Topics

1

Hardware and Performance / which switch

« on: September 19, 2019, 01:19:13 am »

Which would you choose and why?

HP ProCurve 2810-48G 48 port 10/100/1000 or a Dell PowerConnect 2824 24 port 10/100/1000?

Ignore amount of ports.

I can get either for about the same cost but i am looking for suggestions / reasons one might be more appropriate for a home / small business scenario.

2

General Discussion / vnstatd

« on: December 23, 2018, 06:27:46 pm »

I'm using

OPNsense 19.1.b_492-amd64
FreeBSD 11.2-RELEASE-p4-HBSD
OpenSSL 1.0.2q 20 Nov 2018

Checking the logs i found this

Dec 23 11:35:16   vnstatd[63852]: Traffic rate for "em1" higher than set maximum 1000 Mbit (1->138, r2033 t225), syncing.
Dec 23 11:35:16   vnstatd[63852]: Traffic rate for "em0" higher than set maximum 1000 Mbit (1->138, r259 t2136), syncing.
Dec 23 11:35:16   vnstatd[63852]: Monitoring: em0 (1000 Mbit) em1 (1000 Mbit)
Dec 23 11:35:15   vnstatd[63852]: vnStat daemon 1.15 started. (uid:284 gid:284)

How can I set the proper rate or where? Why is the rate set low at 1000 Mbit?

3

General Discussion / file editor and file manager

« on: December 03, 2018, 04:04:03 am »

Hi,

I use nas4free / Xigma and have since before the split ( used monowall yrs ago also)
The question I have is if there is and if not are there any plans to add a file editor and or a file manager to OPNsense like in nas4free and possibly a way to test commands (cli) directly from the gui or would this make for one big security breach?

It sure does make some things very very convenient.

greg

4

19.1 Legacy Series / ips/ids suricata Solved

« on: December 01, 2018, 07:46:51 am »

Hi,
I followed the wiki to enable Intrusion detection and have a couple problems.

Code: [Select]

OPNsense 19.1.b_306-amd64
FreeBSD 11.2-RELEASE-p4-HBSD
OpenSSL 1.0.2q 20 Nov 2018
I get these errors and of the 4 abuse.ch rule sets only the one actually downloads. These are the only rules I enabled to test suricata out.

Code: [Select]

abuse.ch/Dyre SSL IPBL not installed drop
abuse.ch/Feodo Tracker 2018/12/01 1:31 drop
abuse.ch/SSL Fingerprint Blacklist not installed drop
abuse.ch/SSL IP Blacklist not installed drop
and these errors are in the log

Code: [Select]

Dec 1 01:30:43 suricata: [100244] <Notice> -- Stats for 'em1': pkts: 283, drop: 0 (0.00%), invalid chksum: 0

Code: [Select]

ec 1 01:30:23 suricata: [100172] <Error> -- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid mpm algo supplied in the yaml conf file: "hs"
I rebooted and the same happens along with the IPv6 gateway being down and needing a restart.

what did i screw up this time? 

5

19.1 Legacy Series / SOLVED vnstat (Database load failed)

« on: November 30, 2018, 07:54:34 am »

I'm using

Code: [Select]

OPNsense 19.1.b_306-amd64
FreeBSD 11.2-RELEASE-p4-HBSD
OpenSSL 1.0.2q 20 Nov 2018
vnstat has been working just fine until today. No changes made by me, nothing I know of changed.
I tried restating the service, no help. I tried rebooting, no help. I deleted the plugin and reinstalled, no help.

Code: [Select]

vnstatd[51566]: Error: Database load failed even when using backup (Permission denied). Aborting.

6

19.1 Legacy Series / wake on lan widget

« on: November 29, 2018, 02:58:34 am »

Hi,

The link on the wol widget that takes you to the wol service is broken.
It goes to Page not found go back to previous page

greg

7

19.1 Legacy Series / UPnP

« on: November 24, 2018, 05:33:25 pm »

Is it possible (very low priority of course) to have the UPnP status as a widgit for the dashboard?

8

19.1 Legacy Series / bogonsv6

« on: November 24, 2018, 01:55:03 pm »

when you do an update for the bogonsv6 it causes the browser (firefox) to pop up with (a page is slowing things down) stop it or wait.

The IPv4 bogons go quick, no slow downs.

tried waiting but it's never ending so had to stop it.
bogons do update according to the log.

Code: [Select]

Nov 24 07:11:58 root: update bogons is ending the update cycle
Nov 24 07:11:58 root: Bogons V6 file downloaded: 73 addresses deleted.
Nov 24 07:11:58 root: Bogons V6 file downloaded: 103457 addresses added.
Nov 24 07:11:58 root: Bogons V4 file downloaded: 2990 addresses added.
Nov 24 07:11:55 root: bogons update is beginning the update cycle
Nov 24 07:11:55 root: bogons update starting

9

19.1 Legacy Series / updates/upgrades WORKED AS DESIGNED!

« on: November 24, 2018, 01:47:08 pm »

I finally got 19.1.b_360 installed with 11.2 HBSD and restored from my back up.

I did a check updates again and got this (yes I did reboot several times)

Will this downgrade my 19.1 to 18.7.6 or am I reading this wrong?
I sure seem to be making big messes the last few days

Current version                                                       Next version
19.1.b_306                                                              Click to check for updates.
Package Name                                        Current Version                                New Version          Required Action
base                                                        19.1.b                                                18.7.6                  upgrade
kernel                                                19.1.b                                                18.7.6                  upgrade

10

General Discussion / clamav (SOLVED)

« on: November 23, 2018, 07:34:12 am »

Hi,

Just so I am clear on this.

To use clamav to scan live I would need to use a proxy server located on a different system correct? This would be using the fresh clam definitions and not i-cap.

I have done searches and my old eyes hurt from the reading and so far it has not been clear about using clamav to scan and whether theres a need for a separate machine for running the proxy.

11

General Discussion / Dhcp4 and Dhcp6

« on: November 22, 2018, 11:32:21 pm »

Hi,

I'm curious about this is all.

I have noticed that opnsense.org uses IPv6 but the forums don't yet. Is there a reason?

Code: [Select]

[Connection uses HTTPS. Warning: IPvFoo does not verify the integrity of encryption.]

forum.opnsense.org 81.171.2.181

[Connection uses HTTPS. Warning: IPvFoo does not verify the integrity of encryption.]

0pnsense.org 8001:1af8:4700:a126:7::2

[Connection uses HTTPS. Warning: IPvFoo does not verify the integrity of encryption.]

xen-media.com (no address) [Data from cached requests only.] [code]


12

19.1 Legacy Series / Smart plugin (Solved)

« on: November 22, 2018, 11:22:28 pm »

Hi,

In the smart plugin on the dashboard I show this.

I'm using a old Acer Aspire (AX1200-B1792A) desktop that had vista on it and it has external card readers and such.
For home use this little box handles everything great for what I use. I do plan on a purpose built box after I learn my way around OPNsense in the future.

Since I never use the external card readers how can I tell smart there is no da0 or da1 so they don't show on the dashboard? Is this possible?

It isn't a big deal I'm just trying to clean up whats shown is all.

Second question: Does smart run on it's own or do tests need to be scheduled through cron?

 SMART Status
Drive    Ident    SMART Status
ada0    WD-WX11A11W9451     OK
da0        Unknown
da1        Unknown

13

18.7 Legacy Series / dashboard

« on: November 21, 2018, 11:29:56 am »

Hi,

When I have the web page for the dashboard up and I scroll down to watch one of the graphs it decides to scroll itself back to the top after a very short time.

If it is possible how can I change and stop that from happening?

EDIT: it does this after approximately one minute.

Greg

14

19.1 Legacy Series / FIXED lost all rules except default lockout

« on: November 20, 2018, 01:49:00 am »

OOPS,

I was trying some new rules and when I went to delete one I LOST ALL rules on the lan interface except the default lockout rule.

A history search and backup got them back but is this a recurring thing and removing a rule will do this consistently?

How do we remove unwanted , un needed or just non working rules?