"
I am having a problem that consists of a full OPNsense crash and kernel panic when I enable the blocking feature within Suricata. This crash is severe enough that normal reboots end up with OPNsense going straight back into a crashed and locked state.
I am currently running OPNsense 19.1.4, but this also happened with some earlier versions of OPNsense for me. I do not have a list of the specific versions that have failed, my OPNsense experience has been off-and-on as I keep flipping between OPNsense and pfSense.
I am running OPNsense in CARP/HA failover on two different Proxmox nodes using OpenVswitch to provide the LAN and sever other interfaces to OPNsense. The OPNsense VMs have plenty of resources. The only interface currently set within is the LAN interface.
Every time I enable the block option, the OPNsense VM will crash and fully lock up within about 30 seconds. Once it reaches the crach state it becomes completely unresponsive. The only remedy is to shut the VN off externally. If allowed to reboot it will follow the normal boot process until it again crashes and hard-locks.
If left in just reporting mode, Suricata appears to function and generate alerts.
I'm new to Suricata so the correct rule sets, etc. are something I'm just getting to know. I have a lot of experience with Snort (any chance of bringing that to OPNsense? I really miss Snort.) so an not a total newb to IDS/IPS.
How do I get this working?
I could roll back to pfSense, but that product has an issue with OpenVswitch as LAN. I work with Nutanix by day which does use OpenVswitch so I would prefer to keep OPNsense part of my home lab.
I am currently running OPNsense 19.1.4, but this also happened with some earlier versions of OPNsense for me. I do not have a list of the specific versions that have failed, my OPNsense experience has been off-and-on as I keep flipping between OPNsense and pfSense.
I am running OPNsense in CARP/HA failover on two different Proxmox nodes using OpenVswitch to provide the LAN and sever other interfaces to OPNsense. The OPNsense VMs have plenty of resources. The only interface currently set within is the LAN interface.
Every time I enable the block option, the OPNsense VM will crash and fully lock up within about 30 seconds. Once it reaches the crach state it becomes completely unresponsive. The only remedy is to shut the VN off externally. If allowed to reboot it will follow the normal boot process until it again crashes and hard-locks.
If left in just reporting mode, Suricata appears to function and generate alerts.
I'm new to Suricata so the correct rule sets, etc. are something I'm just getting to know. I have a lot of experience with Snort (any chance of bringing that to OPNsense? I really miss Snort.) so an not a total newb to IDS/IPS.
How do I get this working?
I could roll back to pfSense, but that product has an issue with OpenVswitch as LAN. I work with Nutanix by day which does use OpenVswitch so I would prefer to keep OPNsense part of my home lab.
