Messages

Would be nice if we can remove them or otherwise clear the results page though. also is there any guide on how to interpret the results?

My experience with suricata has been that whenever I get an alert, it is impossible for me to tell if it's a real issue because most of time the data is encrypted. So then I simply disable the alert as a false positive, and rinse and repeat for all new alerts.

Even if it's not encrypted, it's still a massive chore to figure out what it is...

Going to turn it off and look into crowdsec instead.

I just found out that opnsense will default to dnsmasq for dhcp sometime later this year. I'm hoping it has a more sensible semantics for static dhcp reservations and maybe even fix the dns registration flakiness that i experience from time to time.

Mine is set to default and it's still crashing. Any updates on a fix?

[Reporting -> Unbound DNS -> Details]

Hi,

I've set it up so unbound dns registers dhcp leases. It mostly works great, Reporting -> Unbound DNS -> Details shows hostnames instead of ips, and even Reporting -> Insight works as long as you tick Reverse Lookup.

However if you go into Reporting -> Insight -> Details, you only see ips instead of hostnames. This is true for many other parts of OPNsense as well, for example Services -> Intrusion Detection -> Administration -> Alerts.

Is it possible to have OPNsense display hostname in addition to IPs wherever possible? If this isn't possible, would this be a reasonable feature request? I have a bad memory and it's kind of annoying to have to keep going back to the leases table to see which device an IP belongs to :)

I filed https://github.com/opnsense/core/issues/8586 and referenced the old issue and also this discussion. Thanks!

First things first: static mappings are static, but if you want to provide a static IP address that is optional. However, the value of specifying a host name without an IP makes the static lease unusable from a DNS standpoint on the firewall. In this case only a dynamic lease can be registered as DNS. If the client accepts the hostname is also questionable.

In what way is it unusable? I created static leases without ip for all my clients, enabled dns registrations for both static and dynamic leases in unbound, and I'm able to resolve my custom hostnames (even if different from what the client reported) without issues. What does it mean for the client to "accept" the hostname?

I'm more concerned with the aesthetic issue of duplicate entries in the leases table: one dynamic with the ip and one static without the ip. Why can't these entries be merged?

To re-emphasize, it doesn't matter to me which clients get which IPs - what matters is that I can give them a hostname (in case they don't provide one) and a  description of what that device is.

AS an administrator you keep a list of all statically assigned devices and optionally handle a dynamic pool of dynamic devices. You can also use DHCP to assist with static assignments, but the approach doesn't change, e.g. 192.168.0.1-192.168.0.99 static "pool", 192.168.0.100-192.168.0.199 dynamic pool,192.168.0.200 - 192.168.0.254 strategic reserve ;)

I like this organization :)

I had tried to resolve the duplicate static/dynamic lease entries by deleting the dynamic lease entry and restarting the WiFi on that client. I thought that this would populate the static lease entry with an IP, but what it actually did was just bring back the dynamic lease entry. I have to double check this, but that's what I remember happening.

I don't actually care about specifying an IP. I just want to know which mac addresses are connected and to specify a hostname in case that client doesn't provide one. Oh, and also to deny unknown clients.

In case you leave the IP empty, the client will get an IP from the pool. You would use that if you want to "Deny unknown clients".

Does that mean the assigned IP is not actually static at all? Or will it always get the same IP? I think what confuses me is seeing TWO leases for the same client, one static and one dynamic. Is that not confusing to anyone?

Thank you Patrick. I believe you responded to several other posts about this same issue, so thank you for helping again :)

For a static mapping

- you must enter an IP address
- that IP address must be part of the same subnet but outside the dynamic pool range

Why does the help text mention the option of leaving the ip blank? Is there a reason to do this?

Hi,

My goal is to enable "Deny unknown clients" by adding all known clients to my DHCP Static Mapping list.

When creating a static mapping the help text for "IP address" says:

> If an IPv4 address is entered, the address must be within the interface subnet.
> If no IPv4 address is given, one will be dynamically allocated from the pool.

I took this to mean that if no ip address is given, one will be assigned by DHCP per usual, except now that it will always be the same. However, after adding this static lease with no ip, the leases table is still showing both a dynamic (with ip) and static lease (without ip). I tried deleting the dynamic lease and rebooting that machine, but the dynamic lease always comes back and the static lease remains without an ip. Why is this?

I then tried configuring the static lease with the client's current ip from the dynamic lease. This causes errors in the DHCP log since it sees the same ip for two different leases. I guess this is expected?

Finally, I tried configuring the static lease with an ip OUTSIDE of the dhcp range. This seems to work, but now I have to be careful not to assign the same IP as another device that has a truly statically defined ip, i.e. configured on its NIC. Is this the intended use case?

Almost one year later and I've been trying to debug this for almost an entire day. Thank you so, so much for this post!