Messages

1

24.7 Production Series / Re: IPS/IDS filling my log file

« on: October 31, 2024, 06:23:09 pm »

Another one for your noise...

https://github.com/opnsense/plugins/pull/4228

Thanks! Subscribed to the issue. Hopefully it can get merged soon.

Edit: Just a few minutes after I posted this it was merged. Woot! Thanks all.

2

24.7 Production Series / Re: 24.7.7 - chronyd - excessive falseticker?

« on: October 30, 2024, 11:22:09 pm »

Turned out to be a hardware issue, but thanks for your reply!

3

24.7 Production Series / 24.7.7 - chronyd - excessive falseticker?

« on: October 25, 2024, 03:42:58 pm »

hi all - wondering if anyone else is seeing excessive falseticker notifications from chronyd since upgrading to 24.7.7 or if it's just me.

for several months my configuration has been: i have disabled ntpd, chrony is set up on port 123, with several upstream NTS peers.

since 24.7.7, most sources are frequently (talking at least 2-4 log lines per minute of the various upstream going falseticker - i have 5 configured) marked as falsetickers leading to lots of "can't synchronize: no majority" errors. looking back at the logs, it started yesterday, which is when i upgraded to 24.7.7.

seems to come and go - there will be a few minutes where everything is a falseticker, and then a few minutes where everything is syncing fine - using sources and tracking chronyd commands to keep on top of things.

seems to happen even with NTS disabled and using regular pool.ntp.org peers instead of NTS peers.

i also have zenarmor on the box, but not protecting the wan interface opnsense should be using to talk to the peers.

just wondering if anyone else is seeing this, if this is "normal" behavior, or maybe it's an indication my hardware might be dying...  or if i should just buy a gps ntp box?... no idea. perhaps it's just one of my peers being too out of sync with the others and not an opnsense issue at all. seems to be random which ones get marked as falsetickers though, and a lot of times they are all marked as falsetickers.

thanks!

4

Zenarmor (Sensei) / Re: ZenArmor 1.17 broken Live sessions view from Blocks report tab

« on: April 24, 2024, 08:26:15 pm »

Hi,

Sorry for the inconvenience. The team is working on it and the fix will be shipped with 1.17.2 maintenance release.

No problem, thanks for the update!

5

Zenarmor (Sensei) / Re: ZenArmor 1.17 broken Live sessions view from Blocks report tab

« on: April 24, 2024, 08:03:56 pm »

Updated to 1.17.1.

Did this resolve for you with 1.17.1? I have updated to 1.17.1 and am still seeing the issue.

6

Zenarmor (Sensei) / Re: ZenArmor 1.17 broken Live sessions view from Blocks report tab

« on: April 24, 2024, 05:51:55 pm »

I am seeing the same and have opened a ticket. For me it's impacting all "Live sessions" drill-downs from the reports tab - not just Blocks. If you go to DNS tab, and do "live sessions" on a device there, it will show all that device's traffic and not just DNS traffic from that device, for example.

7

Zenarmor (Sensei) / Re: Zenarmor 1.14: External Elastic database - no data available in reports

« on: August 08, 2023, 05:19:47 pm »

For me the patch has not corrected the fact that with an external elasticsearch database, I am still unable to see any traffic reports.

Status:
- in the settings/configuration page
    - reporting database  - elasticsearch (remote) - cannot be changed either when the engine is running or stopped
     - the field "remote url" does not contain the port information, adding it it says "saved" nd after a page reload it is gone

- in the settings data management page
     - stream reporting data to elasticsearch - I have configured the url and enabled it.

- in the dashboard page
     - regardless of the setting of the stream reporting data to elasticsearch - the setting Reporting database shows "elasticsearch". If I click on start, it shows someting starting and there is an elasticsearch locally running on the firewall.

Next step - removing the module completely and installing again.

I will try and open a ticket with Zenarmor as well.

I am having the same issues.

edit: ZA support claims a known issue w/ remote ES and another hotfix will be released today.

8

Zenarmor (Sensei) / Re: TLS inspection question

« on: January 27, 2023, 01:11:17 am »

Awesome! Looking forward to this.

9

22.7 Legacy Series / Comcast IPv6 broken after reboot. WAN release / renew resolves

« on: January 08, 2023, 05:04:03 pm »

I have been dealing with an annoyance for several months now. Every time my OPNsense box reboots, IPv6 routing to the internet is broken until I release/renew the WAN interface. Internal routing seems to work just fine. I have a /60 from Comcast. Can be working fine for weeks, do a reboot, IPv4 comes back fine, WAN interface has an IPv6 address, but clients can't route out. Was wondering if anyone has seen similar and knows what the hell is going on, or can point me in the right direction. I've seen others report this but not sure I've seen a solve. Thanks in advance

Details:

OPNsense 22.7.10_2-amd64
WAN interface configured for DHCPv6 in Basic mode, with prefix delegation hint sent at /60
Internal clients configured for Track Interface tracking the WAN interface
Router advertisements configured for Managed, router priority High. RA mode "Assisted" also has issue. Advertise default gateway is checked.

Similar thread from pfsense 6 years ago - https://www.reddit.com/r/PFSENSE/comments/6gk5np/issue_with_comcast_ipv6_requires_dhcp/

Code: [Select]

me@opnsense:/var/etc % cat dhcp6c.conf
interface ixl3 {
  send ia-na 0; # request stateful address
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
  prefix ::/60 infinity;
  prefix-interface vlan0.1.2 {
    sla-id 2;
    sla-len 4;
  };
  prefix-interface igb0 {
    sla-id 0;
    sla-len 4;
  };
};

me@opnsense:/var/etc % cat dhcp6c_wan.conf
interface ixl3 {
  send ia-na 0; # request stateful address
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
  prefix ::/60 infinity;
  prefix-interface vlan0.1.2 {
    sla-id 2;
    sla-len 4;
  };
  prefix-interface igb0 {
    sla-id 0;
    sla-len 4;
  };
};

me@opnsense:/var/etc % cat radvd.conf
# Automatically generated, do not edit
# Generated for DHCPv6 server opt4
interface vlan0.1.2 {
AdvSendAdvert on;
MinRtrAdvInterval 120;
MaxRtrAdvInterval 600;
AdvLinkMTU 1500;
AdvDefaultPreference high;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix my:ipv6:prefix:382::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
};
RDNSS fd4e:9ee1:fc79:4db6:a4ab:44ff:feac:c11d {
};
DNSSL lan {
};
};
# Generated config for dhcp6 delegation from wan on lan
interface igb0 {
AdvSendAdvert on;
AdvLinkMTU 1500;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix my:ipv6:addr:prefix::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
};
RDNSS my:external:ipv6:address:of:the:wan:interface { };
DNSSL lan { };
};


10

Zenarmor (Sensei) / Re: Zenarmor modifying OPNsense config multiple times a day

« on: December 15, 2022, 04:34:58 pm »

I filed a bug report over the weekend and today I got the following response:

"The team is working on it to decrease the config change messages. It will be shipped with the upcoming release most probably at next week."

So that's a good sign!

11

Zenarmor (Sensei) / Re: Zenarmor modifying OPNsense config multiple times a day

« on: December 14, 2022, 11:15:31 pm »

I am also having this issue