"
Issue remains with latest version
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
22.1 Legacy Series / Re: IPS Problems after upgrade
June 16, 2022, 09:23:32 AM
So is this issue still unresolved or it just won't be resolved. In that case, can someone from the dev team provide an answer and recommendation? At least if removing USB adapters is necessary we have to know.
It is my understanding that the MOST important reason to have a firewall is the IDS system nowadays. So if something so trivial as not being able to work with USB adapters is confirmed, it should at least be put to the documentation.
Thanks
It is my understanding that the MOST important reason to have a firewall is the IDS system nowadays. So if something so trivial as not being able to work with USB adapters is confirmed, it should at least be put to the documentation.
Thanks
#3
22.1 Legacy Series / Re: IPS Problems after upgrade
March 19, 2022, 06:30:32 AM
This issue still remains after all recent updates. Anyone still facing the same problem?
It is my understanding that replacing the USB interface cannot be considered a solution.
It is my understanding that replacing the USB interface cannot be considered a solution.
#4
22.1 Legacy Series / Re: IPS Problems after upgrade
January 30, 2022, 06:54:31 PM
Thank you for such fast reply.
I updated my initial post (perhaps you did not see it in time) that I have removed all rules from the system manually. Issue remains.
I feel I have to repeat, though, all this started when i updated to VERSION 22.
Here is everything that is logged since starting IDS/IPS until it just starts dropping everything:
I updated my initial post (perhaps you did not see it in time) that I have removed all rules from the system manually. Issue remains.
I feel I have to repeat, though, all this started when i updated to VERSION 22.
Here is everything that is logged since starting IDS/IPS until it just starts dropping everything:
Code Select
2022-01-30T19:50:44 Notice suricata [100183] <Notice> -- all 4 packet processing threads, 4 management threads initialized, engine started.
2022-01-30T19:50:44 Notice suricata [101761] <Notice> -- opened netmap:ue0/T from ue0: 0x886493300
2022-01-30T19:50:44 Notice suricata [101761] <Notice> -- opened netmap:ue0^ from ue0^: 0x886493000
2022-01-30T19:50:44 Notice suricata [101754] <Notice> -- opened netmap:ue0^ from ue0^: 0x85bc93300
2022-01-30T19:50:44 Notice suricata [101754] <Notice> -- opened netmap:ue0/R from ue0: 0x85bc93000
2022-01-30T19:50:44 Notice suricata [101753] <Notice> -- opened netmap:bge1/T from bge1: 0x830e93300
2022-01-30T19:50:44 Notice suricata [101753] <Notice> -- opened netmap:bge1^ from bge1^: 0x830e93000
2022-01-30T19:50:44 Notice suricata [101746] <Notice> -- opened netmap:bge1^ from bge1^: 0x806693300
2022-01-30T19:50:44 Notice suricata [101746] <Notice> -- opened netmap:bge1/R from bge1: 0x806693000
2022-01-30T19:50:44 Warning suricata [100183] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded!
2022-01-30T19:50:43 Notice suricata [100213] <Notice> -- This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
2022-01-30T19:50:43 Notice suricata [100293] <Notice> -- Stats for 'ue0': pkts: 10153, drop: 0 (0.00%), invalid chksum: 0
2022-01-30T19:50:43 Notice suricata [100293] <Notice> -- Stats for 'bge1': pkts: 0, drop: 0 (nan%), invalid chksum: 0
2022-01-30T19:50:43 Notice suricata [100293] <Notice> -- Signal Received. Stopping engine.
#5
22.1 Legacy Series / IPS Problems after upgrade
January 30, 2022, 06:10:51 PM
Hello,
I maintain a fairly simple installation of OPNsense for many years now (2 WANs, IDS/IPS enabled on WAN1,WAN2) Today I upgraded to latest version (22) and started having issues with intrusion detection. In particular all of a sudden I totally lose connectivity to WAN interface after a couple of minutes. For the first two minutes after Suricata restart, everything works fine. I examined the logs but cannot find anything relevant. I disabled all rulesets (haven't started with policies yet) yet issue remains (btw, I don't know why but rules remain active even I disable all rulesets).
Only workaround is to disable IPS.
I would appreciate some help as I have not dealt with IDS in detail over the years mainly due to lack of time but also because it used to work fine with all the defaults.
Some details:
wan1 IP: 192.168.1.244 (wan1 gateway IP 192.168.1.254)
wan2 IP: 192.168.2.244 (wan2 gateway IP 192.168.2.254)
lan: 10.1.1.0/24
UPDATE1: I have tried the following: 1) removed all rules via CLI. Everything empty 2) Problem still remains.
UPDATE2: I forgot to mention that of course all interface offloading settings are applied as suggested by documentation.
Thank you
I maintain a fairly simple installation of OPNsense for many years now (2 WANs, IDS/IPS enabled on WAN1,WAN2) Today I upgraded to latest version (22) and started having issues with intrusion detection. In particular all of a sudden I totally lose connectivity to WAN interface after a couple of minutes. For the first two minutes after Suricata restart, everything works fine. I examined the logs but cannot find anything relevant. I disabled all rulesets (haven't started with policies yet) yet issue remains (btw, I don't know why but rules remain active even I disable all rulesets).
Only workaround is to disable IPS.
I would appreciate some help as I have not dealt with IDS in detail over the years mainly due to lack of time but also because it used to work fine with all the defaults.
Some details:
wan1 IP: 192.168.1.244 (wan1 gateway IP 192.168.1.254)
wan2 IP: 192.168.2.244 (wan2 gateway IP 192.168.2.254)
lan: 10.1.1.0/24
UPDATE1: I have tried the following: 1) removed all rules via CLI. Everything empty 2) Problem still remains.
UPDATE2: I forgot to mention that of course all interface offloading settings are applied as suggested by documentation.
Thank you
#6
Intrusion Detection and Prevention / IPS causes Internet access issues
October 19, 2019, 09:44:17 AM
Hello.
I have a single OPNsense installation which remains untouched over time. All updates are installed.
I hava noticed that over the last few version there are issues with IPS. I have seen other recent post in the forum which mentions there is no internet when IPS is on.
In my case, some sites have issues. Only some (I have a suspicion this is caused also when we try to connect somewhere via FTP but I was not able to confirm it yet).
Let me illustrate with two simple examples:
1. Trying to install Chrome. The setup file tries to download the latest version (obviously) before installing.
When IPS is on it cannot. Switching it off resumes download immediately.
2. Last week I had problems with Anydesk. Switching IPS off resumed access. I have found some rules regarding this program, and I totally understand this could pose a security threat. But I really can't understand why the blocking applies to outbound traffic as well.
I do not mess with all the rulesets, I have scheduled updates and all rules are the default. No custom rules.
Please let me know if you need more information.
Thank you
I have a single OPNsense installation which remains untouched over time. All updates are installed.
I hava noticed that over the last few version there are issues with IPS. I have seen other recent post in the forum which mentions there is no internet when IPS is on.
In my case, some sites have issues. Only some (I have a suspicion this is caused also when we try to connect somewhere via FTP but I was not able to confirm it yet).
Let me illustrate with two simple examples:
1. Trying to install Chrome. The setup file tries to download the latest version (obviously) before installing.
When IPS is on it cannot. Switching it off resumes download immediately.
2. Last week I had problems with Anydesk. Switching IPS off resumed access. I have found some rules regarding this program, and I totally understand this could pose a security threat. But I really can't understand why the blocking applies to outbound traffic as well.
I do not mess with all the rulesets, I have scheduled updates and all rules are the default. No custom rules.
Please let me know if you need more information.
Thank you
Pages1
