Messages

Ahh, found this https://forum.opnsense.org/index.php?topic=32199.msg155621#msg155621

Just updated to 23.1.2 and saw this is update logs.

Is this known issue?
Do I need to fix?

Sorry for direct questions, I have no idea whether mongodb is even being used!

Message from opnsense-23.1.2:

--
I'm no chicken
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
php80-pecl-mongodb has a missing dependency: php80

>>> Missing package dependencies were detected.
>>> Found 1 issue(s) in the package database.

pkg-static: No packages available to install matching 'php80' have been found in the repositories
>>> Summary of actions performed:

php80 dependency failed to be fixed

>>> There are still missing dependencies.
>>> Try fixing them manually.

Anyone aware of current delay?

```
WARN[17-02-2023 02:52:05 PM] Crowdsec is not the latest version. Current version is 'v1.4.3' and the latest stable version is 'v1.4.6'. Please update it!
```

https://www.freshports.org/security/crowdsec shows 1.4.3_3 done few days ago, but that's still nowhere near the 1.4.6 required to add collections......

Hi All,

I have split my network into VLANs and am struggling to see Bonjour devices (else why would I be here? 😛 )

The 3 VLANs I am concerned with, that have Bonjour devices, are;
- VLAN1 - mgmt, 10.0.1.0/24
- VLAN10 - my devices, 10.0.10.0/24
- VLAN20 - service devices, 10.0.20.0/24

Main goal, at moment, is that I have an LG TV, advertising Apple TV, on VLAN20 that my iPhone on VLAN10 cannot 'see'.

I have installed and enabled the plugin as described for mDNS (running manually shows lots of '<-' and '->' lines, so mDNS traffic is being detected (?).

I currently have allow TCP any>any rules on each VLAN.

I have tried running a Bonjour browser on laptop, also VLAN10, and can see iPhone and other devices, all in VLAN10. But, nothing else.

Any help here would be greatly received 😀

EDIT - not sure how, but it seems VLAN10 sends to the broadcast address, and other VLANs send to their gateway?


SOLVED - For anyone else having similar issues in future;
- Installing the plugin and enabling on selected interfaces may be enough.
- The problems come when you have firewall blocking certain things. In my case this was the FireHOL block list which blocks RFC1918 networks, and AND 224.0.0.0/3 networks 😟
Adding a negation for these and it all magically works!
- No, seriously, it is magic and it is as easy as installing. Just be aware of what else you already have in place 😟

Thanks!

Does hyperscan work better for suricata on Protectli devices than the default?

Thanks 😀 Pretty much what my reading had led to.

From zenarmor pages on opnsense, only interfaces listed are non-WAN ones. Yet, when linking to Cloud Portal, option appears to add WAN interface, too.

Is this advisable - to use zenarmor for both internal and external interfaces?

Found https://forum.opnsense.org/index.php?topic=6930.msg44740#msg44740 in my travels.

It does seem to cover the lists you provided, and more, in a smaller number of entries!

Attempting to use emerging-web_client still tanks throughput though - guessing that is a ruleset issue. 

Wow, I had same issue with throughput (1Gbps line with 146Mbps download). Tried removing this rule and instantly shot up to 934Mbps down! Good spot, thank you!

Between the Unbound DNS SBLs, a firewall drop alias for https://sslbl.abuse.ch/blacklist, http://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

And thanks for this too, I had the DNS blocks, but the lists are useful too 😀

EDIT: aren't those lists already in the ETPro Telemetry rulesets?
EDIT2: speed dropped shortly afterwards, so not necessarily down to that for me 😟

Hi All

Pretty new here. Still trying to find my feet.

One question I have is around zenarmor and suricata solutions on OPNsense.

Could someone please let me know the benefits of both?

I am struggling to understand why I should use one over the other - do they provide same protection, are they complimentary to each other, etc

Any help greatly received 😀

Solved!

Simple update, don't override domain with 'local' !!!

Changed domain overrides to 'localdomain', and everything works! Yay!

hmmm, found an iOS DNS lookup tool - I do see DNS queries on unbound, but the client doesnt get a response;

Code Select Expand

2022-08-03T16:38:43 Informational unbound [7403:3] info: x.x.x.x yyy.local. MX IN
2022-08-03T16:38:43 Informational unbound [7403:2] info: x.x.x.x yyy.local. AAAA IN
2022-08-03T16:38:43 Informational unbound [7403:1] info: x.x.x.x yyy.local. A IN

EDIT:
An nslookup for yyy.local on my laptop doesnt return anything either 😟 doh!
However, an nslookup for zzz.local does, on both laptop and iOS - yet the web page on this device won't load on iOS 😟

EDIT2:
Damn typos! I entered wrong address - yyy.local does resolve on my laptop

Hi,

We seem to be on the same path 😛

Do you have Unbound resolution from your WG client for external addresses AND local addresses? Or, like me, just external?

Still no joy here 😟

Access is almost perfect;
I can ping LAN hosts, and load web pages from them via IP.
I can route through LAN to outside (using allowed IP of 0.0.0.0/0), load web pages, etc without issue.

I can see DNS queries for external addresses from my WG client on my Unbound DNS service on OPNsense.
I dont see any queries for local addresses here.

I just don't seem to be able to resolve LAN IPs...

Wow! Thanks for that link!!!
I was missing the port forward. For a 0.0.0.0/0 range I now get dns resolution on external addresses, but not internal 😟

Hi

Yeah, tried the WG interface as DNS and the LAN interface. Neither seems to work.