Topics

1

23.7 Production Series / DHCP leases can't be deleted

« on: August 06, 2023, 01:34:33 am »

DHCP leases that are active dynamic and dynamic in-active cannot be deleted, the only error I see is this:

10.10.10.1 gateway.mydomain.com - [05/Aug/2023:19:33:06 -0400] "POST /api/dhcp/leases/delLease/10.0.10.10 HTTP/1.1" 400 84 "https://gateway.mydomain.com/ui/dhcpv4/leases" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15"

Edit: Same results when not using the custom domain, i.e. direct to IP of OPNSense

2

General Discussion / 23.7 RC upgrade path

« on: July 21, 2023, 02:04:42 am »

I didn't see anything in the change log this morning but I'm assuming the RC does not currently have an in place upgrade yet? Im seeing the latest beta in the dev channel but no RC. Do I have to update to dev channel prior to going to the RC?

3

Zenarmor (Sensei) / Source/Destination IPs wrong

« on: February 11, 2023, 11:09:25 pm »

I see the actual source and destination then a couple other random IPs that aren't mine listed for that as well with the interface MAC (usually) as the MAC of the bad IP.

10.105.21.169 is listed as source for the MAC that's supposed to be 10.0.0.5, that's the same for ALL IPs on the network.  There is also this duplicated for a junk IP but the interface MAC is listed. Is this expected? I got an intel Nic for this and it appears to still be broken to some extent, at least.

4

22.7 Legacy Series / X520 vs Mellanox ConnectX3 speed

« on: December 22, 2022, 09:11:12 pm »

I switched from a mellanox card to an intel x520. I was able to get full 10gb using perf between opnsense and my unraid server, after switching to X520 I am getting less than 2 from unraid to opnsense but full 10gb between opnsense to unraid, telling me that I have something misconfigured. Any ideas? Anyone else with an X520 getting line speed?

Edit: I found the issue, sorry! I just didn't look hard enough at the forums.  I found this which helped ALOT.

https://binaryimpulse.com/2022/11/opnsense-performance-tuning-for-multi-gigabit-internet/

From here: https://forum.opnsense.org/index.php?topic=18754.150

Thanks!

5

22.7 Legacy Series / [OPNsense 22.7.7_1-amd64] vnstat crash/error

« on: November 16, 2022, 02:55:38 pm »

Hello, I get the below error spammed in the log when using vnstat, I do not get any stats though.

[00acf906-9459-4683-964d-7bab56a4b5c1] Script action failed with Command '/usr/local/bin/vnstat -y ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 482, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/bin/vnstat -y ' returned non-zero exit status 1.

6

Zenarmor (Sensei) / 1.12 Mellanox Support

« on: November 10, 2022, 07:42:56 pm »

Does 1.12 support Mellanox nic's yet?

7

General Discussion / Crowdsec firewall blacklists

« on: August 03, 2022, 06:03:20 pm »

I have crowdsec and its working well.  I already have a central node so I was able to tie opnsense into it just fine.  I had a question though, I see this:

Enable Firewall Bouncer (IPS)

When this is enabled I get no alerts for blocks in the firewall logs. I have to disable this to get any alerts from my block rules. Is this expected?

Enable log for rules

I enable the above and I get some alerts but they are all blank, with no info except that it came from crowdsec.  Basically I want to make sure the crowdsec lists are being blocked correctly and since they wont show up in the logs its a bit difficult. It seems like the firewall bouncer is needed to block detections on the firewall but needs to be disabled to get blocks to show up in the logs using the blocklists that ship with crowdsec.

8

22.1 Legacy Series / Floating rule issues

« on: May 20, 2022, 04:21:15 am »

I posted on a couple other threads regarding Default deny/state violations in the logs. On a related note, I have floating rules for certain items but it was my understanding that interface rules applied after floating. Im blocking a lot of IGMP traffic and had to make a new floating rule to allow IGMP on all interfaces. This shouldn't be required...floating rules are applied prior to interface rules so if there are default deny rules in the floating rules they will take precedent over the allow alls I have on each interface...Im also seeing blocked traffic to certain servers from a reverse proxy. all other traffic from that proxy is allowed so I'm not sure why/where the default deny is happening.

9

22.1 Legacy Series / 2.5gbe wan port

« on: May 07, 2022, 03:07:41 am »

I’m curious why the rate in my wan settings is 10gbe rather than 2.5? I have a 2.5gb link. Is this just a bug or is it actually negotiating at 10gbe? Thanks!

10

Zenarmor (Sensei) / Mellanox cards

« on: April 07, 2022, 02:50:49 pm »

Just an FYI mellanox is not supported for the default netmap profile. I was able to install and enable but lost connectivity and had to ssh in and manually remove zenarmor from the terminal as it was crashing everything.  Is this expected? Thank you!

Edit: I see this - https://forum.opnsense.org/index.php?topic=17363.180 where mlx devices are being tested...did that ever work?

11

22.1 Legacy Series / error: kex_exchange_identification: Connection closed by remote host

« on: March 15, 2022, 11:17:36 pm »

Anyone else seeing this message after the update?

error: kex_exchange_identification: Connection closed by remote host

Ill note im seeing this same message originating from each interface in opnsense on my other servers.  Spams log almost every hour on the dot.

Edit: make that every 15 minutes on the dot

Edit 2: I think this is ntopng actually, ill disable, and report back after 20 minutes or so.  All servers on network see same flood of ssh requests every 15 minutes so I THINK ntopng is doing this for network discovery.  Its a working theory.  Ill report back with my findings.

Edit 3: Yep ntopng was the culprit.  If anyone else runs into this, possibly disable network discovery on the app to stop.

12

Zenarmor (Sensei) / A couple errors upgrading to 22.1

« on: February 17, 2022, 07:57:22 pm »

Hello, I have a few issues with sensei on the new 22.1 update.  The OPNSense was clean-installed, sensei was clean installed.

I see this:
[0d569281-3cff-4e2f-96be-cb2fa640bcbc] Script action stderr returned "b'umount: /dev/md43: statfs: No such file or directory\numount: /dev/md43: unknown file system\nmount: /usr/local/sensei/output: No such file or directory'"

And this is spammed over and over:
[69aa4538-c722-4c14-bf3e-7e14d5d3718c] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/Sensei/periodicals.py ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/Sensei/periodicals.py ' returned non-zero exit status 1.

This as well:
[f119326e-6669-458a-bc4c-c3c5b8f9c4ba] Script action failed with Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 1.

13

Intrusion Detection and Prevention / Snortv3

« on: December 27, 2021, 11:57:53 pm »

Any plans to add a snort package now that v3 is released that makes it more competitive with suricata? (Multi thread etc)

14

Zenarmor (Sensei) / Supress alerts

« on: September 27, 2021, 02:10:54 am »

Any way to suppress certain alerts from showing up in the logs, or certain logs?  I have certain things blocked, and I know it will be spammed 1000's of times in the reports which is somewhat unhelpful as I manually blocked it.  Thanks!

15

21.7 Legacy Series / Unbound DNS BL

« on: September 26, 2021, 02:35:06 am »

I just set up a blocklist in unbound, testing a migration from pihole, where do I see blocks? If I cant see blocks I cant really use it, as DNS false positives are common and I need to be able to see random blocks and deal with them if needed.  Is this possible? If we had a firewall logs-like list that would be very nice. Thanks!