Topics

1

20.7 Legacy Series / repeat crashing

« on: October 31, 2020, 06:56:12 am »

dear, it is with a sense of dread i write this post as it concerns opnsense going haywire repeatedly


the logs reviewed thus far do not contain a clear indicator of what happened, but it never happens once, this is time three in just two weeks. For all cases over time the scheduled updates for suricata appear to correlate in time, except today and this time it is even more bad than just unbound and suricata dying.


i've now initiated the update for 20.7.4 which i had not done before since it only presented a pkg update


my question is if others experience such crashes as well, my concern is it may not be just instability of opnsense but an external factor. if so, there are not indicators left in the logs

2

20.7 Legacy Series / dns queries return 0.0.0.0 as adress, no blacklist enabled

« on: September 29, 2020, 03:09:05 pm »

• with Unbound service there are recurrent issues where the service simply stops responding
• dns lookups from the opnsense web-ui from any interface work as per normal
• this makes me think the problem does originate within unbound

Validating the unbound configuration i could not find any blacklist enabled. Rebooting opnsense i could find the domains which return 0.0.0.0 as address briefly do resolve correctly. The IDS was not enabled at the time since it had crashed once more, also when disabling the IDS there was no change observed for the dns queries erroneous results.

3

20.7 Legacy Series / unstable on proxmox ?

« on: September 27, 2020, 07:10:21 pm »

Dear,

Using opnsense since release 17 or so i find it unstable to work with on Proxmox VE 6.2

the disk i/o is troublesome to the point only selecting IDE with SSD emulation appears to work well (for speed), choosing a differen kind of controller results in a lot of swap fail notification.

on shutdown there are a plethora of errors thrown which appear low level, regardless of the controller chosen

in all i don't feel like 20.7 is as production ready as one typically assumes

memory consumption appears quite high out of the box, the VM has 2.5GB of ram and frequently starts complaining it is out of swap space shutting down multiple services without warning

4

Intrusion Detection and Prevention / Flowbit rules and no alert

« on: November 09, 2018, 05:53:45 pm »

Dear,

Confronted with Zberp being reported as originating from my SmartTV reaching in relation to Netflix traffic (yes, port 80) I came to look at Suricata SID 2021831 which is a flowbits:noalert rule

It took me a while and had to ask but someone pointed out this rule is not supposed to trigger since it is a flowbits rule for which no alert is configured. Hence i wondered if this (most likely) is my mistake of enabling such rule or if this is a known error in the suricata configuration with OPNSense.

Thank you

5

18.7 Legacy Series / WebGUI very slow on LAN

« on: November 02, 2018, 02:11:31 pm »

Dear,


After blaming opnsense i came to realize it is most likely all on me, the slow loading of the WebGUI.


I don't see how to start troubleshooting this. There appears no indication thus far. When i do a factory reset the WebGUI is snappy as expected.


This setup has a WAN - LAN - OPT interface setup, Unbound DNS is set to query WAN and Localhost.


The slow actions is the same over IP or DNS for the management interface. There is no other interface listening to the management interface.


I suspect this may be a routing issue or gateway weighting issue but could not find anything related.


Best Regards,


Joris

6

General Discussion / restarting unbound by cron

« on: August 20, 2018, 03:02:37 pm »

Because of recurring performance issues with unbound i think it is wise to restart the service every n hours.

I could not find the way to configure this from the web interface or in the manual pages.

Please advise.


Thank you

7

18.1 Legacy Series / multicast forwarding (sonos) cross interface

« on: June 30, 2018, 09:03:13 am »

Dear,

My set-up is the latest production release of OpSense on a system with three network interfaces (WAN,Mobile,LAN)

While my entire Sonos setup is working fine as it is entirely connected to Mobile  i now seek to make connections to it from LAN. This uses ssdp which is a multicast based protocol over 239.255.255.250 over port 1900/udp.


STATUS not working : traffic from Sonos Desktop does cross the interfaces but does not return

Validation i run a packet capture on the Mobile interface for "224.0.0.0/4 or 192.168.29.100" which is my Lan IP

As a "narrow it down approach" i've tried various settings. Now i have a rule on top of the rulebase permitting all address towards 239.255.255.250 on both Mobile and Lan, for these rules i've also enable 'allow options' and enabled 'any flags'

In a desperate attempt i've even created src: any dst: 239.255.255.250 for any protocol as well as src: 239.255.255.250 dst: any for any protocol on both networks

Please comment or advise on what to search for. Multicast is a notable omission in any threat related to opnsense.

[update 10:22 CET 29/06/2018 ]

The Sonos App on a Microsoft System is sending SSDP (239.255.255.250) to port 1900/udp but this does not cross the interfaces on the firewall (since multicast)

Installed the IGMP Proxy Service (mixed non-results thus far)

 Configured Mobile as Upstream as the Sonos Speakers are here as well as the Sonos Controller on a Tablet
 Configured LAN as Downstream as the Sonos Desktop Application is located here

 For each of the configured IGMP i have configured the relevant subnet and also added 239.255.255.250/32

8

Tutorials and FAQs / Telegraf input/output

« on: March 03, 2018, 09:27:22 am »

Hello,

I'm looking to have Telegraf output from opnsense. Not just for system monitoring but also for suricate monitoring, is this available in the current setup of Telegraf or is extra work required ? If need be i could provide extra hands here i figure.