintainer of the freebsd port to update from source?

9

Intrusion Detection and Prevention / Re: ET Pro telemetry for testing?

« on: March 08, 2024, 10:52:20 pm »

I don't think in the current setup the rules would actually "fallback" to the open rule sets. These end up being 2 different rule sets. Within the GUI they will be displayed as "ET open/tor" and "ET telemtry/tor" respectively for example.

Also the ET Telemtry ruleset does not contain all the ET Pro nor all the ET Open rulesets as far as I can tell. Currently if using the ET Telemtry rulesets it's best to also enable the corresponding ET Open rulesets to get full protection. You just have to live with the duplicate signature errors within the log file.

https://forum.opnsense.org/index.php?topic=38976.0

10

Intrusion Detection and Prevention / Re: Suricata blocking Microsoft Teams

« on: March 08, 2024, 10:45:18 pm »

I use MS Teams all the time and have no issues. If you are usign the emerging-chat rules, you may want to disable them instead. However you can always disable the specific rules that are blocking the traffic instead. Some troubleshooting would be involved in monitoring the alerts to identify which rules are blocking the traffic though.

11

24.1 Legacy Series / Re: OPNsense 24.1.3_1 weird struggling with Wireguard and WEBUI

« on: March 08, 2024, 10:41:49 pm »

Interface:
Name: wg0 (same as for the Interface)
Address: 10.10.10.3/32
ListenPort: 54168
DNS servers: 10.10.10.1

Perhaps this is the issue?

If address is supposed to be your "Tunnel Address", you need to use the CIDR of the network such as /24 for example.

12

Intrusion Detection and Prevention / Re: ETPro Telemetry vs ETOpen Rulesets

« on: February 21, 2024, 09:52:30 pm »

I guess I should have searched github instead, looks like I'm not the only one and appears that only the ET Team can fix these issues.
https://github.com/opnsense/plugins/issues/3635

So duplicate rules it is then until these lists get updated in a way that makes sense.

13

Intrusion Detection and Prevention / ETPro Telemetry vs ETOpen Rulesets

« on: February 21, 2024, 05:38:24 pm »

Hello,

I am currently using the ETPro Telemetry version and have noticed large ruleset discrepancies from the ETOpen rules. Some rules are simply empty in the ETPro sets such as botcc,ciarmy,drop,dshield,emerging-ftp/pop3/rpc/tor... for example. There are more that are empty but I don't want to list them all at this time, for these using the corresponding ETOpen list works.

However some other lists have wildly different rules, the most extreme I have found so far is emerging-hunting. The ETPro list has 186 enabled rules, where as the ETOpen version has 1151 enabled rules. Why is the ETPro list missing over 800+ rules?

This is true for many other lists, emerging-attack_response/current_events/dns/dos/expoit... etc. Am I missing something here or is OPNsense doing something in the background that I am not aware of? Is it trying to consolidate lists or something? I have also noticed that all the ETPro lists have NO disabled rules unlike the ETOpen comes with many disabled ones.

So I can of course just enable both lists in ETPro/Open, but then you get duplicate warnings... which at this point seems like the best option and just ignore the errors and accept the performance hit.

Anyone else notice the same behavior and/or is there something I'm missing?

Thanks

14

23.1 Legacy Series / Re: DDNS IP/updated columns do not update

« on: February 16, 2023, 03:28:39 am »

I use no-ip for my ddns and in order to have the IP/Updated columns show information I have to set the Check IP Method to googledomains and use OPNsense for the backend. However by setting OPNsense as the backend, the ddclient service on the dashboard shows that it is down and not started.

Also if I set the Check IP Method to Interface IPv4, then ddclient will start once check/set the IP and then stop the service until the next manual start.

15

23.1 Legacy Series / Re: The new unbound reporting is pretty cool

« on: February 16, 2023, 03:21:16 am »

Unbound Reporting broke for me as well after the latest 23.1.1 update, however I managed to get it working again.

I had to disable Unbound reporting (uncheck the check box under Reporting > Settings and click save), I also cleared the unbound statistics.

I then made sure the following log settings under Unbound > Advanced were checked/Enabled
Log Queries
Log Replies
Tag Queries and Replies

After that I rebooted OPNsense, waited for a few minutes for everything to settle down and then went back to Reporting > Settings and enabled Unbound reporting again, clicked save and wa-la Unbound Reporting is working again.