"
Same problem here, after update Suricata is now up into 80 to 90% of CPU usage, my CPU was hovering for the past 6 months, over multiple updates, around 20 to 30% and now it is averaging around 70 to 80%, with peaks over 90%.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
21.7 Legacy Series / Re: 21.7.3_1 - higher system load after upgrade caused by Suricata
September 29, 2021, 02:49:01 PM #2
General Discussion / DNS calls to opnsense.emergingthreats.net
November 30, 2020, 07:37:44 PM
I have installed Suricata and I use the ET Telemetry. I also have a Pihole as my local DNS, resolves back to Unbound in OPNSense
The Pihole has hundreds of calls per minute to opnsense.emergingthreats.net, see example from Pihole log below. The calls are from my OPNsense firewall (192.168.121.1), that's why I am posting on this forum
Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25
Nov 29 10:01:11 dnsmasq[580]: query[AAAA] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is NODATA-IPv6
Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25
I checked my Suricata logs and the Unbound logs in OPNSense, nothing going on (e.g. no calls out to 72.12.200.25 - Wintek.com - data provider).
Any suggestions on how to diagnose what is going on ?
The Pihole has hundreds of calls per minute to opnsense.emergingthreats.net, see example from Pihole log below. The calls are from my OPNsense firewall (192.168.121.1), that's why I am posting on this forum
Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25
Nov 29 10:01:11 dnsmasq[580]: query[AAAA] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is NODATA-IPv6
Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25
I checked my Suricata logs and the Unbound logs in OPNSense, nothing going on (e.g. no calls out to 72.12.200.25 - Wintek.com - data provider).
Any suggestions on how to diagnose what is going on ?
#3
General Discussion / Re: Wireguard and NAT rules
June 22, 2019, 08:50:46 PM
Thank you so much for the very clear instructions. It worked as soon as I set up the rule.
I have attached a copy of the NAT rules in case somebody else has the same problem.
I have attached a copy of the NAT rules in case somebody else has the same problem.
#4
General Discussion / Wireguard and NAT rules
June 22, 2019, 03:47:35 PM
I have a surveillance software (BlueIris) on a dedicated Windows 10 PC on my local network (ip 192.168.11.20). It can be accessed via a CellPhone app or via a web interface. I would like to access it remotely via VPN (so that I don't to open ports... )
I have installed Wireguard on OpnSense and I can access my servers, VM, NAS, and my local PCs remotely (I have Allowed IP in the client as 0.0.0.0/0, and DNS= 192.168.11.1).
However, while I can ping the BlueIris PC and reach the PC, I cannot access BlueIris via its web interface or via cell phone application (which is properly configured, both WAN and LaN are the local network address). BlueIris gives an error message saying " LAN access only" and it shows in its local screen that I am trying to access it via my VPN tunnel address (10.10.9.2) , which I suppose it is rejected as it is not recognized a LAN address (e.g. 192.168.11.x).
I used in the past OpenVPN on a DD-WRT router and all worked well (e.g. I could access BlueIris remotely) , thus my guess is that I am missing a proper configuration in Opnsense, which I installed it a few weeks ago.
I am a noob but my guess is that I need to 'tell' opnsense that my tunnel addresses are to be considered a local network - my guess is that I am missing a NAT configuration, but I wasn't able to find an answer in google (I probably need the right search terms).
My NAT in opnsense is configured as per attached (to allow wireguard connections to access internet, thus I know won't help in this case).
Can you please point me to the relevant resources/google searches? Otherwise I can provide specific information on my setup to track down the issue.
I have installed Wireguard on OpnSense and I can access my servers, VM, NAS, and my local PCs remotely (I have Allowed IP in the client as 0.0.0.0/0, and DNS= 192.168.11.1).
However, while I can ping the BlueIris PC and reach the PC, I cannot access BlueIris via its web interface or via cell phone application (which is properly configured, both WAN and LaN are the local network address). BlueIris gives an error message saying " LAN access only" and it shows in its local screen that I am trying to access it via my VPN tunnel address (10.10.9.2) , which I suppose it is rejected as it is not recognized a LAN address (e.g. 192.168.11.x).
I used in the past OpenVPN on a DD-WRT router and all worked well (e.g. I could access BlueIris remotely) , thus my guess is that I am missing a proper configuration in Opnsense, which I installed it a few weeks ago.
I am a noob but my guess is that I need to 'tell' opnsense that my tunnel addresses are to be considered a local network - my guess is that I am missing a NAT configuration, but I wasn't able to find an answer in google (I probably need the right search terms).
My NAT in opnsense is configured as per attached (to allow wireguard connections to access internet, thus I know won't help in this case).
Can you please point me to the relevant resources/google searches? Otherwise I can provide specific information on my setup to track down the issue.
Pages1
