Messages

1

Zenarmor (Sensei) / Re: 1.14 - Confusing database configuration?

« on: August 25, 2023, 04:49:13 pm »

This is still a complete mystery to me - anyone know?  I've done a complete uninstall/reinstall and it's working now in general, but this configuration still makes no sense to me.

2

Zenarmor (Sensei) / Re: Policy matching questions

« on: August 25, 2023, 04:48:32 pm »

FWIW - to answer my own question.  This seems like it was somehow a bug caused by the 1.14 upgrade.  I see now the documentation says it's explicitly an AND condition, which I didn't see before.  I had to do a complete uninstall/reinstall of Zenarmor with 1.14 for other bugs, and suddenly the policies started matching correctly afterwards. 

3

23.7 Legacy Series / Re: 23.7.2/os-ddclient 1.15 - No route53?

« on: August 24, 2023, 09:05:18 pm »

Config naming is a little confusing too in username vs access key, especially that host is FQDN, but works!  Can officially retire legacy ddclient, thanks all.

4

23.7 Legacy Series / Re: 23.7.2/os-ddclient 1.15 - No route53?

« on: August 24, 2023, 08:53:08 pm »

Ahh ha, that was it.  I saw the mention of 'native' but didn't realize it was a non-default setting that needed to be done.  Thanks!

5

23.7 Legacy Series / 23.7.2/os-ddclient 1.15 - No route53?

« on: August 24, 2023, 07:43:39 pm »

So in the 23.7.2 announcement it says Route53 was added as a backend to ddclient, and points to the 1.15 change log.  However, after upgrading, I do not see Route53 listed as a backend.  Is it pending an update to the front-end to expose it?

6

Zenarmor (Sensei) / Policy matching questions

« on: August 10, 2023, 05:17:26 pm »

Is the policy matching rule evaluation listed somewhere?  I read through the documentation, but can't find how it actually combines evaluations.

I presently have it set to an interface, with a vlan specified, and then a specific subnet of IPs.

However, it seems to match all traffic on that vlan, ignoring the specified IP subnet.  I'd expect these to be evaluated with && not || - is that wrong?

7

Zenarmor (Sensei) / 1.14 - Confusing database configuration?

« on: August 10, 2023, 05:16:11 pm »

With 1.14, there are two panes with seemingly redundant configuration options.

I use remote elastic DB - in settings->configuration, I configure the remote reporting database as elastic.

In settings->data management, I then configure it again, though slightly differently.

It appears to be working, except that in data management, it indicates that it isn't working with '200 remote database connection failed'.

I have data in the dashboard/reports/etc though, so I'm pretty sure it is working, and this configuration is just.. wrong? broken? does something else but has the same name?


Also, please get rid of the annoying sidebar balloons.  They're asking me to submit feedback every time I click on Zenarmor - my feedback is that is super annoying and also is not consistent with the OPNsense UI.  I have no interest in the cloud portal, which is why it's turned off.  Nagging me every single time I use it is not improving your situation there.

8

Zenarmor (Sensei) / Re: OPNsense upgrade failure with Zenarmor (23.1.7)

« on: June 02, 2023, 06:35:39 pm »

How would you solve the issue via a remote session for an upgrade failure?  Doesn't make much sense in the approach. 

I understand it as a general policy to troubleshooting, but can't see how it's relevant for this one.

It's also a bit of an uncomfortable approach with a firewall device.

9

Zenarmor (Sensei) / Re: OPNsense upgrade failure with Zenarmor (23.1.7)

« on: June 02, 2023, 04:36:49 pm »

Submitted a bug, got a blow off "we can't reproduce, go away" response.  Meh - think it's best to just avoid using Zenarmor in the future.

10

Zenarmor (Sensei) / Re: OPNsense upgrade failure with Zenarmor (23.1.7)

« on: May 22, 2023, 02:51:49 pm »

I was upgrading from 23.1.6

11

Zenarmor (Sensei) / Re: OPNsense upgrade failure with Zenarmor (23.1.7)

« on: May 19, 2023, 08:01:40 pm »

I do use Suricata as well,  but obviously on different interfaces.

There is no such log file on my host, only a zenarmor_updates.json

12

Zenarmor (Sensei) / OPNsense upgrade failure with Zenarmor (23.1.7)

« on: May 16, 2023, 08:25:19 pm »

I don't have too much information to really provide on this.  However, when performing the upgrade to 23.1.7 today, it reached upgrading Zenarmor/os-sensei to 1.13.  At this point it gave a message that it was saving state as it was running, and then "Waiting for PIDs: ..." - at this point the opnsense system went entirely unreachable and stopped forwarding traffic entirely.  After waiting for several minutes in this state, I had to use out of band console to go in and kill all eastpect processes, at which point the OPNsense system functioned again.

13

22.7 Legacy Series / Re: AcmeClient upload_sftp debugging

« on: November 11, 2022, 02:41:44 pm »

Yeah, that's not the issue here, because the upload_sftp script works if I call it manually.  I ran into that same problem with ESXi - I believe it's because it can't chmod.  This is just a plain jane Ubuntu 22.04 server it's uploading to.  Very odd.

14

22.7 Legacy Series / Re: AcmeClient upload_sftp debugging

« on: November 09, 2022, 10:02:00 pm »

Gives me a green OK result.  Pretty sure it's calling the upload_sftp script with the test params, which also work.  Just running the automation only ever produces that one configd log line and nothing else, which is very odd. 

15

22.7 Legacy Series / Re: AcmeClient upload_sftp debugging

« on: November 09, 2022, 03:08:22 pm »

Any thoughts?  I actually added some messages to try and debug, but they don't fire when run via the web gui or automatically.  Makes me think that whatever is supposed to actually call the script is doing something wrong - but I'm not exactly sure of that process flow.