Topics

upgraded recently to 19.7.7 , not sure if this was the cause as i haven't created a new user in a while. But after new user is created & cert. When i go into openvpn client export the user is not there, anyone else experience this.....?

Dont use this too much but seems that the geoip map in ntop no longer works. Made sure that the Geo databases are in /usr/local/share/ntopng/httpdocs/geoip but still nothing. I see that pfsense has a patch for this in recent versions. Im running latest 19.7.5_5 tried on 2 boxes both with same results.

Hello,
I need to do a source NAT over an IPSEC tunnel , when i apply the rule no traffic seems to go through. I did pull up some old posts on this not being supported only via 1-1 NAT only, Can anyone shed any more information on this? I have ubiquity edge router that does this and is also using strongswan.

Since the upgrade to 19.7 remote logging seems to be very broken. I have disabled remote syslog from settings--> Logging and now using the logging / targets.

Im my case I only have suricata selected (nothing selected in levels & facilities) apparently this means all I have  UDP 4 connection to my logging server over a vpn tunnel.

via suricata i have the eve output selected and if i view the logs from Opnsense, suricata logs i can see that logs are present. I do not receive these logs to my logging server. I have tested connectivity to the logging server that is ok. I can see in the log that the connection is edtablished. syslog connection established; fd='25', server='AF_INET(10.11.0.1:5151)', local='AF_INET(0.0.0.0:0)'

Any insight is appreciated - i did upgrade from 19.1.10 which was working great using the old logging configuration

Is there any way to suppress an alert with the signature ID and source + destination IPs? from the GUi it looks like its just source + destination IP, which is a little too broad and dont want to disable some rules altogether.

I think this is just adding a custom rules config somewhere but where ?

Thanks

Hi

I have Openvpn server running on 10.51.0.0/16 - for user vpns

I have Openvpn clinet running on 10.11.0.0/16 for remote logging
Opensense connects via the client fine and from the opnsense box i can communicate over the client vpn network 10.11.0.0/16 but i need a workstation on the lan 192.168.50.0/24 to access the 10.11.0.0/16 network.
Ive looked though some posts re NAT entries but still cant get this going, seems it should be fairly simple but must be missing somthing? do i manually need to add somthing specific.

OpenVPN firewall rules are IPv4 * * * *
my outbound nat rules have 10.11.0.0/16 on WAN interface permitted.

help is appreciated.  ;D

Does anyone have a graylog extractor for suricata messages send to syslog? :)

Anyone using the ntop alerts via slack?? Just trying this for the first time and not really sure what is happening , I thought that it would just forward the alerts that are appearing the the "flow alerts" section of ntop but apparently not im just getting stuff like below that does not in any way match the alerted flows in ntop.. no more info than that . is this just a useless feature?

22/04/2019 20:00:08][Blacklisted Flow] Client, server or domain is blacklisted [Flow: xxx.176.26.66:52077 xxx.xxx.local:40100] [L4 Protocol: TCP]

using 19.1.5_1 and noticed that my geomap is no longer displaying flows.

Longitude and Latitude are reporting correctly in the browser and API key is installed.

anyone having the same issue?

J

when enabling HTTPS for ntopng port 3001 for example this does not seem to work. Certificate generated. also tried running OPNsense with http incase that was interfering....am i just missing something obvious?

when enabling HTTPS for ntopng port 3001 for example this does not seem to work. Certificate generated. also tried running OPNsense with http incase that was interfering....am i just missing something obvious?