Messages

1

Intrusion Detection and Prevention / Re: IPS only shows allowed actions in alerts

« on: March 01, 2019, 07:49:03 am »

Hello together
I never managed to get IPS up and running on 18.7.9 and suricata 4.0.6. I still only see "Action allowed" in the Alert tab of  Intrusion Detection Administration whatever rules (abuse and some opnsense) I have activated. Hardware Offloading on NIC is disabled and WAN and even LAN interface is activated.

Any idea to get also some drop actions?

Thank you very much for your help.

Manuel

2

Intrusion Detection and Prevention / Re: IPS only shows allowed actions in alerts

« on: January 30, 2019, 08:35:29 am »

Hello xmichielx
Thank you very much for your answer. So only LAN instead of WAN should be selected in Settings --> interfaces  ? I currently only have WAN interface according to the opnsense Wiki selected.

I'll try this asap.

Greetings Manuel

3

Intrusion Detection and Prevention / IPS only shows allowed actions in alerts

« on: January 23, 2019, 09:25:36 am »

Hello
I'm still on 18.7.9 and Suricata 4.0.6. I followed the instructions on https://wiki.opnsense.org/manual/how-tos/ips-feodo.html and downloading all abuse.ch rules daily via cron. I also enabled them and changed Filter to drop. If I check my alerts I only can find log entries with action allowed. I can't find not one blocked action. Strange.

Does my IPS really do his job? How can I test it and force a blocked action?

Thank you very much for your help.

Greetings,
Manuel

4

18.7 Legacy Series / Re: Update to 18.7.10 broke my WAN Interface on apu2

« on: January 12, 2019, 01:00:01 pm »

Hello Franco
Yes, on my box IDS and IPS is enabled on WAN interface only.

Managed to update from 18.7 to 18.7.9 and WAN problems are gone. My internet connection to ISP is stable since some days.

Sorry that I can't assist you anymore but I couldn't find any error entries in dmesg or system.log when loosing IP address on WAN interface igb1.

Regards Manuel

5

18.7 Legacy Series / Re: Update to 18.7.10 broke my WAN Interface on apu2

« on: January 10, 2019, 12:26:50 pm »

Hello Franco
Thank you for your detailed answer. I'll try this this evening.

Really appreciate your help and work.

Greetings Manuel

6

18.7 Legacy Series / Re: Update to 18.7.10 broke my WAN Interface on apu2

« on: January 10, 2019, 10:35:04 am »

Hello Franco
Thank you very much for your explanation.

# opnsense-revert -r 18.7.9 opnsense

Didn't work for me and produced a

# Fetching opnsense.txz: .. failed

Maybe because of missing internet connection?

I still don't get the point how to upgrade from 18.7 to 18.7.9 now. Sorry about that.

Yes you're right, WAN DHCP does not keep its designated IP. That's the problem.

I also checked system.log after upgrading to 18.7.10 but couldn't see any hint why WAN is losing its IP address. Unfortunately I had to go back to 18.7 because I can't live without internet and I don't have another apu2 to play with.

Maybe someone else could provide more info out of log files to investigate this issue.

Thank you very much for your help I'm really a big big fan of opnsense! Very good work.

Greetings Manuel

7

18.7 Legacy Series / Re: Update to 18.7.10 broke my WAN Interface

« on: January 09, 2019, 09:42:08 pm »

Hello
Made a fresh new 18.7 installation this evening restored backup and WAN IP seems to be stable. How can I now update from 18.7 to 18.7.9. The GUI wants to upgrade directly to 18.7.10. I can't select 18.7.9.

I even tried on the shell with opnsense-upgrade -r 18.7.9 but even then it seems that it will go directly to 18.7.10.

Code: [Select]

root@OPNsense:~ # opnsense-update -r 18.7.9
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (101 candidates): 100%
Processing candidates (101 candidates): 100%
The following 85 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py27-yaml: 3.13
        squid3: 3.5.28_1
        radvd1: 1.15

Installed packages to be UPGRADED:
        ...
        pcre: 8.42 -> 8.42_1
        os-dyndns: 1.8 -> 1.11
        opnsense-update: 18.7 -> 18.7.10
        opnsense-lang: 18.1.7 -> 18.7.8
        opnsense: 18.7 -> 18.7.10
        openvpn: 2.4.6_1 -> 2.4.6_3
        openssl: 1.0.2o_4,1 -> 1.0.2q,1
        openssh-portable: 7.7.p1_6,1 -> 7.9.p1_1,1
        openldap-sasl-client: 2.4.46 -> 2.4.47
        ntp: 4.2.8p11_2 -> 4.2.8p12_3
        ...

Thank you for your help.

Greetings Manuel

8

18.7 Legacy Series / Update to 18.7.10 broke my WAN Interface on apu2

« on: January 09, 2019, 07:12:07 am »

Hello friends
I'm having two different opnsense installation in two different location each on a apu2d4 which are both connected to a cable modem and the same provider. One box was update to 18.7.10 automatically this Monday 7th January. The second box still has 18.7.9 installed and is working fine.

After updating to 18.7.10 I don't get anymore an IP address on the WAN interface from my provider via DHCP. If I reboot the firewall and go to the dashboard I can see an IP from the range of my provider for a couple of seconds. After that, the IP is gone and I have only 0.0.0.0 and at the end there is no IP at all.

I rebooted opnsense several times and also my cable modem. No luck. I also tried to downgrade with

opnsense-revert -r 18.7.9 opnsense

but then I only get a

Fetching opnsense.txz: .. failed

I checked the release notes from 18.7.10. There are some changes in the code for the interfaces.

I attached my kernel message log and also some ifconfig commands. igb0 is my internal interface and igb1 for WAN.

Thank you very much for your help.

Regards Manuel

9

General Discussion / Re: OpenVPN Connection Status to Grafana

« on: October 18, 2018, 08:32:55 pm »

Hello mimugmail
Thank you very mucht that would be great.

Greetings Manuel

10

18.7 Legacy Series / Re: idea filebeat / metricbeat

« on: October 02, 2018, 09:39:53 am »

Hello JetA
That would be perfect! Very good idea!

Regards Manuel

11

18.7 Legacy Series / IDS and IPS

« on: October 02, 2018, 09:29:42 am »

Hello
I enabled IPS/IDS according to the howto "IPS SSLBlacklists & Feodo Tracker". Enabled all abuse.ch rulesets and set filter to drop. If I check the alerts tab I only see actions which were allowed. Do I have to edit each action manually and change configured action from alert to drop?

2018-10-02T09:17:28.703243+0200   allowed   WAN   80.218.168.190   53516   23.205.182.44   443   SURICATA STREAM Last ACK with wrong seq   
2018-10-02T08:43:02.760728+0200   allowed   WAN   80.218.168.190   60441   203.119.201.255   443   SURICATA TLS error message encountered   
2018-10-02T08:43:02.252406+0200   allowed   WAN   203.119.201.255   443   80.218.168.190   60441   SURICATA Applayer Detect protocol only one direction   
2018-10-02T08:43:02.252406+0200   allowed   WAN   203.119.201.255   443   80.218.168.190   60441   SURICATA TLS error message encountered

I expected that if I change the Filter Action of the rulesets to drop that they will be dropped automatically.

Thank you very much for your help.

Regards Manuel

12

18.1 Legacy Series / Re: WAN Interface down after reboot of modem

« on: September 24, 2018, 03:06:43 pm »

Hello Bart
Thank you very much for your answer. I'll try this next time.

Does anybody know how opnsense behaves if wan port goes down? Does opnsense try to reopen the WAN port for some time until it times out? After this time out the only way would be to disable/enable wan interface or reboot the whole box?

Regards Manuel

13

18.1 Legacy Series / WAN Interface down after reboot of modem

« on: September 24, 2018, 09:53:12 am »

Hello
Today we had a problem on the ISP and had to reboot the modem which is connected to my opnsense box. Unfortunately the WAN interface didn't come up again after rebooting the modem. Does opnsense try to open the WAN port several times until it times out and then give up?

Because I like long uptimes very much I hate to reboot my opnsense FW. Is there a way without rebooting it through the GUI to bring up WAN Interface again without rebooting it?

Thank you very much for your hints.

Manuel

14

General Discussion / OpenVPN Connection Status to Grafana

« on: August 17, 2018, 06:14:20 pm »

Under VPN --> OpenVPN --> Connection Status there is a really nice statistics about every user bytes sent and bytes received. Is there a way to send this information via collectd to grafana?

Thank you for your answer.

Manuel

15

General Discussion / Manual changes in /usr/local/etc/collectd.conf

« on: August 17, 2018, 06:51:47 am »

Hello
Did some manual changes in  /usr/local/etc/collectd.conf  to add openvpn plugin in collectd.conf. After reboot of opnsense my changes were gone. Are there any plans to add an "Advanced" field also in collectd
to simply appended to /usr/local/etc/collectd.conf?

There was already a thread https://forum.opnsense.org/index.php?topic=6072.0 about this matter.

Thank you for your answer.

Regards Manuel