Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - mw01

#1
The 18.1.2 update was flawless and openvpn works great.  However, observed openvpn inactivity timeout + auth failed after about half a day or so since 18, whick requires a manual restart (just a click).  It's hard to tell if it is the result 18 or something going on with PIA.  Does anyone else have a similar experience?  I have:

persist-key
persist-tun
remote-cert-tls server
reneg-sec 0
#2
The upgrade from 17.7.12 to 18.1.1, apu2, was flawless. 

While testing noted the firewall logs Live View does not display correctly with google chrome 64.0.3282.140 64-bit.  The display update of each row takes seconds, the interface and time display correctly, the rest of the text is not properly decoded (square), and apu2 cpu goes up 40% cpu.  The display decodes on Firefox ESR and with the same apu cpu loading but two events are displayed 4 times.
#3
17.7 Legacy Series / Suricata Rule Parsing Errors
August 27, 2017, 04:09:38 PM
We have been "testing" Suricata 4.0 and it works well.  Today, I was checking into TLS wrong version errors (daughter on facebook, andriod cell) and checked the logs.  There are parsing errors from abuse.ch.  For example, IDS Rules Apply, clog suricata.log | less first error:

27/8/2017 -- 09:32:29 - <Notice> - rule reload starting
27/8/2017 -- 09:32:35 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "^_<8B>^H" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.sslblacklist.rules at line 1

I recall, not all that long ago the ET ruleset parsing changed.
#4
Update from 17.1.9 to 17.1.10-amd64 went well.  Noted open Dashboard causes endless logging of configd.py: [ ] request pfctl byte/packet counters, which is a change.

Turns out the periodic updates of the Interface List are now logged.
#5
Updated from 17.1.7 to 17.1.8 and had a Suricata download failure.  It appears the other rules updated.

Jun 3 03:13:00   configd.py: unable to sendback response [OK ] for [ids][update][None] {5ea328a3-a284-481b-b52e-7d7dd8bafa3a}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe

Jun 3 03:13:00   configd_ctl.py: error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 65, in exec_config_cmd line = sock.recv(65536) timeout: timed out

Jun 3 03:12:56   rule-updater.py: download failed for https://feodotracker.abuse.ch/blocklist/?download=suricata

Jun 3 03:11:00   configd.py: [5ea328a3-a284-481b-b52e-7d7dd8bafa3a] update and reload intrusion detection rules
#6
17.1 Legacy Series / Update to 17.1.2 - apu2
February 25, 2017, 01:41:48 PM
Perfect - suricata (ips, hyperscan), openvpn (client specific vlan ip's, don't add/remove routes).
#7
17.1 Legacy Series / Upgrade from 16.7.14/17.1
February 04, 2017, 11:38:21 PM
Install flawless, apu2 nano amd64 from local ssh.
#8
Suricata update did not occur.  The System Settings Cron entry is enabled.  Found "/usr/local/sbin/configctl ids update" missing in "/var/cron/tabs/root".  Tried Suricata Edit job, save, no joy.  Entry made with "crontab -e".
#9
Greetings.

Browser is Firefox.  Noted Firewall Logs Widget updates correctly with browser manual refresh but not dynamically.  Older events are are replaced with the automatic refresh cycle.  Manual browser refresh will again correct.  Please find below example following dynamic update.

Another piece of information - rebooted to reset things back to a known state.  The Firewall Logs displayed 4 lines instead of 5 but the update scroll was correct.  Left the page and came back - Firewall Logs displayed 5 lines but the update scroll was incorrect.