Topics

1

18.1 Legacy Series / openvpn Inactivity Timeout since 18.1

« on: February 10, 2018, 01:01:35 pm »

The 18.1.2 update was flawless and openvpn works great.  However, observed openvpn inactivity timeout + auth failed after about half a day or so since 18, whick requires a manual restart (just a click).  It's hard to tell if it is the result 18 or something going on with PIA.  Does anyone else have a similar experience?  I have:

persist-key
persist-tun
remote-cert-tls server
reneg-sec 0

2

18.1 Legacy Series / Firewall Logs Live View on Chrome Problem

« on: February 03, 2018, 01:37:11 pm »

The upgrade from 17.7.12 to 18.1.1, apu2, was flawless. 

While testing noted the firewall logs Live View does not display correctly with google chrome 64.0.3282.140 64-bit.  The display update of each row takes seconds, the interface and time display correctly, the rest of the text is not properly decoded (square), and apu2 cpu goes up 40% cpu.  The display decodes on Firefox ESR and with the same apu cpu loading but two events are displayed 4 times.

3

17.7 Legacy Series / Suricata Rule Parsing Errors

« on: August 27, 2017, 04:09:38 pm »

We have been "testing" Suricata 4.0 and it works well.  Today, I was checking into TLS wrong version errors (daughter on facebook, andriod cell) and checked the logs.  There are parsing errors from abuse.ch.  For example, IDS Rules Apply, clog suricata.log | less first error:

27/8/2017 -- 09:32:29 - <Notice> - rule reload starting
27/8/2017 -- 09:32:35 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "^_<8B>^H" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.sslblacklist.rules at line 1

I recall, not all that long ago the ET ruleset parsing changed.

4

17.1 Legacy Series / Update causes continuous logging request pfctl byte/packet counters

« on: July 19, 2017, 01:32:03 am »

Update from 17.1.9 to 17.1.10-amd64 went well.  Noted open Dashboard causes endless logging of configd.py: [ ] request pfctl byte/packet counters, which is a change.

Turns out the periodic updates of the Interface List are now logged.

5

17.1 Legacy Series / Suricata feodotracker.abuse.ch Download Failure

« on: June 03, 2017, 12:21:43 pm »

Updated from 17.1.7 to 17.1.8 and had a Suricata download failure.  It appears the other rules updated.

Jun 3 03:13:00   configd.py: unable to sendback response [OK ] for [ids][update][None] {5ea328a3-a284-481b-b52e-7d7dd8bafa3a}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe

Jun 3 03:13:00   configd_ctl.py: error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 65, in exec_config_cmd line = sock.recv(65536) timeout: timed out

Jun 3 03:12:56   rule-updater.py: download failed for https://feodotracker.abuse.ch/blocklist/?download=suricata

Jun 3 03:11:00   configd.py: [5ea328a3-a284-481b-b52e-7d7dd8bafa3a] update and reload intrusion detection rules

6

17.1 Legacy Series / Update to 17.1.2 - apu2

« on: February 25, 2017, 01:41:48 pm »

Perfect - suricata (ips, hyperscan), openvpn (client specific vlan ip's, don't add/remove routes).

7

17.1 Legacy Series / Upgrade from 16.7.14/17.1

« on: February 04, 2017, 11:38:21 pm »

Install flawless, apu2 nano amd64 from local ssh.

8

16.7 Legacy Series / [SOLVED] Suricata Update Crontab Entry

« on: December 31, 2016, 02:38:22 pm »

Suricata update did not occur.  The System Settings Cron entry is enabled.  Found "/usr/local/sbin/configctl ids update" missing in "/var/cron/tabs/root".  Tried Suricata Edit job, save, no joy.  Entry made with "crontab -e".

9

16.7 Legacy Series / Dashboard Firewall Logs Widget Dynamic Refresh Updates Incorrect

« on: December 26, 2016, 07:37:36 pm »

Greetings.

Browser is Firefox.  Noted Firewall Logs Widget updates correctly with browser manual refresh but not dynamically.  Older events are are replaced with the automatic refresh cycle.  Manual browser refresh will again correct.  Please find below example following dynamic update.

Another piece of information - rebooted to reset things back to a known state.  The Firewall Logs displayed 4 lines instead of 5 but the update scroll was correct.  Left the page and came back - Firewall Logs displayed 5 lines but the update scroll was incorrect.