1
Development and Code Review / 20.1 amd64 iso images
« on: December 24, 2019, 01:37:03 am »
Anyone out there who has any amd64 20.1 alpha/beta images (dvd or usb images) ready? Any links much appreciated.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
19.1 Legacy Series / Call for testing: New netmap enabled kernel
« on: February 06, 2019, 12:21:44 am »
Dear OPNsense community,
One of the exciting new features, introduced with OPNsense 19.1 release, is the introduction of an alternate test kernel having the latest upstream netmap code.
Netmap is a very important subsystem in the base OS, since it provides the necessary plumbing for the operation of Suricata in IPS mode and also Sensei in particular.
Netmap code in FreeBSD (thus HardenedBSD) was almost 4 years old. It lacked lots of new developments and bug-fixes that have been done in this timeframe.
On the FreeBSD side, we (Sunny Valley Networks) sponsored a development effort to bring the latest upstream netmap code into FreeBSD.
Quite promptly, OPNsense team has now landed all this development to OPNsense 19.1. New functionality can be enabled by switching to the new-netmap-kernel (Instructions below)
As said, new kernel brings lots of bug-fixes and new developments, two of the most notable ones are being:
1 - VirtIO network adapters support:
You can now run Suricata/Sensei on virtio adapters. Virtio adapters are found mostly on QEMU/KVM based
Hypervisors like Proxmox, and on Cloud VPS providers.
2 - VLAN child interfaces: You can now run Suricata / Sensei on child vlan interfaces.
There is some more development pending (i.e. native VMware vmxnet support) but as of now and as far as our tests are concerned, we now seem to have a stable netmap implementation.
Bottomline, you should have a more stable Suricata (IPS mode) and Sensei experience after you switch to the new kernel.
Here are the steps for you to run and test the new kernel. Please feel free to share any issues you encountered and we'll do our best to investigate and try to find a solution.
IMPORTANT: Make sure you've completed your upgrade to 19.1. The new kernel is available & compatible with OPNsense 19.1.
To switch to the new-netmap-enabled kernel:
# opnsense-update -bkr 19.1-netmap
After the update & reboot, your 'uname -a' output should be similar: (pay attention to the commit hash and branch, it should be: c4ec367c3d9(master) )
root@fw:~ # uname -a
FreeBSD fw.local 11.2-RELEASE-p8-HBSD FreeBSD 11.2-RELEASE-p8-HBSD c4ec367c3d9(master) amd64
To revert back to the 19.1-default kernel:
# opnsense-update -bkf
Kudos to the OPNsense team for all of their co-operation and help on this.
One of the exciting new features, introduced with OPNsense 19.1 release, is the introduction of an alternate test kernel having the latest upstream netmap code.
Netmap is a very important subsystem in the base OS, since it provides the necessary plumbing for the operation of Suricata in IPS mode and also Sensei in particular.
Netmap code in FreeBSD (thus HardenedBSD) was almost 4 years old. It lacked lots of new developments and bug-fixes that have been done in this timeframe.
On the FreeBSD side, we (Sunny Valley Networks) sponsored a development effort to bring the latest upstream netmap code into FreeBSD.
Quite promptly, OPNsense team has now landed all this development to OPNsense 19.1. New functionality can be enabled by switching to the new-netmap-kernel (Instructions below)
As said, new kernel brings lots of bug-fixes and new developments, two of the most notable ones are being:
1 - VirtIO network adapters support:
You can now run Suricata/Sensei on virtio adapters. Virtio adapters are found mostly on QEMU/KVM based
Hypervisors like Proxmox, and on Cloud VPS providers.
2 - VLAN child interfaces: You can now run Suricata / Sensei on child vlan interfaces.
There is some more development pending (i.e. native VMware vmxnet support) but as of now and as far as our tests are concerned, we now seem to have a stable netmap implementation.
Bottomline, you should have a more stable Suricata (IPS mode) and Sensei experience after you switch to the new kernel.
Here are the steps for you to run and test the new kernel. Please feel free to share any issues you encountered and we'll do our best to investigate and try to find a solution.
IMPORTANT: Make sure you've completed your upgrade to 19.1. The new kernel is available & compatible with OPNsense 19.1.
To switch to the new-netmap-enabled kernel:
# opnsense-update -bkr 19.1-netmap
After the update & reboot, your 'uname -a' output should be similar: (pay attention to the commit hash and branch, it should be: c4ec367c3d9(master) )
root@fw:~ # uname -a
FreeBSD fw.local 11.2-RELEASE-p8-HBSD FreeBSD 11.2-RELEASE-p8-HBSD c4ec367c3d9(master) amd64
To revert back to the 19.1-default kernel:
# opnsense-update -bkf
Kudos to the OPNsense team for all of their co-operation and help on this.
3
Development and Code Review / Sensei on OPNsense - Application based filtering
« on: August 25, 2018, 03:38:14 am »
Hello,
I'm Murat, founder of Sunny Valley Networks, the company behind Sensei.
Very much pleased to meet the OPNsense community.
I've seen a thread about Sensei in the forum, so I thought it might be a good idea to start a dedicated topic to help people with the software.
Sensei is a plugin for firewalls which complement them with features like Application Filtering, Advanced Network Visibility and Cloud Application Control. Currently, Sensei community edition is available for OPNsense platform.
I've seen that some members have already downloaded and trying Sensei. Many thanks for that. We're grateful.
I've created this topic about Sensei to help you to try it out, and try to solve any problems you guys might have encountered.
Although we reached our target number of beta testers, we always have room for forum members.
If you're interested in trying it, please do not hesitate to contact me privately. I can share the URL to the latest installer.
Very much looking forward to reading your feedback and helping you with the software.
More information about Sensei can be found on the product web page: https://sunnyvalley.io/sensei
All the best
Murat
I'm Murat, founder of Sunny Valley Networks, the company behind Sensei.
Very much pleased to meet the OPNsense community.
I've seen a thread about Sensei in the forum, so I thought it might be a good idea to start a dedicated topic to help people with the software.
Sensei is a plugin for firewalls which complement them with features like Application Filtering, Advanced Network Visibility and Cloud Application Control. Currently, Sensei community edition is available for OPNsense platform.
I've seen that some members have already downloaded and trying Sensei. Many thanks for that. We're grateful.
I've created this topic about Sensei to help you to try it out, and try to solve any problems you guys might have encountered.
Although we reached our target number of beta testers, we always have room for forum members.
If you're interested in trying it, please do not hesitate to contact me privately. I can share the URL to the latest installer.
Very much looking forward to reading your feedback and helping you with the software.
More information about Sensei can be found on the product web page: https://sunnyvalley.io/sensei
All the best
Murat
Pages: [1]