Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - gregober

Pages1
#1
19.1 Legacy Series / Sending NetFlow data through encrypted IPSec tunnel
June 26, 2019, 08:15:06 PM
I wanted to know if it was possible to encrypt NetFlow data from the OPNsense box to an external NetFlow Collector using IPSec ?

For the time being, It looks like NetFlow traffic does not enter into the VPN and thus can't be sent remotely through IPSec.

Do you have any idea how to solve this ?


Sincerely yours.
#2
19.1 Legacy Series / Re: Flow export does not seem to work
June 25, 2019, 05:35:39 PM
Quote from: gregober on June 24, 2019, 04:26:21 PM
It looks like if you are planning to use samplicate to send your flows to a remote NetFlow collector for enhanced analysis, flow is not exported.

Despite some tests using tcpdump on all interfaces to track down traffic sent to the specified host in the config "Destination", nothing seems to be sent to this IP address.

So I am wondering if there is not a bug in the samplicate package or if It has been tested with remote hosts.

Some old posts seem to point in the same direction.
https://forum.opnsense.org/index.php?topic=11755.msg53287#msg53287
https://forum.opnsense.org/index.php?topic=12433.msg57172#msg57172

It is working as expected.
No problem with samplicator or OPNsense.
#3
19.1 Legacy Series / Flow export does not seem to work
June 24, 2019, 04:26:21 PM
It looks like if you are planning to use samplicate to send your flows to a remote NetFlow collector for enhanced analysis, flow is not exported.

Despite some tests using tcpdump on all interfaces to track down traffic sent to the specified host in the config "Destination", nothing seems to be sent to this IP address.

So I am wondering if there is not a bug in the samplicate package or if It has been tested with remote hosts.

Some old posts seem to point in the same direction.
https://forum.opnsense.org/index.php?topic=11755.msg53287#msg53287
https://forum.opnsense.org/index.php?topic=12433.msg57172#msg57172
#4
17.7 Legacy Series / Regression with 4G modem on 17.7
October 10, 2017, 06:20:41 PM
There is a regression with 17.7 where 4G modem (we use Huawei) is no longer detected at boot.
We have been testing both version 17.1 where things are working 90% of the time and with 17.7 where it does not work at all.

The USB device is simply randomly detected during startup.

Quote
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED
usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED
usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED
usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED
usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED


We will test that with FreeBSD 11 and see how It works.

Will try to follow-up and let you know how It goes.
#5
17.1 Legacy Series / Re: [CALL FOR TESTING: amd64] SafeStack base and IPsec IPv4 TCP connection aborts
March 17, 2017, 08:36:19 AM
I have installed It on my home router (APU 1D4).
PPPoE + DynDNS (using FreeDNS) + IPSec

No problem, simply had to also upgrade another router to 17.1.3 to have IPSec working again.
Can't really tell if this is because of the upgrade or not. Just can report that It has been working again after reboot of remote node (using 17.1.3 standard).

#6
15.1 Legacy Series / Re: [Request for Testing] 15.1.11-amd64 driver backports from 10-STABLE
June 04, 2015, 01:31:23 PM
Anyhow for ath, beside the interface problem, It seems quite stable.
Problem is to find the right settings for your staff... and make sure It is compatible with most setings.

Maybe a little mail to Adrian Chad could be interesting to see where he is standing with his updates.
Maybe he could push smthg interesting to 10.x ?
#7
15.1 Legacy Series / Re: [Request for Testing] 15.1.11-amd64 driver backports from 10-STABLE
June 04, 2015, 01:25:13 PM
Considering the very small amount of updates to ath... I am not sure It is worst testing ?

Shouldn't change much. 
#8
15.1 Legacy Series / Re: WiFi general quality
June 04, 2015, 12:12:19 AM
This is indeed very good news !

The overall WiFi still lacks reliability, It works, but It is a bit "rough around the edge".
One needs to find the right settings for all devices on the network. I ended up having my IPhone 6 working ok but not my MacBook Air... strange things.

Also the tx frequency never goes past 52 MB/s where it should normally be able to reach higher rates (300 MB/s). Don't know if MIMO is fully usable or not.

Your next update should allow us to move forward with WiFi and OPNSense... which was (is) a serious problem with pfSense where we are still stuck with 802.11G since ages. I know that 802.11 is moving slowly in FBSD and that a lot of work seems to be done in 11 - but seems to be partially (fully ??) back-ported to 10... 

Thanks for your brilliant work !
#9
15.1 Legacy Series / WiFi general quality
June 02, 2015, 10:25:41 PM
Hi,

Just a little info about WiFi testing.
For a start, a little reminder of what I am using as a test hardware :

Code Select
APU1D with Compex WLE200NX a/b/g/n miniPCI express radio card - chipset Atheros AR9280


There are some good news and some quite bad news...

Good news is that beside the interface detection problem, most settings are to be usable beside the "Strict Key Regeneration".

I have been testing 802.11 G, N, A and most of them seem to properly activate corresponding WiFi settings.

The bad news (yes - there is a bad news) is that there is a tremendous packet loss (due to my provider's link with google !!!).

Code Select
--- 8.8.8.8 ping statistics ---
50 packets transmitted, 50 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 11.032/12.233/14.751/1.067 ms


Only thing that I can tell is that at this stage OPNSense is ready to be used in a production environment using wireless devices which is not the case with pfSense AFAICT.

OPNSense works like a charm with 802.11 N

Important settings used :


  • Standard > 802.11na
  • 802.11g OFDM Protection Mode > Protection mode off
  • Channel > 11a/n
  • Antenna settings > Default
  • Regulatory settings > Default
  • Location > Indoor (don't want my brain to be fried yet)
  • Mode > Access Point
  • Minimum wireless standard > Any
  • Allow intra-BSS communication > Ticked
  • WPA > Enabled
  • WPA Mode > WPA
  • WPA Key Management Mode > Pre-Shared Key
  • Authentication > Open System Authentication
  • WPA Pairwise > Both



Congratulations !
#10
15.1 Legacy Series / Re: Wifi Configuration [Dirty Solved ;-)]
June 01, 2015, 11:21:55 AM
Hi Franco,

I can confirm the interface detection problem. I'll try to comment (if needed) the ticket you created.

This can be "worked around" in a bit dirty way... but if you need wireless to work rapidly, It'll fix your problem (as long as your WiFi card allows the creation of "instances" of interface / sub-interface -- most atheros cards do allow this).

You can go to > Interfaces > Assign > Wireless

Add an interface and map It to your card's interface (parent interface).
Select mode Access Point and save.

Add this interface in > Interfaces > Assign

The interface created should be "ok" - not really nice work around but It will work.



I have also noticed that bridging (as on pfSense) does not work reliably at all when you try to create a bridged network between your LAN and WLAN for example. Maybe the interface declaration will solve this.

Beside that testing of 802.11n seems ok - At least I was able to use that mode in a much more reliable way than with pfSense. Further testing needs to be conducted in order to validate that.


Gratefully Yours
#11
15.1 Legacy Series / Re: Wifi Configuration
May 28, 2015, 10:31:02 AM
Hi,

Don't really know where to report bug.

The default WLAN is not auto-detected, even though interface has been assigned.
I had to go through interface assign to assign a second interface (I am using Atheros device which allows this).

Normally the interface should have been detected as a WLAN Interface and allowed config to be done directly at interface level.

Code Select
May 28 08:07:53 OPNsense opnsense: /interfaces.php: The command '/sbin/ifconfig 'ath0_wlan0' inet6 -accept_rtadv' returned exit code '1', the output was 'ifconfig: interface ath0_wlan0 does not exist'
May 28 08:07:53 OPNsense opnsense: /interfaces.php: The command `/sbin/ifconfig 'ath0_wlan0' txcsum rxcsum -tso -lro -polling' failed to execute
May 28 08:07:53 OPNsense opnsense: /interfaces.php: The command `/sbin/ifconfig 'ath0_wlan0' alias '10.100.101.1/24'' failed to execute

Also after I managed to assign yet another interface - I had these errors :

Code Select
May 28 08:19:02 OPNsense opnsense: /interfaces_assign.php: The command '/sbin/ifconfig 'ath0_wlan1' mode ''' returned exit code '1', the output was 'ifconfig: SIOCSIFMEDIA (media): Device not configured'
May 28 08:19:02 OPNsense opnsense: /interfaces_assign.php: The command '/sbin/ifconfig 'ath0_wlan1' up mode '' protmode '' mediaopt hostap -mediaopt adhoc -hidessid -pureg -puren -apbridge -mediaopt turbo -wme authmode open wepmode off '

Pages1