Messages

1

19.7 Legacy Series / Re: ETPro not working

« on: September 18, 2019, 10:56:19 pm »

I just found out I used the wrong token. I was under the impression the correct one was the code presented at check-out. However I did receive a token by email.
However with that token I still received the same errors.

I did, however, have the "IDS Proofpoint ET Pro ruleset (needs a valid subscription)". Removing that seems to have solved the errors.
Is it correct that those rules are for another subscription?

2

19.7 Legacy Series / ETPro not working

« on: September 18, 2019, 02:11:13 am »

Hi there,
I've just installed the ETpro rulesets and received the telemetry token.

However when I view my log files I see the following:

Sep 18 02:09:00    /send_telemetry.py: telemetry data collected 416 records in 0.29 seconds @2019-09-18 00:08:58.037806
Sep 18 02:08:24    /send_telemetry.py: unexpected result from https://opnsense.emergingthreats.net/api/v1/event (http_code 403)
Sep 18 02:08:00    /send_telemetry.py: telemetry data collected 411 records in 0.29 seconds @2019-09-18 00:07:57.929836
Sep 18 02:07:37    /send_telemetry.py: unexpected result from https://opnsense.emergingthreats.net/api/v1/event (http_code 403)
Sep 18 02:07:00    /send_telemetry.py: telemetry data collected 404 records in 0.35 seconds @2019-09-18 00:06:57.830542
Sep 18 02:06:07    /send_telemetry.py: unexpected result from https://opnsense.emergingthreats.net/api/v1/event (http_code 403)
Sep 18 02:06:00    /send_telemetry.py: telemetry data collected 397 records in 0.29 seconds @2019-09-18 00:05:57.748519
Sep 18 02:05:56    /send_telemetry.py: unexpected result from https://opnsense.emergingthreats.net/api/v1/event (http_code 403)
Sep 18 02:05:00    /send_telemetry.py: telemetry data collected 391 records in 0.29 seconds @2019-09-18 00:04:57.661354
Sep 18 02:04:56    /send_telemetry.py: unexpected result from https://opnsense.emergingthreats.net/api/v1/event (http_code 403)
Sep 18 02:04:20    /rule-updater.py: download failed for https://rules.emergingthreatspro.com/0dc63aa1d02cbde3e02582fd0b34b9016243828a/suricata-4.0/etpro.rules.tar.gz (http_code: 404)
Sep 18 02:04:13    /rule-updater.py: download failed for https://rules.emergingthreatspro.com/0dc63aa1d02cbde3e02582fd0b34b9016243828a/suricata-4.0/etpro.rules.tar.gz (http_code: 404)
Sep 18 02:04:00    /send_telemetry.py: telemetry data collected 383 records in 0.28 seconds @2019-09-18 00:03:58.658646
Sep 18 02:03:28    /rule-updater.py: download failed for https://rules.emergingthreatspro.com/0dc63aa1d02cbde3e02582fd0b34b9016243828a/suricata-4.0/etpro.rules.tar.gz (http_code: 404)
Sep 18 02:03:26    /send_telemetry.py: unexpected result from https://opnsense.emergingthreats.net/api/v1/event (http_code 403)
Sep 18 02:03:00    /send_telemetry.py: telemetry data collected 361 records in 0.31 seconds @2019-09-18 00:02:47.682815

The new rules are not being downloaded.
What could be the cause of this?
Any help would be much appreciated.

Cheers...

3

19.7 Legacy Series / Feature request: OpenVPN Redirect Gateway IPv6

« on: September 18, 2019, 12:06:52 am »

Hi there,
I've just setup my new OPNsense firewall coming from pfSense. I'm glad I switched as, for one thing, the interface is so much better.

After setting up an OpenVPN tunnel with both IPv4 and IPv6 I noticed there is no option to "Redirect Gateway" for IPv6 traffic. I checked and while I had "Redirect Gateway" checked IPv6 traffic bypassed the tunnel.

In the advanced configuration I added:
push "route-ipv6 2001::/3";

This pushes all client IPv6 traffic through the tunnel.

Since the interface states that the advanced section will be removed in future releases I would like to see an extra checkbox for redirecting gateway for IPv6.

Cheers

4

19.7 Legacy Series / HE.net IPv6 tunnel not working

« on: September 16, 2019, 01:14:57 am »

Hey there,
While I must be doing something wrong, I'm getting kind of frustrated with OPNsense.
I followed the OPNsense tutorial on setting up a gif interface with tunnelbroker.net.
On my dashboard it seems as though the IPv6 gateway is online.
However when I try to do a DNS lookup from the OPNsense interface all DNS servers are giving results except for the configured external IPv6 DNS servers.
I've created rules on both the WAN and the GIF interface stating to allow any outbound DNS traffic without any luck.
Also when I do a traceroute from the interface to the external IPv6 DNS server and leave the source address to default I receive "no route to host". This also happens when I change source address to WAN or the GIF interface.

Any help would be much appreciated.

Kind regards..

5

19.7 Legacy Series / Problems on fresh install with rules

« on: September 06, 2019, 02:11:36 am »

Hi there,

I'm a long time user of the other FreeBSD based firewall. I have, however, decided to migrate my environment to OPNsense. I am quite new to OPNsense so please bear with me.

I currently have the following setup;
- VMWARE ESXI with one IPv4
- OPNsense with one IPv4 on the WAN interface
- OPNsense with 4 LAN interfaces (10.1.1.0/24, 10.2.1.0/24, 10.3.1.0/24, 10.4.1.0/24)
- OPNsense OpenVPN on WAN interface (local IPv4 10.5.1.0/24)
- OPNsense DMZ interface with /28 public IPv4 and /64 IPv6
- OPNsense GIF interface for IPv6 tunnel to HE.net
- OPNsense using local unbound as DNS/DNS forwarder
My hosting provider (Hetzner) routes my /28 IPv4 subnet to the WAN IP.

With the default setup of OPNsense (eg no manual rules created), OpenVPN and the IPv6 tunnel I'm able to connect to OpenVPN and browse the internet. The same goes for clients on LAN01.

For my DMZ hosts however it's totally different, which I expected.
On the DMZ interface I created a rule to allow outbound IPv4 TCP/UDP traffic from the DMZnet to the OPNsense DMZ interface on destination port 53.
I figured that would be enough to have my DMZ hosts resolve internet hostnames, but it wasn't.
After trying lots of different possibilities I decided to copy the automatically created rules on LAN01.
Allow ANY incoming traffic from DMZnet to ANY, this somehow works.

Why is this though? I would figure to let DMZ hosts resolve to Unbound they would need to be allowed outbound traffic to port 53.

I've come across several similar but different issues in creating rules. While I do get things working I don't like my to use ANY to much and I'd like to understand what it is that I'm doing wrong.

Any help would be much appreciated.