Messages

Hi franco. I have question about VIRTIO support. Before I was start new post https://forum.opnsense.org/index.php?topic=8584.0 Do You have more detailed information about fully support of VirtIO NICS and IDS+IPS?  This support absent in related to the problem FreeBSD kernel + drivers or in OPNsense IPS service? By FreeBSD roadmap RELEASE announcement will be from 6 November 2018. I try to understant, it will be solve problem with VirtIO or we need to wait some updates from OPNsense team - dev + patching? If we need wait patching from OPNsense team like IPS patching - maybe do You have a plan, when it will be possible to solve this problem?

Regards,

Thanks for operative answer. At now I'm will be free of mine to search bugs in suricata :D And I will pray and wait new FreeBSD and kernel version with full supporting VIRTIO :D

Regards

Hi, all
I have problem with Intrusion Prevention System

When I try to use it OpnSense is closing all connections, all nics is in freeze state. Only via cloud console I can to stop suricata and all traffic go without problems. I think problem is in virtualization platform provider which use OpenStack by RHEL, which use only VIRTIO type of NICS. I was googled information about it. And if I right old solution was only one – use e1000 emulation driver or physical NIC. For me – there are no other choice of NIC types. So question is there are any way to use IDS + IPS on virtio types of NIC? If I right problem is in the kernel or drivers level.

In network interfaces settings I have disabled by manual:
hardware checksum offload
hardware TCP segmentation offload
hardware large receive offload

OpnSense have active NAT service

Current version
Versions   OPNsense 18.1.6-amd64
FreeBSD 11.1-RELEASE-p9
OpenSSL 1.0.2o 27 Mar 2018

I will hope that this bug can be solved :)

Regards