Messages

1

General Discussion / Re: Opnsense / Deciso DEC firmware updates for CVEs?

« on: March 08, 2022, 04:03:50 am »

FYI.  I successfully updated the BIOS on my DEC850.  I used the linux image and extracted it to a USB key using a Mac.  After updating the BIOS and then powering off the unit and then back on, the BIOS setup reported version 9.
@AdSchellevis
Is there some sort of notification list we can sign up for to be notified of important BIOS updates like this?  If I hadn't spotted this thread on the forum, I never would have known of the update.

2

General Discussion / Re: Opnsense / Deciso DEC firmware updates for CVEs?

« on: March 05, 2022, 08:53:34 pm »

Ouch. Has anyone at Deciso successfully updated the BIOS on the DEC850 using the linux image provided?  Since I have a DEC850, I'm wondering if this is a problem with the provided BIOS updater.  I don't want to take the chance updating my DEC850 until confirmation where is no issue with the update.

3

Intrusion Detection and Prevention / Re: E-mail when alert or drop

« on: June 04, 2021, 02:37:58 am »

I read back through my posts in this thread.  And it looks like there needs to be a space between content= and "blocked".   So content=<space>"blocked"  it's hard to see.  That was my issue when I first set this up as well it appears.

I have a question for those who have set this up.  If the same suricata rule generates multiple "blocked" entries in eve.json in short period of time, when monit then eventually reads eve.json during the next scheduled polling period and sees all the new "blocked" entries, will that result in monit generating a new email message for each "blocked" entry it finds?  Or is it just one email for each polling period when monit finds andy "blocked" content in eve.json?   I'm asking because I'm wondering if I would get flooded with emails if some device triggered a suricata rule to block repeatedly.

4

21.1 Legacy Series / Re: Firewall live view/filter.log/overview all empty

« on: June 01, 2021, 01:33:54 am »

nevermind.  Firewall logs are updating after all

5

Tutorials and FAQs / HOWTO - UPS Status Email Alerts with Monit and apcupsd

« on: May 14, 2021, 03:04:04 am »

If you use the apcupsd package and you want to receive email alerts when the status of your UPS changes, then read on.  The information presented here will allow to you receive an email alert anytime the UPS status is anything other than "ONLINE".  This howto could be applied to any of the information presented by the apcupsd's apcaccess command.  The steps I describe below were performed on OPNsense v21.1.5

Install the apcupsd package:

• From shell, run "pkg install apcupsd"
• Modify /usr/local/etc/apcupsd/apcupsd.conf as appropriate for your UPS model
• Create the file /etc/rc.conf.d/apcupsd and put this line in it: pcupsd_enable="YES"
• From shell, run "service apcupsd start"
• From shell, run "service apcupsd status". This should result in saying that apcupsd is running
• From shell, run "apcaccess". If your apcupsd conf file is correct, you should get output regarding your UPS with the STATUS line saying "ONLINE"

My UPS is a APC BackUps Pro 1350, connected via USB cable to Opnsense. The portions of apcupsd.conf that I set are:

• UPSNAME APC1350S
• UPSCABLE smart
• UUPSTYPE usb
• I left DEVICE blank
• UPOLLTIME 60
• ONBATTERYDELAY 6
• BATTERYLEVEL 10
• MINUTES 5

Next you need a shell script that queries the UPS using the apcaccess command and then passes that information to Monit. The script code below makes two calls to apcaccess. The first call is just to gather all output from the apcaccess command so it will be passed to Monit. The 2nd call to apcaccess parses the output for the value of the STATUS line. The rest of the code checks the value of the STATUS line from the apcaccess output and if it is anything other than ONLINE, the script will return non-zero status (failure) to Monit, otherwise it returns zero (OK).

Code: [Select]

#!/bin/sh

/usr/local/sbin/apcaccess
STATUS=`/usr/local/sbin/apcaccess -p STATUS`
OK='ONLINE'
if [ $STATUS != $OK ]; then
echo $STATUS
exit 1
else
exit 0
fi


• Place the code above in a file and copy the file to /usr/local/opnsense/scripts/OPNsense/Monit
• Make sure your file has executable permission

Now we need to configure Monit. The first step is to configure your email account information:

• Navigate to Services->Monit->Settings
• Click on the General Settings tab
• Enter your email server/account information
• Select "Enable Monit"
• Click Save

Next we need to configure Monit to send a email notification anytime there is a failure status:

• Click on the Alert Setting tab
• Click the plus sign to add a new alert
• Select Enable Alert
• Place the email address you want to receive the alert at in the Recipient box
• In the Events dropdown, select "Status failed"
• In the "Mail format" box put "From: xxx" where xxx is the email address where the message will originate (the same email account you put in the General Settings tab
• Click Save

Finally we need to tie the apcaccess status script in to Monit:

• Click on the Service Settings tab
• Click the plus sign
• Select "Enable service checks"
• Set Name to something descriptive like UPSStatusCheck
• Set Type to Custom
• In the Path box put: /usr/local/opnsense/scripts/OPNsense/Monit/xxx where xxx is the name of your script file
• Leave Start and Stop blank
• For Test select NonZeroStatus
• Leave Depends set to NothingSelected
• Click Save

Everything should be working at this point. Navigate to Services->Monit->Status. After the poll period on the General Settings tab has passed, you should see the output from the apcaccess command.  Please note that how quickly you are notified of UPS status changes depends on your Monit Polling Interval and the apcupsd polling interval.

6

21.1 Legacy Series / Re: CVE-2020-15078

« on: April 28, 2021, 10:29:18 pm »

https://forum.opnsense.org/index.php?topic=22765.0

7

21.1 Legacy Series / Re: Unable to access gui after lan ip change.

« on: April 27, 2021, 09:44:11 pm »

FYI.  I'm currently on v21.1.5. I recently changed my LAN IP from 192.168.1.1 to 10.0.0.1 and I had no problem accessing the GUI after the change. However, I changed the LAN IP using the console option designed for specifically doing that, rather than making the IP change via the GUI.

8

Hardware and Performance / Re: OPNsense DEC-850 questions

« on: April 26, 2021, 09:24:48 pm »

FYI. I emailed "sales@deciso.com" with regard to SFP modules and got this response:

We tested some modules/Direct Attached cables:

Transceivers/modules:
 
Cisco: SFP-10G-SR-S / 10-3105-01
FS.com: SFP-10GSR-85
FS.com: SFP-10GLR-31
FS.com: SFP-10GT
Uptime: UP-TR-SR-CI
 
DA kabels:
 
J9281B                                 : Aruba or HPE ProCurve 10-GbE SFP+ 1m Cable
37-0960-03                         : Cisco SFP-H10GB-CU1M
AXC761-10000S                : Netgear


We tested the 10G Ethernet modules from FS and confirm they support 1, 5 and 10Gb ethernet. 2.5G seems not supported (yet).

9

Hardware and Performance / Re: OPNsense DEC-850 questions

« on: April 23, 2021, 04:50:10 am »

Did they give you any details regarding supported SFP modules?

10

Hardware and Performance / Re: OPNsense DEC-850 questions

« on: April 22, 2021, 08:30:33 pm »

I'm curious about the answers to some of your questions as well. However, I do know the DEC800 and DEC3000 series are based on their new A20 board and according to the following link, one M.2 slot supports both PCIe (NVMe) & SATA and the other is PCIe (NVMe) only.

https://www.deciso.com/netboard-a20/

As for the SFP modules, it would. seem it supports both 1Gb and 10Gb modules, according to a little digging I did which I detailed in the last post on this thread:
https://www.reddit.com/r/OPNsenseFirewall/comments/mim0kl/sfp_on_the_dec840/gudy3ts/?context=3