Messages

1

Zenarmor (Sensei) / Re: Sensei throughput cap despite high-performance device

« on: September 28, 2022, 02:50:23 pm »

Frequency of the processor matters. It takes 2.4 GHz nominal frequency to handle 600 Mbps. So if you have an old PC that you think it is not useful anymore, it can function as your firewall.

Eastpect is single-core process, that's why it matters.

2

Zenarmor (Sensei) / Re: Sensei throughput cap despite high-performance device

« on: September 26, 2022, 02:04:59 am »

According to top eastpect uses 40% to 50% of a single core of the processor at 600 Mbps download speed.

3

Zenarmor (Sensei) / Re: Sensei throughput cap despite high-performance device

« on: September 24, 2022, 10:14:06 pm »

I don't know. I use an Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz with 16 GB RAM and an Intel 1 Gbps network card. It delivers 600 Mbps download speed from 600 Mbps nominal speed, with Sensei fully enabled.

I don't think there is a real speed difference between native netmap and emulated netmap, but I found the emulated netmap to work smoother.

4

Zenarmor (Sensei) / Re: Mongodb crash because of a missing pkg

« on: August 22, 2022, 12:15:20 am »

python37 is history in the new OPNsense, I suggest you uninstall both packages, i.e:

py37-markupsafe
py37-pymongo

5

Zenarmor (Sensei) / Re: No more Internet when I use Zenarmor or Intrusion detection

« on: August 20, 2022, 07:49:28 am »

Interfaces / Settings:

Disable offloading twice.

Code: [Select]

    <disablechecksumoffloading>1</disablechecksumoffloading>
    <disablesegmentationoffloading>1</disablesegmentationoffloading>


6

Zenarmor (Sensei) / Re: Blocked message from zenarmor should also be seen in opnsense firewall live log

« on: August 17, 2022, 11:05:36 am »

Out of the box OPNsense does not block outgoing connections. So, unless they are bogons, every blocked outgoing connection is due to Zenarmor.

7

Zenarmor (Sensei) / Re: Whitelist problems

« on: July 28, 2022, 05:10:21 am »

Guess, it's fixed:

Downloaded whitelist from 192.168.1.1

Deleted all whitelist entries from https://sunnyvalley.cloud/firewalls/

Restored whitelist from 192.168.1.1

8

Zenarmor (Sensei) / Whitelist problems

« on: July 28, 2022, 04:30:26 am »

Zenarmor 1.11.4 no longer honors the whitelist.

That is to dns11.quad9.net and cloudflare-dns.com port 853.

9

Zenarmor (Sensei) / Re: is there a live log?

« on: July 05, 2022, 11:22:24 pm »

Zenarmor only blocks public IPs and websites. So, it has otherwise little to do with traffic between VLANs, unless there is a bug.

10

Zenarmor (Sensei) / Re: Loss of LAN connectivity

« on: July 03, 2022, 10:23:48 pm »

The bootstrap did not fix the problem. I have scheduled a reboot every 12 hours, but I do not like this hack.

11

Zenarmor (Sensei) / Re: Loss of LAN connectivity

« on: July 02, 2022, 02:56:42 pm »

Note: something was not right with packages/plugins, so I have performed an opnsense-bootstrap.

12

Zenarmor (Sensei) / Re: Loss of LAN connectivity

« on: July 02, 2022, 01:56:15 pm »

OK, done. From ....@home.nl

13

Zenarmor (Sensei) / Loss of LAN connectivity

« on: July 01, 2022, 06:06:59 am »

976.452223 [1139] generic_netmap_attach     Emulated adapter for igb1 created (prev was NULL)
976.452269 [1044] generic_netmap_dtor       Emulated netmap adapter for igb1 destroyed
976.633263 [1139] generic_netmap_attach     Emulated adapter for igb1 created (prev was NULL)
976.722312 [ 320] generic_netmap_register   Emulated adapter for igb1 activated

14

Zenarmor (Sensei) / Re: Do I need Suricata IDS running if using Zenarmor (Sensei)

« on: June 25, 2022, 10:58:18 pm »

Zenarmor is no IDS.

And you only need Suricata if you open ports to the world.

15

22.1 Legacy Series / Re: [CALL FOR TESTING] FreeBSD 13.1 / 22.7 operating system preview

« on: June 18, 2022, 03:40:08 pm »

Yup, spoke too early. Between 7th and 8th day I lose connectivity on LAN.