Messages

So, if this mode may be associated with a specific PF rule, how can I inspect normal browsing traffic (HTTP/DNS/FTP)?
I mean, in IPS/IDS mode I can just test Suricata with "curl http://testmynids.org/uid/index.html" and I see the alert, but this won't happen in Divert mode.

Well, they removed it just to rename the whole thing without "wg" in the name.
Port is available:

https://www.freshports.org/net/amnezia-tools/
https://www.freshports.org/net/amnezia-kmod/

Can it be supported in OPNsense?

Suricata can function as an IPS with PPPoE without any problems, you just need to make a few modifications:

- Configure the WAN interface as none (IPv4 Configuration Type none)

- Add a new OPT interface with the PPPoE configuration just like it was a WAN PPPoE.

- Configure Suricata as IPS on WAN.

There's another action you should take with this scenario:
You have to manually add your public IP address to IDS (advanced mode) --> "Home Networks"

Almost in my case, there's a huge difference in triggered alerts, just try with and without it, and take a look in Alerts.

Hi Franco.

Just a question related to netmap and his improvement.
Is anybody working to match netmap with PPPoE and trying to solve Suricata (netmap) IPS not working at all?

The way you told us "Zenarmor and OPNsense have been working with Klara to bring netmap improvements to FreeBSD" made me think its possible that someone is working on it.

https://forum.opnsense.org/index.php?topic=19740.msg92114#msg92114

Thanks for your time.
Cheers.