Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - don_lemon

#1
Hi franco. I have question about VIRTIO support. Before I was start new post https://forum.opnsense.org/index.php?topic=8584.0 Do You have more detailed information about fully support of VirtIO NICS and IDS+IPS?  This support absent in related to the problem FreeBSD kernel + drivers or in OPNsense IPS service? By FreeBSD roadmap RELEASE announcement will be from 6 November 2018. I try to understant, it will be solve problem with VirtIO or we need to wait some updates from OPNsense team - dev + patching? If we need wait patching from OPNsense team like IPS patching - maybe do You have a plan, when it will be possible to solve this problem?

Regards,
#2
Thanks for operative answer. At now I'm will be free of mine to search bugs in suricata :D And I will pray and wait new FreeBSD and kernel version with full supporting VIRTIO :D

Regards
#3
Hi, all
I have problem with Intrusion Prevention System

When I try to use it OpnSense is closing all connections, all nics is in freeze state. Only via cloud console I can to stop suricata and all traffic go without problems. I think problem is in virtualization platform provider which use OpenStack by RHEL, which use only VIRTIO type of NICS. I was googled information about it. And if I right old solution was only one – use e1000 emulation driver or physical NIC. For me – there are no other choice of NIC types. So question is there are any way to use IDS + IPS on virtio types of NIC? If I right problem is in the kernel or drivers level.

In network interfaces settings I have disabled by manual:
hardware checksum offload
hardware TCP segmentation offload
hardware large receive offload

OpnSense have active NAT service

Current version
Versions   OPNsense 18.1.6-amd64
FreeBSD 11.1-RELEASE-p9
OpenSSL 1.0.2o 27 Mar 2018

I will hope that this bug can be solved :)

Regards