Messages

1

20.1 Legacy Series / Re: Random and non client specific disconnects

« on: April 15, 2020, 02:00:24 am »

I dunno if this helps but i had a similar problem with having ipv4 and ipv6 wan addresses and for some reason it was causing a problem. I removed the ipv6 gateway bound to the WAN and fixed my issue.

2

19.7 Legacy Series / Re: openvpn client export

« on: December 11, 2019, 12:43:48 am »

never mind pebkac

3

19.7 Legacy Series / openvpn client export

« on: December 10, 2019, 11:39:14 pm »

upgraded recently to 19.7.7 , not sure if this was the cause as i haven't created a new user in a while. But after new user is created & cert. When i go into openvpn client export the user is not there, anyone else experience this.....?

4

19.7 Legacy Series / GEOIP in NTOP map

« on: October 31, 2019, 12:47:45 am »

Dont use this too much but seems that the geoip map in ntop no longer works. Made sure that the Geo databases are in /usr/local/share/ntopng/httpdocs/geoip but still nothing. I see that pfsense has a patch for this in recent versions. Im running latest 19.7.5_5 tried on 2 boxes both with same results.

5

19.7 Legacy Series / Re: schedule a reboot

« on: October 28, 2019, 03:32:28 pm »

a cron would work 

6

19.7 Legacy Series / Re: Source NAT over IPSEC

« on: October 28, 2019, 02:30:42 pm »

Ok i will have to give this a try over the weekend and will report back , I also assume that i need to add the NAT network the Manual SPD entry section in the phase 2 proposal settings?

7

19.7 Legacy Series / Re: Source NAT over IPSEC

« on: October 28, 2019, 02:15:16 pm »

Thanks,
 In researching BINAT it seems that this is only avail in the One-to-one NAT section. Im just wondering if this will work or not in my scenario. Currently on the edgerouter I have source NATs from multiple LAN IP's  to the translated IPSEC NAT address. So it not exactly the same configuration, dont care if it accomplishes the same task but currently all the LAN machines have their own mapped NAT IP to go out the tunnel.

8

19.7 Legacy Series / Source NAT over IPSEC

« on: October 28, 2019, 12:13:09 am »

Hello,
I need to do a source NAT over an IPSEC tunnel , when i apply the rule no traffic seems to go through. I did pull up some old posts on this not being supported only via 1-1 NAT only, Can anyone shed any more information on this? I have ubiquity edge router that does this and is also using strongswan.

9

19.7 Legacy Series / Re: Hardware sanity check please

« on: September 30, 2019, 04:34:13 pm »

I have been using these quotom devices for some production sites for months, they work very well so far. I order them from aliepxress bare bones and add my own memory and SSD as i like to use samsung pro ssd's and generally decent memory like crucial or sammy.

OH btw if you do get these , you will need to open then up and set a jumper so that they power on from power loss by default. i learnt this the hard way. Mine did not ship with the jumper in this position so they did not auto power on. The BIOS is read only , you cannot save any settings within it. Also while setting the jumper i applied better thermal grease and noticed about 4-5 ~C temperature drop which is nice.

10

19.7 Legacy Series / Re: Logging Issues

« on: September 14, 2019, 06:31:53 pm »

arrgh i think this might be a non - OPNsense issue now that im looking at the logging server.

11

19.7 Legacy Series / Logging Issues

« on: September 14, 2019, 06:14:57 pm »

Since the upgrade to 19.7 remote logging seems to be very broken. I have disabled remote syslog from settings--> Logging and now using the logging / targets.

Im my case I only have suricata selected (nothing selected in levels & facilities) apparently this means all I have  UDP 4 connection to my logging server over a vpn tunnel.

via suricata i have the eve output selected and if i view the logs from Opnsense, suricata logs i can see that logs are present. I do not receive these logs to my logging server. I have tested connectivity to the logging server that is ok. I can see in the log that the connection is edtablished. syslog connection established; fd='25', server='AF_INET(10.11.0.1:5151)', local='AF_INET(0.0.0.0:0)'

Any insight is appreciated - i did upgrade from 19.1.10 which was working great using the old logging configuration

12

Intrusion Detection and Prevention / surpressing noisy suricata alerts.

« on: September 06, 2019, 01:42:05 am »

Is there any way to suppress an alert with the signature ID and source + destination IPs? from the GUi it looks like its just source + destination IP, which is a little too broad and dont want to disable some rules altogether.

I think this is just adding a custom rules config somewhere but where ?

Thanks

13

19.7 Legacy Series / Re: Syslog-NG - assign a remote port other than 514

« on: August 31, 2019, 10:34:49 pm »

Thanks, im going to start migrating to the new logging output, but seems that the legacy option should be removed? as it does not seem to work on 19.7.3

14

19.7 Legacy Series / Re: Syslog-NG - assign a remote port other than 514

« on: August 31, 2019, 04:01:11 am »

yup i have lost remote logging as well. i am on 19.7.3. although i do not see that path or file. in /usr/local/etc/ there is just a sylog-ng-conf file that seems to just be default with no modifications. Good thing ive tested this version our before mass deployment 

15

Hardware and Performance / Re: Python CPU running at 100

« on: August 31, 2019, 02:35:23 am »

I just cleared my RRD graphs and netflow data and that seems to have resolved the issue so far. CPU seems back to normal... but still monitoring.