Topics

1

19.7 Production Series / GeoIP alias usage

« on: October 14, 2019, 05:54:54 pm »

If I want to block all but 2-3 countries from accessing particular ports, is it better to select all the countries in the alias, or just select the 3 or 4 and use invert (Not) in the rule. I would assume less resources are used with invert.

What is recommended?

My reasoning is to block IMAP and webmail from all countries except mine (USA). While allowing SMTP.

2

Intrusion Detection and Prevention / Capture Filters BPF

« on: October 07, 2019, 11:49:27 pm »

Is there any way to setup Capture Filters (BPF) in Suricata? Or is that something that has to be added to the code
I would like to ignore some hosts.

See here.
https://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html

3

19.7 Production Series / reinstall Suricata

« on: October 06, 2019, 12:57:23 am »

I tried reinstalling Suricata because of some missing dependencies, but it didn't replace the missing files such as suricata.yaml and some others.
How do I reinstall the full package?

This all started due to problems I was having with Suricata and I was thinking to reinstall it to put back all of the default files since I have changed things over the last couple years but the default files never came back.

How do I wipe out Suricata and reinstall the complete default package? Right now Suricata is disabled.

4

Intrusion Detection and Prevention / Suricata memory crash

« on: October 01, 2019, 05:54:42 pm »

This issue came up in another thread but I feel this topic got lost in there and is better suited in this category. Sorry in advanced for this.

The moment I upgraded from 19.7.2 to 19.7.4_1 I have had multiple memory usage spikes causing Suricata service crashes everyday. Never had this happen before the upgrade

I have tried changing Hyperscan to Default and removing some rulesets. I am down to one ruleset now and Suricata service still crashes eventually. There must be a memory leak problem or something similar. I have also tried reinstalling Suricata.

If the Suricata service stops or resets for any reason, the connection to the internet fails. But that has always been like that. The only way to fix it after a Suricata service restart or crash is a reboot of OPNsense.

I have not changed any rules in over a year in Suricata. This issue is a result of some change since the upgrade.
For now I have disabled Suricata and my firewall is stable.

Any suggestions?

5

19.7 Production Series / monit question

« on: September 21, 2019, 01:12:47 am »

Been a while since I setup monit. How do I change the memory usage setting?
It is set at the default of 25% and my memory usage is at 32-40% and blowing up my email.
I want to set it to 45%. I got a message when I tried to edit the condition.

Condition 'cpu usage is greater than 45%' would change the type of the test 'CPUUsage' but it is linked to a service.

How can I change it?

Thanks

6

19.7 Production Series / High memory usage

« on: September 21, 2019, 01:07:08 am »

Finally fixed my SMTP for Monit and then started getting reports about high memory usage.

Two questions
1. How can I see what service is using the memory
2. Using 35% of 16GB. Is that normal? Don't remember it ever being that high.

I only use the basic features and Suricata. No VPN's, Proxy, or squid

7

Hardware and Performance / Intel Turbo Boost

« on: May 06, 2019, 05:41:09 pm »

Does OPNsense make use of Intel's Turbo Boost technology?
Is that a feature of PowerD?
Are there any tunables we need to use to activate Turbo Boost?

Thanks

8

19.1 Legacy Series / Move anti-lockout rules

« on: April 18, 2019, 09:51:28 pm »

I have created a new local LAN subnet which I want to be my primary local LAN and I want to disable the anti-lockout rules on LAN and move them to the new interface.
How do I do that?

9

General Discussion / Traffic shaping virtual IP's

« on: April 18, 2019, 05:25:42 pm »

Is there a guide or can someone help me setup traffic Shaping on Virtual IP's?
I have two VIP's and want to limit just one of them giving full bandwidth to all other users including the WAN interface for local LAN users.

One caveat is that the VIP I want to limit directs itself to one of the IP's on my local subnet. I could change that to it's own subnet if it makes shaping easier.

Essentially I just want to limit all traffic coming to that one VIP.

Also would be nice if I could change the shapers bandwidth according to the time of day.

Thanks in advance.

10

General Discussion / OpenVPN with Client provider using IP Alias

« on: November 07, 2018, 06:36:30 pm »

Hi all, I need some guidance to setup a VPN service, such as IPVanish, NordVPN, etc..

I already know how to setup the VPN for the entire network, just need help on routing it to just one LAN IP or a group of LAN IPs via an alias. I have tried, but have been unsuccessful so far.

Are there any guides for this somewhere? If not just help me get it running and I will make a sticky on the procedure for others. This is a very useful setup for anyone running Android TV boxes on their LAN.

Thanks

11

18.1 Legacy Series / Routing question

« on: June 04, 2018, 05:20:33 pm »

Question. I have two subnets. Both work fine by themselves.
LAN - 192.168.1.1/24 - Gateway 192.168.1.1
WLAN - 192.168.2.1/24 - Gateway 192.168.2.1

I have an AP on 192.168.2.2
How can I access 192.168.2.2 from 192.168.1.2 via http so I can make router setting changes?
Tried a floating rule without success. Suppose I need some sort of NAT rule.

Thanks!

12

18.1 Legacy Series / DHCP from wrong subnet

« on: April 02, 2018, 04:59:14 pm »

Ok here's a weird one.
I have 2 local subnets 192.168.1.1/24 on LAN(igb1) and 192.168.2.1/24 WLAN (igb3)
I use 192.168.1.1/24 for my local workstations and they are all on a switch.
I use 192.168.2.1/24 for Wifi and igb3 is connected directly to a Wifi AP.
I have DHCP turned on for LAN and WLAN range 100 to 200
The device in question is a tablet with WiFi disabled using a USB Ethernet adapter.

Issue, any workstation on the LAN (igb1) that requests DHCP, gets an address from the WLAN subnet.
Wifi DHCP requests are correct.

The only way I can issue the correct DHCP address to a LAN workstation is if I disable the WLAN DHCP.

Here is the log entry
Apr 2 07:40:52    dhcpd: DHCPREQUEST for 192.168.2.100 from 00:24:9b:29:04:f4 (TABLET) via igb1: wrong network.

Is this a bug, or is there a setting I missed somewhere? What could cause this to happen?

13

18.1 Legacy Series / Image backup using Clonezilla

« on: March 31, 2018, 08:25:02 pm »

Using OPNsense 17.1, I was able to fully image and restore a disk using Clonezilla.
With OPNsense 18.1.5, Cloneziila restores do not restore the configuration data. The OPNsense system is fine, but starts up like a newly installed system with no interface settings. Tried it with 2 identical to the source disks.

I am not even sure that Clonezilla is the right image tool to use. I need a tool that I can do a full disk image backup and recreate a disk in my office to send out to my client. This disk should be able to load and run OPNsense the same as when imaged. Any suggestions?

14

18.1 Legacy Series / Multicast traffic

« on: March 30, 2018, 12:31:13 am »

What is generally the best practice for IGMP Multicast traffic. Allow or block on the internal networks?
I do see occasional hits from a WiFi router, which are now blocked with a default deny rule.

15

Development and Code Review / Patching a commit into OPNsense

« on: March 08, 2018, 07:43:44 pm »

When I see a commit on github that I want to install, other than a manual edit of the file(s), is there a way to easily 'patch' the commit into OPNsense from the shell? Or do we have to ask for a patch first?