OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of don_lemon »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - don_lemon

Pages: [1]
1
18.7 Legacy Series / Re: 18.7 development milestones
« on: May 09, 2018, 10:57:06 am »
Hi franco. I have question about VIRTIO support. Before I was start new post https://forum.opnsense.org/index.php?topic=8584.0 Do You have more detailed information about fully support of VirtIO NICS and IDS+IPS?  This support absent in related to the problem FreeBSD kernel + drivers or in OPNsense IPS service? By FreeBSD roadmap RELEASE announcement will be from 6 November 2018. I try to understant, it will be solve problem with VirtIO or we need to wait some updates from OPNsense team - dev + patching? If we need wait patching from OPNsense team like IPS patching - maybe do You have a plan, when it will be possible to solve this problem?

Regards,

2
Intrusion Detection and Prevention / Re: OpnSense + IDS/IPS with virtIO
« on: May 03, 2018, 08:27:25 am »
Thanks for operative answer. At now I'm will be free of mine to search bugs in suricata :D And I will pray and wait new FreeBSD and kernel version with full supporting VIRTIO :D

Regards

3
Intrusion Detection and Prevention / OpnSense + IDS/IPS with virtIO
« on: May 02, 2018, 03:42:40 pm »
Hi, all
I have problem with Intrusion Prevention System

When I try to use it OpnSense is closing all connections, all nics is in freeze state. Only via cloud console I can to stop suricata and all traffic go without problems. I think problem is in virtualization platform provider which use OpenStack by RHEL, which use only VIRTIO type of NICS. I was googled information about it. And if I right old solution was only one – use e1000 emulation driver or physical NIC. For me – there are no other choice of NIC types. So question is there are any way to use IDS + IPS on virtio types of NIC? If I right problem is in the kernel or drivers level.

In network interfaces settings I have disabled by manual:
hardware checksum offload
hardware TCP segmentation offload
hardware large receive offload

OpnSense have active NAT service

Current version
Versions   OPNsense 18.1.6-amd64
FreeBSD 11.1-RELEASE-p9
OpenSSL 1.0.2o 27 Mar 2018

I will hope that this bug can be solved :)

Regards

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2