Messages

Moin,
ich wollte gerne suricata nutzen um das WAN Interface per IPS zu überwachen. Ich habe eigentlich alles soweit ich meine an Einstellungen übernommen.
Er scheint auch was zu tun, da die CPU Last deutlich hochgeht, wenn ich IPS aktiviere. Aktiviere ich unter Policies zu viele Rulesets, stürzt der Dienst ab.

Unter Downloads habe ich alles heruntergeladen bis auf die opnsense-app Einträge.
Die Rules sind Standard und alles auf "Alert". User defined ist leer.
Der Schedule ist alle 4 Stunden aktiv.

Die Test EICAR Files lädt er ohne zu Meckern runter. Die Rule Adjustments unter Policies sind alle auf Alert.

An sich sollten ja die Rulesets mit dem drop greifen und nicht die Rules selbst korrekt?
Die Logfiles sind leer bzw. zeigen keine Alerts oder Drops an.

Hat jemand eine Idee, was ich falsch mache?


EDIT: Liegt es vielleicht daran, dass ich mich per PPPoE einwähle? Sonst müsste sich mein Draytek Modem einwählen... bei manchen scheint es aber auch per PPPoE zu gehen.

High CPU is back, looks like suricata has some problems.

ssh -> kill suricata fixed it for me.

I went back to 22.7.5 but nothing changed.

perhaps there is a faulty packet

I think its suricata with 200% wcpu. I'm not able to stop the service.

After yesterday's update my CPU is permanently in idle at min 50% before it was 0-1%.
Is there an easy way to downgrade?

22.7.7_1 also

See attachments.

Currently it is an inverted pass rule. Ill try it

Hello,
I switched to OPNsense and actually everything is working so far except for the guest network/wifi (vlan 30).
The rules were created according to various templates and are correct in my opinion. Switch ports are set to ALL.

I currently have 2 rules for guest. 1) allow DNS 2) !RFC1918
dhcp uses my two piholes 10.10.10.3 and 10.10.10.4
LAN network works with these DNS without problems

When I create a guest any rule, it does not work either. The devices get a correct ip of the guest network and show my dns server

I hope someone has an idea why it does not work.

Hi,
I want to replace my UDM PRO due to crappy firmware and have been looking for hardware to use for a long time.

Since I would like to be future-proof on the road, I wanted to put something together myself.
I first had the IPU systems in mind but since I would like to have SFP+ slots, I discarded the idea again.

The OPNsense hardware I find quite expensive for 8GB RAM etc..

Since I still have space in the server rack, I wanted to use a short 2U server case. The server rack is currently located in the apartment, the router must not be too noisy. That's why I wanted to go to 2U and install a quiet cooling.
Hardware I had imagined the following for 1GBit PPPoE IPS and more:

CPU: i3/i5 10xxx or Ryzen 5/7
(m)ATX board
16 GB RAM
SSD
Intel 4x1GBit NIC + 2x1 GBit SFP
and free slots for more SFP+ cards

This should be more than enough for OPNsense and maybe 10GBit in future. Power saving would also not be bad (pay attention to my proxmox system).
_______________________________

For Proxmox I currently use the following system:

ASRock X300
Ryzen 5 4650G
64 GB RAM

10-15 watts consumption at 1-2% load for 8 LXC and 2 VMs. Therefore I would like to use Ryzen.
_______________________________

Does anyone have any tips on what hardware might be better? I would like to spend around $800€.