Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - zaggynl

Pages: [1]

19.1 Legacy Series / OPNsense 19.1.7 release thread

« on: May 02, 2019, 06:22:56 pm »

19.1.6 to 19.1.7 Update went OK for me, reboot was quick.

Edit: it rebooted twice? showed rebooting in UI, then dashboard 19.1.7, then rebooted again, second time took longer.

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: March 22, 2019, 12:45:35 pm »

Quote from: mimugmail on March 21, 2019, 02:34:44 pm

Overrides can also be done via dnscrypt-proxy if you need them. Also Adblocking is now available vial the plugin itself.

Thanks.
Had a look at using dnscrypt-proxy alone but the webui of pihole proved to be more featured.

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: March 21, 2019, 12:40:53 pm »

Quote from: franco on March 20, 2019, 09:23:16 pm

I'm guessing same Unbound problem as Bind has:

> When you are using Overrides in Unbound you can not use ``do-not-query-localhost``.

Cheers,
Franco

Thanks for the reply, I have a number of Overrides, after removing the do-not-query-localhost line Unbound starts!

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: March 20, 2019, 08:59:24 pm »

I'm running into the same issue.
I can enable and start Unbound but it will not start after adding Advanced Settings part per: https://wiki.opnsense.org/manual/how-tos/dnscrypt-proxy.html

Code: [Select]

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353

No error messages appear in webui or log.
I can start unbound from shell with -d -v, it shows no errors at that time in shell or in ui log.

Goal is to forward incoming requests to my pihole VM, which should get its DNS replies from dnscrypt on opnsense.

19.1 Legacy Series / Re: OPNsense 19.1 released update!

« on: January 31, 2019, 08:50:04 pm »

No issues after installing, only took a couple minutes longer than usual.

18.7 Legacy Series / Re: Outbound NAT on LAN interface fails after upgrade to 18.7

« on: November 27, 2018, 03:08:02 pm »

I'm experiencing this in 18.7.8, had to change port alias to port number before Port Forward rule worked again.

General Discussion / Re: CVE-2018-17156 Ping vulnerability? Is Opnsense affected?

« on: November 10, 2018, 10:57:37 am »

Thank you, good to hear.

General Discussion / CVE-2018-17156 Ping vulnerability? Is Opnsense affected?

« on: November 09, 2018, 04:32:09 pm »

Details in here: https://www.reddit.com/r/BSD/comments/9v6xwg/remotely_triggerable_icmp_buffer_underwrite_in/

18.7 Legacy Series / Re: Challenge: Alert on Firewall block - is this possible currently?

« on: October 18, 2018, 10:20:24 pm »

-Backed up config
-Reset to defaults
-Restored config
-no more duplicate pings but still no IDS warnings or blocking

18.7 Legacy Series / Re: Challenge: Alert on Firewall block - is this possible currently?

« on: October 13, 2018, 12:17:45 pm »

Changed IDS settings to below, enabled syslog alerts, changed interfaces to LAN only

Dashboard shows Suricata running:

Ping stats look weird:
Rutube.ru

Code: [Select]

64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=1 ttl=57 time=851 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=2 ttl=57 time=9.70 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=1 ttl=57 time=1853 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=9.53 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=70.9 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=941 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=4 ttl=57 time=9.74 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=1161 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=4 ttl=57 time=953 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=2319 ms (DUP!)

Google DNS:

Code: [Select]

64 bytes from 8.8.8.8: icmp_seq=13 ttl=122 time=2.76 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=122 time=1344 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=11 ttl=122 time=2679 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=13 ttl=122 time=903 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=14 ttl=122 time=2.76 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=122 time=2156 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=13 ttl=122 time=1160 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=12 ttl=122 time=2394 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=11 ttl=122 time=3779 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=13 ttl=122 time=1802 ms (DUP!)

Edit:
Ping results returned to normal after disabling IDS:

Code: [Select]

64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=38 ttl=57 time=10.1 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=39 ttl=57 time=9.57 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=40 ttl=57 time=9.62 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=41 ttl=57 time=9.66 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=42 ttl=57 time=9.74 ms

18.7 Legacy Series / Re: Challenge: Alert on Firewall block - is this possible currently?

« on: October 12, 2018, 03:02:20 pm »

bump

18.7 Legacy Series / Re: Challenge: Alert on Firewall block - is this possible currently?

« on: October 07, 2018, 08:05:30 pm »

Thanks for the reply, I tried below settings but a ping to for example rutube.ru does not get blocked by IDS, whereas it does with Firewall rules:

18.7 Legacy Series / Challenge: Alert on Firewall block - is this possible currently?

« on: October 05, 2018, 09:10:52 pm »

So first I tried setting up IDS with GeoIP block of Traffic to China and Russia, no blocking or alerts happened with Intrusion Detection and IDS enabled.

Made a Firewall LAN rule that blocks outgoing traffic to GeoIP of China and Russia.
That blocks, yay!

As for alerts:
I've setup a Monit Service Test with:

content = " 84,,, "

Which is the number of the rule used as found out by:

ping rutube.ru, resolves to: 185.165.123.77

cat /var/log/filter.log | grep 185.165.123.77
or
grep " 84,,," /var/log/filter.log

Oct 5 20:26:56 router filterlog:
84,,,0,igb0,match,block,in,4,0x0,,64,24176,0,DF,1,icmp,84,192.168.1.228,185.165.123.77,datalength=64

I've set up a Service like so:

Type: File
Path: /var/log/filter.log
Test: <name of Monit Service Test>

No alerts appear in my mailbox, I do see the message that Monit restarted.
Status page of Monit also shows no content matches
What am I missing?

Sources I looked at:

https://mmonit.com/monit/documentation/monit.html#FILE-CONTENT-TEST
https://forum.opnsense.org/index.php?topic=5303.0

18.7 Legacy Series / Re: Email notification

« on: September 08, 2018, 11:45:22 am »

I'm curious about this as well, I can test notifications and get an email notification on said test and when monit restarts ~~but that's all~~.

There is an option to add monit service test settings but I'm not sure what to fill in for updates.
From what i read more works needs to be done on monit but other features have a higher priority as per https://forum.opnsense.org/index.php?topic=6395.msg27322#msg27322

Pages: [1]