Topics

1

Intrusion Detection and Prevention / Call for testing a particular ruleset: abuse.ch/SSL Fingerprint Blacklist

« on: March 21, 2018, 12:53:05 pm »

When I enable to block abuse.ch/SSL Fingerprint Blacklist ruleset in IPS mode the SSL/TLS encrypted sites speed drops bellow 100 Mbs (out of 450 Mbps).

Only encrypted traffic is affected (understandable, somehow, if you pay attention to the name of the ruleset). The tests I made repeatedly and leading to the same conclusion for me are:

Test 1

• Enable IPS, and enable to block abuse.ch/SSL Fingerprint Blacklist.
• Access http://www.dslreports.com/speedtest/ and perform a test.
• Access https://www.dslreports.com/speedtest/ and perform a test. (Click on ”use https” in the test frame of the page.)
• Compare the results.

Test 2

• Enable IPS, and enable to block abuse.ch/SSL Fingerprint Blacklist.
• Access https://testmy.net/ and perform a test.
• Disable abuse.ch/SSL Fingerprint Blacklist.
• Repeat the speed test at https://testmy.net/
• Compare the results.

If it's not only me, then you should have a huge difference between http tests speed and https tests speed, and respectively, a huge difference between https tests speed performed with and without the ruleset enabled if and only if your connection is > 200 Mbps.

Barely noticeable, since most speed tests default to http (unencrypted) so that the speed test is unaffected by the ruleset, but all the secured/ encrypted https sites/ apps are slow/ sluggish when accessed from any end-device.

Please, write here about your findings.

2

Romanian - Română / Forum Română - Bun venit!

« on: February 21, 2018, 02:48:05 pm »

În primul rând bun venit pe forumul OPNsense, secțiunea în limba română!

În al doilea rând, despre reguli: Nu avem reguli!

Adică, nu avem reguli suplimentare regulilor întregului forum OPNsense. Te rog insistent să citești aceste reguli, pe care le găsești aici: https://forum.opnsense.org/index.php?topic=3.0

Ele sunt traduse (și adaptate) în română, mai jos, pentru cazul în care ai nevoie să le citești în română:

Înainte de a posta ceva:
        - caută în întreg forumul (inclusiv în arhivă) după subiecte sau întrebări similare – caută pentru cel puțin 5 minute ca să fii sigur că nu ți-a scăpat ceva            relevant!
        - citește întrebările frecvente (FAQ)

        - dacă există deja o conversație pe tema a ceea ce dorești să discuți, folosește acea conversație – nu începe una nouă!
          folosește funcția de căutare a forumului pentru a găsi conversații similare

        - asigură-te că alegi secțiunea/ categoria potrivită pentru subiectul tău
        - când postezi ceva, dă toate detaliile ce pot fi relevante pentru problema ta (cum ar fi configurația, logurile etc.)
        - tratează-i pe ceilalți membrii ai forumului așa cum ți-ar plăcea să fii tu tratat
          fii politicos


Postările în alte secțiuni decât ”International” trebuie să fie în engleză!

Sper să te simți bine printre noi, iar pe noi să ne faci să ne simțim bine (în legătură) cu tine!

3

General Discussion / Standard Language?

« on: February 13, 2018, 11:56:50 am »

Hello everyone!

Is it just me, or maybe somebody else would find to be a good idea to stick to English as much as possible?
I see a lot of German posts (not only German, but all of the rest of non-English posts are less than those in German), that seems to be very interesting posts/ subjects, but since I don't know German (almost) at all I can't get a sense of them.

Now, don't get me wrong, I am aware of the fact that this forum present localization options, also I am aware that, as much as we, English-only speakers, have the disadvantage that we can't get a sense of the German part of the forum, so the German posters can't get a chance of participation of non-German speakers... But this is exactly my point: OPNsense community is, anyhow, not quite a numerous one... and if we further limit ourselves, and each other, on language barriers etc, I find that to be in exact opposite purpose of that community.

Thank you, and apologies if I am not appropriate with these lines.
Ciprian

4

18.1 Legacy Series / USB interface errors under ESXi 5.0.0 VM during OS load

« on: January 29, 2018, 12:51:29 pm »

Hello everyone!

Take care for virtual USB interface under ESXi 5.0.0, multiple console errors regarding USB during OS load, removing the interface from the VM settings solved the problem.
If you have such a virtualization platform (maybe just this version), be aware, and better remove USB before applying the upgrade.

Thanks!

PS Franco, should a bug report be opened on github?

5

17.7 Legacy Series / [SOLVED] Intrusion Detection stops when selecting an interface group

« on: September 22, 2017, 09:54:31 am »

Hello!

OPNsense ver 7.7.3 (VmWare env. 4 CPU, 4 GB RAM, 20 GB VDisk)

When using IDS, selecting a group of interfaces (AllInternal) causes the IDS service to stop. The only way to start the service is to disable IDS, remove the interface group, and restart OPNsense.

I tried everything below without success:

- Remove the interface group, start the service
- Remove the interface group, disable IDS, enable IDS, restart the service
- Remove the interface group, disable IDS, reinstall the IDS package, restart the service
- Remove the interface group, disable IDS, disable all rulesets, reinstall the IDS package, restart the service
- Remove the interface group, disable IDS, disable all rulesets, reinstall the IDS package, from console "reload all services", restart the service

Please, check if the bug can be reproduced, and if it does, will open a bug report on github
Thank you!

6

17.1 Legacy Series / Feature Request: Easy option to except "Perimeter" range of public IPs from NAT

« on: June 09, 2017, 12:56:33 pm »

Request: Starting with the introduction of Quagga, and especially for BGP use cases, please add an easy option to except from NAT the advertised IP(s)/ IP range(s) in BGP (or custom), an option easier than the now mandatory workaround to change from Auto NAT to Manual NAT, and then add manual NAT exception rules for that IP range(s).

Scenario: I have two ranges of public IP addresses set to servers (Web, OWA, Public authoritative DNS, SMTP etc.) on the "Perimeter" interface. Without excepting NAT for this interface/ IP ranges, al sort of problems arise, one example being getting marked as SPAM SMTP service on anti-SPAM public services, because the source public IP address is not the public IP of the server itself, but the public WAN IP the ISP gave me to be set on his WAN (obviously), NAT being done by default on all and every non-WAN interfaces.

Reason: I don't want to set NAT on manual mode because I want to keep the auto generation of NAT rules for creating/ changing/ deleting internal LAN and VLAN interfaces.

PS Adding a "Null" Route in "System" -> "Routes" didn't solve the issue.

7

17.1 Legacy Series / Feature Request: Bulk change action "Alert/Drop" in IPS in a list of rules

« on: June 09, 2017, 11:34:39 am »

Hello!

I would be very helpful to have the possibility to change at once the rule action from "Alert" to "Drop" and vice-versa an entire list of rules  in IPS. For now, there are two buttons below (on the down-left of) the rule list for 1) Disable selected and 2) Enable selected (see attached image), but changing from Alert to Drop action on rules in the list must be done on a one-by-one basis.

Thank you!

8

17.1 Legacy Series / [BUG] [IPS] [Alerts] Changing the no. of results/ page malfunction

« on: May 04, 2017, 12:42:59 pm »

Hello!

Changing the number of results per page doesn't affect the footer: footer scroll buttons still exists for the no of total pages with 7 results/ page (the default displayed no of results & pages). (See the attached image, display "all" results, instead of the default 7/ page.)

Also, for the default 7/page, the buttons "next page" & "last page" have the same effect of "next page".

Please, investigate.
Thank you.
Have a nice day!