1
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
23.1 Legacy Series / Php80 dependancy issue
« on: March 08, 2023, 10:30:05 pm »
Just updated to 23.1.2 and saw this is update logs.
Is this known issue?
Do I need to fix?
Sorry for direct questions, I have no idea whether mongodb is even being used!
Is this known issue?
Do I need to fix?
Sorry for direct questions, I have no idea whether mongodb is even being used!
Quote
Message from opnsense-23.1.2:
--
I'm no chicken
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
php80-pecl-mongodb has a missing dependency: php80
>>> Missing package dependencies were detected.
>>> Found 1 issue(s) in the package database.
pkg-static: No packages available to install matching 'php80' have been found in the repositories
>>> Summary of actions performed:
php80 dependency failed to be fixed
>>> There are still missing dependencies.
>>> Try fixing them manually.
3
General Discussion / Re: How to upgrade crowdsec ?
« on: February 17, 2023, 04:02:58 pm »
Anyone aware of current delay?
```
WARN[17-02-2023 02:52:05 PM] Crowdsec is not the latest version. Current version is 'v1.4.3' and the latest stable version is 'v1.4.6'. Please update it!
```
https://www.freshports.org/security/crowdsec shows 1.4.3_3 done few days ago, but that's still nowhere near the 1.4.6 required to add collections......
```
WARN[17-02-2023 02:52:05 PM] Crowdsec is not the latest version. Current version is 'v1.4.3' and the latest stable version is 'v1.4.6'. Please update it!
```
https://www.freshports.org/security/crowdsec shows 1.4.3_3 done few days ago, but that's still nowhere near the 1.4.6 required to add collections......
4
General Discussion / Re: UDP Broadcast Relay
« on: September 14, 2022, 05:42:39 pm »
Hi All,
I have split my network into VLANs and am struggling to see Bonjour devices (else why would I be here? 😛 )
The 3 VLANs I am concerned with, that have Bonjour devices, are;
- VLAN1 - mgmt, 10.0.1.0/24
- VLAN10 - my devices, 10.0.10.0/24
- VLAN20 - service devices, 10.0.20.0/24
Main goal, at moment, is that I have an LG TV, advertising Apple TV, on VLAN20 that my iPhone on VLAN10 cannot 'see'.
I have installed and enabled the plugin as described for mDNS (running manually shows lots of '<-' and '->' lines, so mDNS traffic is being detected (?).
I currently have allow TCP any>any rules on each VLAN.
I have tried running a Bonjour browser on laptop, also VLAN10, and can see iPhone and other devices, all in VLAN10. But, nothing else.
Any help here would be greatly received 😀
EDIT - not sure how, but it seems VLAN10 sends to the broadcast address, and other VLANs send to their gateway?
SOLVED - For anyone else having similar issues in future;
- Installing the plugin and enabling on selected interfaces may be enough.
- The problems come when you have firewall blocking certain things. In my case this was the FireHOL block list which blocks RFC1918 networks, and AND 224.0.0.0/3 networks 😟
Adding a negation for these and it all magically works!
- No, seriously, it is magic and it is as easy as installing. Just be aware of what else you already have in place 😟
I have split my network into VLANs and am struggling to see Bonjour devices (else why would I be here? 😛 )
The 3 VLANs I am concerned with, that have Bonjour devices, are;
- VLAN1 - mgmt, 10.0.1.0/24
- VLAN10 - my devices, 10.0.10.0/24
- VLAN20 - service devices, 10.0.20.0/24
Main goal, at moment, is that I have an LG TV, advertising Apple TV, on VLAN20 that my iPhone on VLAN10 cannot 'see'.
I have installed and enabled the plugin as described for mDNS (running manually shows lots of '<-' and '->' lines, so mDNS traffic is being detected (?).
I currently have allow TCP any>any rules on each VLAN.
I have tried running a Bonjour browser on laptop, also VLAN10, and can see iPhone and other devices, all in VLAN10. But, nothing else.
Any help here would be greatly received 😀
EDIT - not sure how, but it seems VLAN10 sends to the broadcast address, and other VLANs send to their gateway?
SOLVED - For anyone else having similar issues in future;
- Installing the plugin and enabling on selected interfaces may be enough.
- The problems come when you have firewall blocking certain things. In my case this was the FireHOL block list which blocks RFC1918 networks, and AND 224.0.0.0/3 networks 😟
Adding a negation for these and it all magically works!
- No, seriously, it is magic and it is as easy as installing. Just be aware of what else you already have in place 😟
5
Zenarmor (Sensei) / Re: Benefits of zenarmor over suricata?
« on: August 06, 2022, 03:07:18 pm »
Thanks!
Does hyperscan work better for suricata on Protectli devices than the default?
Does hyperscan work better for suricata on Protectli devices than the default?
6
Zenarmor (Sensei) / Re: Benefits of zenarmor over suricata?
« on: August 05, 2022, 04:57:28 pm »
Thanks 😀 Pretty much what my reading had led to.
From zenarmor pages on opnsense, only interfaces listed are non-WAN ones. Yet, when linking to Cloud Portal, option appears to add WAN interface, too.
Is this advisable - to use zenarmor for both internal and external interfaces?
From zenarmor pages on opnsense, only interfaces listed are non-WAN ones. Yet, when linking to Cloud Portal, option appears to add WAN interface, too.
Is this advisable - to use zenarmor for both internal and external interfaces?
7
Intrusion Detection and Prevention / Re: IPS and throughput performance
« on: August 04, 2022, 10:28:30 am »
Found https://forum.opnsense.org/index.php?topic=6930.msg44740#msg44740 in my travels.
It does seem to cover the lists you provided, and more, in a smaller number of entries!
It does seem to cover the lists you provided, and more, in a smaller number of entries!
8
Intrusion Detection and Prevention / Re: IPS and throughput performance
« on: August 04, 2022, 01:44:53 am »Attempting to use emerging-web_client still tanks throughput though - guessing that is a ruleset issue.
Wow, I had same issue with throughput (1Gbps line with 146Mbps download). Tried removing this rule and instantly shot up to 934Mbps down! Good spot, thank you!
Between the Unbound DNS SBLs, a firewall drop alias for https://sslbl.abuse.ch/blacklist, http://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
And thanks for this too, I had the DNS blocks, but the lists are useful too 😀
EDIT: aren't those lists already in the ETPro Telemetry rulesets?
EDIT2: speed dropped shortly afterwards, so not necessarily down to that for me 😟
9
Zenarmor (Sensei) / Benefits of zenarmor over suricata?
« on: August 03, 2022, 09:57:52 pm »
Hi All
Pretty new here. Still trying to find my feet.
One question I have is around zenarmor and suricata solutions on OPNsense.
Could someone please let me know the benefits of both?
I am struggling to understand why I should use one over the other - do they provide same protection, are they complimentary to each other, etc
Any help greatly received 😀
Pretty new here. Still trying to find my feet.
One question I have is around zenarmor and suricata solutions on OPNsense.
Could someone please let me know the benefits of both?
I am struggling to understand why I should use one over the other - do they provide same protection, are they complimentary to each other, etc
Any help greatly received 😀
10
Virtual private networks / Re: WireGuard Road Warrior, no DNS resolution
« on: August 03, 2022, 09:16:38 pm »
Solved!
Simple update, don’t override domain with ‘local’ !!!
Changed domain overrides to ‘localdomain’, and everything works! Yay!
Simple update, don’t override domain with ‘local’ !!!
Changed domain overrides to ‘localdomain’, and everything works! Yay!
11
Virtual private networks / Re: WireGuard Road Warrior, no DNS resolution
« on: August 03, 2022, 05:41:16 pm »
hmmm, found an iOS DNS lookup tool - I do see DNS queries on unbound, but the client doesnt get a response;
EDIT:
An nslookup for yyy.local on my laptop doesnt return anything either 😟 doh!
However, an nslookup for zzz.local does, on both laptop and iOS - yet the web page on this device won't load on iOS 😟
EDIT2:
Damn typos! I entered wrong address - yyy.local does resolve on my laptop
Code: [Select]
2022-08-03T16:38:43 Informational unbound [7403:3] info: x.x.x.x yyy.local. MX IN
2022-08-03T16:38:43 Informational unbound [7403:2] info: x.x.x.x yyy.local. AAAA IN
2022-08-03T16:38:43 Informational unbound [7403:1] info: x.x.x.x yyy.local. A INEDIT:
An nslookup for yyy.local on my laptop doesnt return anything either 😟 doh!
However, an nslookup for zzz.local does, on both laptop and iOS - yet the web page on this device won't load on iOS 😟
EDIT2:
Damn typos! I entered wrong address - yyy.local does resolve on my laptop
12
Virtual private networks / Re: WireGuard setup required reboot, Unbound available on WAN
« on: August 03, 2022, 05:37:12 pm »
Hi,
We seem to be on the same path 😛
Do you have Unbound resolution from your WG client for external addresses AND local addresses? Or, like me, just external?
We seem to be on the same path 😛
Do you have Unbound resolution from your WG client for external addresses AND local addresses? Or, like me, just external?
13
Virtual private networks / Re: WireGuard Road Warrior, no DNS resolution
« on: August 03, 2022, 05:34:53 pm »
Still no joy here 😟
Access is almost perfect;
I can ping LAN hosts, and load web pages from them via IP.
I can route through LAN to outside (using allowed IP of 0.0.0.0/0), load web pages, etc without issue.
I can see DNS queries for external addresses from my WG client on my Unbound DNS service on OPNsense.
I dont see any queries for local addresses here.
I just don't seem to be able to resolve LAN IPs...
Access is almost perfect;
I can ping LAN hosts, and load web pages from them via IP.
I can route through LAN to outside (using allowed IP of 0.0.0.0/0), load web pages, etc without issue.
I can see DNS queries for external addresses from my WG client on my Unbound DNS service on OPNsense.
I dont see any queries for local addresses here.
I just don't seem to be able to resolve LAN IPs...
14
Virtual private networks / Re: WireGuard Road Warrior, no DNS resolution
« on: August 01, 2022, 10:21:01 pm »
Wow! Thanks for that link!!!
I was missing the port forward. For a 0.0.0.0/0 range I now get dns resolution on external addresses, but not internal 😟
I was missing the port forward. For a 0.0.0.0/0 range I now get dns resolution on external addresses, but not internal 😟
15
Virtual private networks / Re: WireGuard Road Warrior, no DNS resolution
« on: August 01, 2022, 09:52:27 pm »
Hi
Yeah, tried the WG interface as DNS and the LAN interface. Neither seems to work.
Yeah, tried the WG interface as DNS and the LAN interface. Neither seems to work.
Pages: [1] 2