Messages

I understand I should configure at least the two allow rules to divert traffic to suricata but what happens with the block rule? I do nothing?

If it is already blocked by the FW rule, it does not need to be diverted further.

Did you solve it?

Thank you for the hint 👍

I have the same issue after. (pppoe)

Hallo zusammen,

Ich habe an meiner OPNsense 22.1.4 insgesamt 3 WAN angeschlossen. 1x Starlink direkt für Hauptlast ohne den Atarlink Router. 1x 6MBit ADSL2+ Telekom PPPoE an Drytek Vigor 165. 1x 5-15MBit LTE per Mikrotik LTE Modem.

IPv6 und PPPoE laufen ja derzeit unter 22.x nicht so rund, außerdem habe ich mit PPPoE ein zusätzliches Problem dass seit Providerwechsel/Neueinrichten des PPPoE Device mein PPPoE Log nicht mehr angezeigt wird.

Man liest oft das man die PPPoE Einwahl und das setzen der VLAN ID 7 unbedingt durch die OPNsense machen lassen soll für "stabileren Betrieb". Aber eben auch ab und zu Beiträge das einige doch das Modem einwählen lassen und es funktioniert.

Ein Vorteil von OPNsense PPPoE und VLAN ID 7 ist, dass nur 1 Kabel zum Vigor benötigt wird um trotzdem auf dei Oberfläche zugreifen zu können.
Ein Nachteil von obiger Konfiguration ist (temporär) die derzeitigen Probleme bei IPv6 over PPPoE.

Was sind weitere Vorteile und Nachteile wenn ich OPNsense PPPoE/VLAN ID überlasse vs. Vigor 165 Modem einwählen lasse und die IPv4/IPv6 direkt am WAN Port anliegen habe.

Grüße

Manuel

Problem still persists even after four days and two reboots.

Hi,

today i had a provider change back to Telekom. With that the VLAN ID changed from 132 to 7. So i needed to delete the PPPOE device due to recreate/change of the VLAN device.
I created a new VLAN 7 (named VLAN01 now) interface and recreated PPPOE and assigned to WAN_DSL.
PPPOE is up and running. But the PPPOE Log file kept the old content from old PPPOE device with VLAN 132 interface. So i selected "Clear log". The log disappeared.

But now the Point-to-Point -> Log File section keeps being empty. (also after 2 reboots). No more recreation of log file.

How can i fix / recreate this pppoe log file?

Hi,

in 22.1.2_1 the option to enable debug output in DHCPv6 interface config is no longer present.
My already working configuration of running IPv6 on Starlink WAN adapter (and refreshing it by rtsol) stopped working. I do not receive any IPv6 configuration any more on this WAN port.
Even after several reboots of Startlink and OPNsense did not resolve the issue. Still only a IPv4 address on this WAN port. IPv4+IPv6 on WAN for LTE and WAN for DSL are still received.

Tried lowering the prefix hint from 56 to 64 (and back again to 56), toggled all 8 possibilities of Request only an IPv6 prefix / Send IPv6 prefix hint / Use IPv4 connectivity. No success.

I want to look into DHCPv6 communication on Starlink WAN port why it no longer receives a valid IPv6 address / prefix. How to do this without the debug setting? Only way of Packet Capture / tpcdump?

Hi,

included in 21.7.8 there was also an updated version of maltrail with version 0.40 updating from 0.37
I do not see any memory leak mentioned in release notes of maltrail since 0.37.

Did already someone try the new 0.40? Is the memory leak still persistent?

Best regards

Manuel

Every time when i try to run with 6.0.4 i see
<Notice> -- This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
then some warnings about unknown class types in emerging rules (also present in 6.0.3 log) and ~2 minutes later a
[101573] <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - opening devname netmap:ix0-2/R failed: Cannot allocate memory

On the 6.0.3 run at this point i would see all messages from opened netmap on my devices like:
[100831] <Notice> -- opened netmap:igb6/R from igb6: 0x1d272dfc000
[100831] <Notice> -- opened netmap:igb6^ from igb6^: 0x1d272dfc300
[100879] <Notice> -- opened netmap:igb6^ from igb6^: 0x1d275b03000
[100879] <Notice> -- opened netmap:igb6/T from igb6: 0x1d275b03300
[100882] <Notice> -- opened netmap:igb1/R from igb1: 0x1d277d86000
etc etc
[101552] <Notice> -- all 12 packet processing threads, 4 management threads initialized, engine started.
[101552] <Notice> -- rule reload starting

So on 6.0.4 i'm missing all this messages above as it crashes with out of memory before.

I have 16GB of RAM in this machine and ruleset / out of memory with Suricata was no problem until 6.0.4.
System is a dedicated 12 core Ryzen with 16GB RAM.

With 6.0.4 it crashes within 2-5 minutes. With 6.0.3 with same ruleset / same policy it runs weeks without issues and RAM usage is currently ~3,8GB of total 16GB for all services running (with Suricata 6.0.3 active). Im using OPNsense since 19.1.x

There is one main policies rule and 34 rule adjustments active. Using ET Telemetry (44 of 50), ET Open (8 of 8 ) and Abuse.ch (5 of 5) Rulesets. A total of 94400 rules are reported by system.

Since upgrade to 21.7.6 (from 21.7.5_2) Suricata process 6.0.4 crashes regularely. In logfile I see error e.g.:

suricata[70864]   [101573] <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - opening devname netmap:ix0-2/R failed: Cannot allocate memory

After that Suricata needs to be restarted. Memory usage of system during that crash was: 35 % ( 5732/16270 MB ), so plenty of space free...

A rollback to Suricata 6.0.3 via opnsense-revert -r 21.7.5 suricata resolves the issue with memory.

I created a custom configd action like recommended. And it works. Thank you for your fast replies.

https://docs.opnsense.org/development/backend/configd.html

In addition to my DLS and slow LTE line, I have also been using a Starlink connection for a few weeks. With IPv4, this works as desired.

IPv6 also works with the DSL provider and the LTE provider (unfortunately, you only get a 64 prefix with the DSL provider and no prefix at all with LTE, so not reasonably usable with multiple network segments).

Starlink IPv6 has a 56 prefix. However, the IPv6 connection always drops after a few minutes, so a regular call to /sbin/rtsol is necessary. Unfortunately, this can't seem to be set via System -> Cron in the GUI. Also I did not find a configuration option at the interface directly to accomplish this. So a custom CRON job entry via shell is necessary.

Therefore I log in directly to the OPNSense shell and edit the CRON jobs with CRONTAB -e. For this I add like the other existing lines the new line "*/2 * * * (/sbin/rtsol igb7) > /dev/null" and save with :wq. After that everything works as desired.  Until the next reboot of OPNSense. This entry is deleted every time, no matter if it is in the middle or as the last line. I must edit it every time after reboot again with CRONTAB -e.

Since Maltrail currently has the memory bug and the regular restart of the Maltrail sensor alone does not always help, it is currently more frequent reboots, which is then of course even more annoying.

How can I make this custom cron job permanent so that it survives a reboot (and maybe even shows up in the GUI under CRON)?

Tested it. Unfortunately with that "any" port it is allowing all ports for that device and that is a no-go.

Do I really need to duplicate all exiting rules in that interface with changing all exiting rules to "all devices except" and "default gateway" and add each a new rule "that device" and "DSL gateway"  :o :(