Messages

Updated to latest version of zenarmor, whitelisting site doesnt work for me. I add it to whitelist but still being blocked with reason "Whitelisted" ??

I also dont see any blocks anymore on the UI (livesessions->blocks).

Hi,
Im running an external elasticsearch index for zenarmor, I had to reset/remove the whole index because reporting from zenarmor was not working anymore.

Now I have reporting partly working again except for a few parts (cant see blocks for example)

The error I get when opening the reporting page for block is:

Code Select Expand

{
  "error": {
    "root_cause": [
      {
        "type": "index_not_found_exception",
        "reason": "no such index",
        "resource.type": "index_or_alias",
        "resource.id": "alert_all",
        "index_uuid": "_na_",
        "index": "alert_all"
      }
    ],
    "type": "index_not_found_exception",
    "reason": "no such index",
    "resource.type": "index_or_alias",
    "resource.id": "alert_all",
    "index_uuid": "_na_",
    "index": "alert_all"
  },
  "status": 404
}

Is there a way to force the recreation of the whole index in a remote elasticsearch setup ? (i tried uninstalling zenarmor and reinstalling but did not recreate the whole index).

Thanks!

Hi, since about 2 days I get the error from zenarmor about disk being full. It also stopped logging to my remote elasticsearch. I see the temp dir is full

/usr/local/sensei/output/active/temp [ufs] (45M/48M)

How do I clean that out ?

blocking private IP's is disabled on  bridge/lan/wan

Hi,
Im trying to set up opnsense in bridge mode, followed the instruction on: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

Bridging works, but I get a lot of denies on "default deny rule" while I set an "allow any" on all interfaces (lan, wan and bridge) .. how can I check why the default deny rule gets hit ?

Hi, I reinstalled opnsense and reconfigured manually. Can I import the HAproxy of my old opnsense to my new ?

Hello,

Been trying to get mullvad wireguard to work in opnsense in bridge mode, I got the tunnel up but im not able to push traffic through the tunnel. Im wondering if it is possible in bridge mode ?

setting bypass mode did not make a difference

Thanks, I already added the IP's but im not sure if this also works to/from external destinations/sources ? When downloading/uploading, with sensei on the max download/upload is around 330/340 mbps, without sensei I get 940mbps.

The issue is not new also had this pre 21.7 just trying to work around it without disabling sensei

Hi,

Sensei is using 100% cpu and is capping my throughput, is it possible to exclude an IP in sensei so sensei does not scan the traffic at all ?
Have added the IP to the exempted network/ip list but sensei is still scanning.

Thanks, I was able to figure it out

Hi,

I am using sensei to block access to websites, while testing it seems to work, however, after being blocked I go to the URL bar again and just press enter and im allowed through to the website.. This happens when the page switches over from http to https, but it also happens when just pressing enter a few times in a row..

Also, will it be possible to redirect to a block page on https traffic ?
Thanks!

Hi,

I tried ntop, but not sure if that stores historical data.. Ntop seems to show what is happening now, did not see anything strange so I need a wider overview of a whole day per IP.

Im looking for an overview of per IP stats of ammount of upload and download, maybe top 10 ? Is that possible ?

Hi,

Is it possible to use sensei to check / report on which IP is uploading or downloading  ? I dont have alot of devices on my network, still one of my devices has been uploading data constantly, its about 20 to 25gb a day.. Last friday when i was at work, and did not do anything on my own home network, still I saw 40gb of data going out in the status screen of sensei..

How can i find out which device it is ?

Thanks!

Hello,

im trying to set up a mysterium node in a DMZ on opensense. Mysterium is a dVPN service running wireguard server in it. From the outside im able to forward traffic to the mysterium node and can see it connect to the node, but im having problems getting traffic back out from the node. The wireguard set up in the mysterium node sets up its own subnet 172.18.0.0/16 as "allowed subnet". I dont know how to allow this traffic to pass out. My DMZ has subnet 10.42.246.0/24 im not sure if this is the problem ?

I tried entering the subnet range 172.18.0.0 in an alias an allow it through using a rule with the alias set a source but the default rule keeps blocking the traffic. Tried all kinds of nat rules but still being blocked..