Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - xoclutch

Pages1
#1
20.7 Legacy Series / Suricata/Transparent Firewall Randomly working/not working
August 27, 2020, 01:13:34 PM
I have a pretty basic Transparent Firewall running opnsense i setup using this guide: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

When I enabled IPS.  It will start alerting to some traffic/test eicar files, but then will stop working.

It seems to be detecting traffic very rarely, and whenever i update the rule list, or change a setting, it stops working, then will randomly alert later.

I have tried every combination of settings/etc trying to get it working. 


Does Suricata work in Transparent Bridge mode?  I am running the latest version of opnsense.  And recommendations on special settings that might help correct this strange issue?  Logs look clear, and everything is running fine.  It's just not alerting correctly.  It seems like the more i mess with it, the less it works.

Thanks



#2
20.7 Legacy Series / Re: BGP Dead after upgrade to 20.7
August 17, 2020, 10:39:49 PM
Thanks Everyone!

Latest Patch Fixed it.
#3
20.7 Legacy Series / BGP Dead after upgrade to 20.7 (Solved)
August 02, 2020, 11:48:39 AM
After upgrading to the latest (20.7) BGP refuses to transfer routes.  It connects, shows established, says its transferring routes, but nothing is actually being transferred, nothing appearing in logs.

Just Broke.  This is occurring with both Opnsense to Cisco Switch, and Opnsense to Mikrotik router.  Everything works fines with other versions.

Trying to find log information, but nothing seems to be appearing in the logs related to the issue.
#4
19.7 Legacy Series / Re: BGP/VTI/IPSEC/Loopback/Cisco Woes [SOLVED]
September 03, 2019, 05:48:08 AM
router bgp 65001
bgp router-id 192.168.0.3
bgp disable-ebgp-connected-route-check
neighbor 192.168.0.21 remote-as 395021
neighbor 192.168.0.21 ebgp-multihop 255
neighbor 192.168.0.21 disable-connected-check
neighbor 192.168.0.21 update-source lo0
#5
19.7 Legacy Series / Re: BGP/VTI/IPSEC/Loopback/Cisco Woes
September 03, 2019, 12:40:51 AM
Actually I think I know whats going on... I think the Connected subnets arnt being routed correctly.. Sorry for the trouble
#6
19.7 Legacy Series / BGP/VTI/IPSEC/Loopback/Cisco Woes
September 02, 2019, 11:26:08 PM

Been banging my head on VTI/Ipsec/BGP shit between these two sites.  Have static routes working, Traffic flowing, But the BGP peer on the Opnsense2 Side wont even attempt to make a connection. frr seems to not like the setup, I've edited the conf file and added update-source lo0 and ebgp-multihop 255, but nothing seems to work.  Thoughts?  Setup below:

Cisco 9200 -> Opnsense1 -> IPSEC/VTI/Internet -> Opnsense2

Cisco 9200 = Loopback 0 = 192.168.0.21
router bgp 395021       
neighbor 192.168.0.3 remote-as 65001
neighbor 192.168.0.3 ebgp-multihop 255
neighbor 192.168.0.3 update-source Loopback0

Opnsense2 = Loopback = 192.168.0.3
router bgp 65001
bgp router-id 192.168.0.3
neighbor 192.168.0.21 remote-as 395021       

VTI:
Opsense1: 192.168.199.1
Opsense2: 192.168.199.2

Opsense2:
Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
192.168.0.21    4     395021              0       0        0    0    0    never       Active

Cisco 9200:
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.0.3     4        65001       0       1        1    0    0 00:00:23 OpenSent

Static Routes:

Opsense2:
192.168.0.21 - Gateway 192.168.199.1

Opsense1:
192.168.0.3 - Gateway 192.168.199.2

Cisco 9200:
Gets Routes via Ospf

#ping 192.168.0.3 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.21
!!!!!












Pages1