Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - myksto

Pages: [1] 2

19.7 Legacy Series / GUI on Google Chrome: tools to move, delete, edit, clone rules not visible

« on: September 23, 2019, 04:23:09 pm »

Hi.
As I just wrote in the object: I noted that on the right side of the GUI tools to manage rules are not visible in Google Chrome while they're in Mozilla Firefox and in IE.
I attached two shots of both browsers just to see the differences (see the red circles).

Is there anyone who knows the reason ot this strange behaviour in Google Chrome and eventually how to solve this little problem?

Thanks and cheers,
Michele.

19.7 Legacy Series / Error on Suricata 4.1.4_4 Logs

« on: September 12, 2019, 04:37:13 pm »

I recently noted this error on Suricata logs:
"suricata: [100148] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml."

I also can't see any packet blocked by suricata so I guess it's not working.

I tried to restart the service but error comes again.

I searched for 2225 ticket and found this for version 4.1.3: "Bug #2225: when stats info dumping in redis,the decoder.ipv4.trunc_pkt can’t output.In the same time, in the stats.log this can output" but to tell the truth I did not understand whether I can solve the issue or not.

Is there a way to solve it?

Thanks and cheers.

Michele.

19.1 Legacy Series / Open VPN daemon doesn't start after firewall reboot

« on: May 08, 2019, 04:00:44 pm »

I have two Openvpn servers in the same firewall: OPN1 and OPN2.
Sometimes after a firewall reboot both deamons don't come up and in dashboard they're red. If I try to restart them they don't and logs says that:
"openvpn[76450]: Exiting due to fatal error;
openvpn[76450]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
openvpn[76450]: TUN/TAP device ovpns1 exists previously, keep at program end"

I found an old post https://forum.opnsense.org/index.php?topic=6376.0 and there I found the solution to find and kill processes. In that post a bug was opend at Github but I was not able to understand whether the bug had been correct or not.

Is it known why this happens?
Is there a more simply way to make Open VPN deamons come up after a simple firewall reboot (for example for a system update)?

Thanks a lot.

Best regards,
Michele

19.1 Legacy Series / Request filter log output in Backend Log File

« on: March 25, 2019, 12:34:23 pm »

I have a Dell server with 19.1.4 x64 release.
I saw lots of messages in "System -> Log Files -> Backend" showing "Request filter log output".
Times ago it happened the same, I shutdown and restart server and logs went away (so it's not versione related).
Today I have the same "problem".
It seems like a sort of container gets full and needs to be emptied.
Can someone tell me why this is happening and eventually how to stop it?

Thanks a lot.

Cheers,
Michele.

19.1 Legacy Series / Strange upgrade behavior from 18.7.10_4 to 19.1_1

« on: February 12, 2019, 11:02:10 am »

In one of my scenario I have two Dell PE 1950, they are identical in hardware: then they have WAN, DMZ and LAN interfaces.
The first firewall is in production and is LAN, DMZ and WAN (to a router with public IP) connected.
The second is a backup, same configuration as the first but connected only to the LAN interface with another private IP (of course). In this backup machine I set the first firewall LAN address as the default gateway. In this way it's connected to the internet anche can check for updates.
This morning I tried to update this backup firewall from 18.7.10_4 to the 19.1_1 through the GUI. I unlocked the upgrade and pressed the UPGRADE button. I waited for half an hour but apart from the dots on the screen no upgrade has been done. I rebooted the firewall and started the upgrade over but the result has been the same. Then I tried to upgrade from console but apart from the dots increasing on the screen nothing happened.
In this forum I found a thread who suggested another way to upgrade and tried it. Through the console I launched these commands:
# opnsense-update -fp -n "19.1\/latest"
Lots of packages were installed and all processes completed (apparently) with succes but at the end the firewall was not pingable and the GUI not accessible. I then tried to check for updates from console, the process installed some packages making the a "kernel update" and the rebooted the firewall. At that point everything were ok, the firewall pingable again and the GUI accessible.

This is not the first time I have problems to update this backup firewall and I really can't understand why.
Could it be the fact it's not WAN connected? Any other idea, suggestions?

Thanks and cheers,
Michele.

18.7 Legacy Series / Can't complete update from 18.7.9 to 18.7.10_3

« on: January 24, 2019, 04:39:09 pm »

I have several machine around the world and one by one I updated them to the latest release 18.7.10_3.
Well, I have a Dell server machine, identical to 3 others that I manage that can't complete the update process.
All packages and plugins have been updated apart from "base" and "kernel" packages.
I tried to reboot the server after an incomplete update process but with no luck. Dashboard says it's version 18.7.10_3 but if I check for updates I found that "base" and "kernel" need to be updated. I click on update button again but it starts to try to updated with no result.
I attached screen of the dashboard, the update process page,and the list of packages to be updated.
How can I overcome this strange situation?

Thanks and cheers,
Michele.

18.7 Legacy Series / Surfing between pages has sped up after upgrade to version 18.7.9

« on: December 18, 2018, 11:47:47 am »

I have to open a thread not to complain about something but to highligth the fact tha surfing between pages has been sped up after update to latest version. In firewall rules I have dozen of rows and before it took 5-6 seconds to surf from a page to another. Now it's almost immediate and it's a very very good thing!
Maybe it's because the cleanup you've made to the code I don't know but a very good job has been made.

Best regards,
Michele.

General Discussion / Hardware RAID (status, rebuilds, ecc.) checks and logs

« on: November 26, 2018, 08:47:19 am »

Hi.
I've OPNSense 18.7.8 installed on an old (but still good) Dell server with 2 sata disk configured in RAID1.
Well, this morning while I was making my usual tour check I saw one of the disks blinking orange meaning it was in an error state. I usually give a second chance to faulty disk extracting it and inserting it again after few seconds forcing RAID controller to rebuild the array. In Windows, Dell gives an utility to monitor the rebuid status and the RAID status as well.
Is there a way to monitor the RAID rebuild process through OPNSense? I tried to search through the logs in System -> Log Files but I saw nothing useful. I also searched Google but with no luck.

Thank you very much.

Cheers,

Michele.

18.7 Legacy Series / "Aliases" item missing in System ->Configuration -> Backup -> Restore Area

« on: November 21, 2018, 10:34:59 am »

I have two OpnSense machines: one is a production one, the second is for backup and test.
I usually make tests and then export configuration and import it to the production machine.
Today I need to import new Aliases and noticed that the item "Aliases" is missing in the "Restore Area".
I searched several times but I really can't find that key.

Has "Aliases" been removed? Can I ask you why and how can I import Aliases then?

Thanks a lot and cheers,

Michele.

General Discussion / Where list are saved in file system?

« on: October 05, 2018, 08:26:01 am »

I mean I would like to check whether lists as firehol, spamhouse drop, ecc. are updated or not and would like to know where they're are saved as files in OpnSense filesystem.
I searched in different directory but with no luck.

Can anyone help me find them?

Tnahks,
Michele.

Intrusion Detection and Prevention / How to manage a local ip list

« on: September 27, 2018, 10:42:56 am »

Hello everybody.
I would like to create and mantain a local (or more than one) list of ip addresses to use within alias and then in traffic rules.
I created a txt file and put it in a local folder in Opnsense (/mkst/lists/ip.txt).
I would like to load it and use an alias to do that.
So I created an alias using the URL IP type but I receive error and ip's don't load.
I tried in different ways and these are some errors:
update_tables.py: error fetching alias url \\127.0.0.1\mkst\lists\ips.txt
update_tables.py: error fetching alias url https://127.0.0.1/mkst/lists/ips.txt
update_tables.py: error fetching alias url https:\\127.0.0.1\mkst\lists\ips.txt

What is the right way to load a local list?

Thank you.

Cheers,
Michele.

General Discussion / No reporting data available for OpenVPN traffic

« on: June 28, 2018, 09:11:13 am »

Hi guys.
I setup the Insigt reporting feature so that I can monitor traffic from inside my networks.
In Netflow configuration I added my LAN, DMZ and OpenVPN interfaces.
When I go to the Insight function I can see all traffic and graphs for all interfaces except OpenVPN.
I attached screenshot of Netflow configuration and Insigth for OpenVPN interfaces where, you can see, no data is available and I have several OpenVPN connections active (mine too now).

Am I doing anything wrong or missing something?

Thanks and cheers,

Michele.

General Discussion / Reporting -> Insight not working properly

« on: May 08, 2018, 11:38:59 am »

Hello.
I've been using OPNSense for some months.
I'm on version 18.1.7, just updated.
I noticed a strange behaviour on the fantastic reporting section named "Insight".
I go on "Totals" tab then I go down to "Top usage ports/sources.
By default WAN is selected.
On the right of the graph I see several ip addresses (public ones) and if I go on the pie chart and select one of them, system takes me to the "Details" tab and put the ip address I select inside the "(src) Address" field as expected.
If I go back to the "Totals" tab, select "LAN" as the interface, choose and click on a IP adrress (private one this time) on the pie chart, system takes me to the "Details" tab but on the "src Address" put another IP address (public one) and NOT the one I chose before.

Beside if "WAN" is selected a small pop-up showing the ip address comes up when I go over the pie chart with the mouse but if I select LAN or another interface more often than not no IP is being shown.

I tried with Google Chrome and Mozilla Firefox and the behaviour is the same.

Is there a way to fix this "issue"?

Thanks a lot and cheers.

Michele.

General Discussion / Default Gateway for WAN and Automatic Outbound NAT

« on: March 22, 2018, 09:11:35 am »

Hi.
Here's my OPNSense 18.1.5 configuration (ip are not real of course):

WAN: public ip 88.40.191.10/29
LAN: 192.168.59.0/24
DMZ: 192.168.10.0/24

GW is a Huawei router whose address is the first available public address of my public pool: 88.40.191.9/29.
I inserted the GW ip address as the default GW in OPNSense gateways.
WAN cable of OPNSense is plugged in a port ot the Huawei router.
OPNSense WAN ip and Huawei router ip are in the same public subnet (/29) of course.

Well I found these strange behaviours (or better I think there're strange but maybe they're not):
if I ADD the "upstream gateway" (Huwaei router IP) in WAN interface OPNSense can't reach that gateway so no internet connection can be established, nothing at all.
if I DON'T ADD add the "upstream gateway" in WAN interface OPNSense can reach the gateway but noone in private networks can surf because the automatic OUTBOUND NAT rules are empty. If I manually add my private networks in OUTBOUND NAT everything is fine.

My questions are:

why my GW is unreachable if I add it in upstream gateway of the WAN interface? I mean, is it not correct to insert it there?
Why no outbound nat rule are automatically created if no upstream gw is set on WAN?
What is the default/correct practise in these cases?

Thanks a lot, Michele.

General Discussion / Strange characters in Firewall Log (Line View)

« on: March 15, 2018, 04:06:13 pm »

This morning I turn up my pc and open my dashbord with Google Chrome and find a strange slowness in moving betweene menus. Besides I found strange characters in firewall logs (screenshot attached).
No problem with Firefox and IE.
Chrome has been updated last week, disabled all extensions, no luck.

Suggestions?

Pages: [1] 2