Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - yeraycito

Pages: [1]

19.7 Production Series / ExpressVPN not working

« on: August 08, 2019, 12:31:48 pm »

I tried to install an expressvpn client on opnsense by following this pfsense tutorial:
https://www.expressvpn.com/es/support/vpn-setup/pfsense-with-expressvpn-openvpn/
When I get to the OpenVPN client part and put in the settings and give it to save I don't save the data. It cannot be created. I also followed this NordVPN tutorial for opnsense and neither:
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm
Any ideas?

Tutorials and FAQs / HOWTO - Port Forwading in Opnsense

« on: July 11, 2019, 11:50:34 am »

Example Port Forwading

LAN: 192.168.50.1/24

IP LOCAL PORT FORWADING: 192.168.50.18

PORT: 40

1 - In OPNSENSE/Firewall/Settings/Advanced:

- Enable Reflection for port forwards

- Enable Automatic outbound NAT for Reflection

- Save changes

2 - IN OPNSENSE/Firewall/NAT/Port Forward:

- +Add

- Interface: WAN

- Protocol: TCP

- Destination: WAN address

- Destination port range: from to
any any

- Redirect target IP: Single Host or Network
192.168.50.18

- Redirect target port: (other)
40

- Description: ( optional )

- NAT reflection: Use system default

- Save changes

WARNING: Port 40 is OPEN

How to protect the port with suricata:

1 - In OPNSENSE/Services/Intrusion Detection/Administration: ( Settings tab )

- Enable advanced mode

- Enable suricata - Enable IPS mode

- Pattern matcher: Hyperscan

- Interfaces: LAN

- Home networks: 192.168.50.1/24 ( lan example )

- Save changes

2 - In OPNSENSE/Services/Intrusion Detection/Administration: ( Donwload tab )

- Enable ALL categories

- Manually edit all categories individually:
Imput Filter: Change all alerts to drop actions

- Donwnload & Update Rules

3 - In OPNSENSE/Services/Intrusion Detection/Administration: ( Rules tab )

- Search emerging scan

- ( On page 11 of the search results ) Enable ET SCAN NMAP -sS window 1024

- Apply

4 - Restart OPNSENSE

Tutorials and FAQs / HOWTO - Advanced Settings Suricata

« on: July 10, 2019, 05:07:11 pm »

First Stop Suricata at Opnsense

Access by ssh (WinSCP for Windows: https://winscp.net/eng/download.php)

Open WinSCP:
Enter IP acces opnsense
Enter login/password opnsense

Search routes:

routes:
usr/local/etc/suricata/suricata.yaml
and
usr/local/opnsense/service/templates/opnsense/ids/suricata.yaml

Tuning Suricata ( IPS MODE ACTIVE ):
Edit the same parameters in the 2 files suricata.yaml
Search in suricata.yaml:

#max-pending-packets: 5000

detect-engine:
- profile: custom
- custom-values:
toclient-groups: 200
toserver-groups: 200
- sgh-mpm-context: auto
- inspection-recursion-limit: 3000

# Defrag settings:

defrag:
memcap: 128mb

flow:
memcap: 1gb
hash-size: 1048576
prealloc: 1048576
emergency-recovery: 30

# stream:
# memcap: 2gb
# prealloc-sessions: 30000

# reassembly:
# memcap: 4gb
# depth: 4mb
# chunk-prealloc: 5000
# segments:
# - size: 4
# prealloc: 1024

(repeat settings below with some changes):

stream:
memcap: 2gb
reassembly:
memcap: 4gb
depth: 4mb
#chunk-prealloc: 5000
#segments:
# - size: 4
# prealloc: 1024
# - size: 16
# prealloc: 2048
# - size: 112
# prealloc: 2048
# - size: 248
# prealloc: 2048
# - size: 512
# prealloc: 2048
# - size: 768
# prealloc: 4096
# - size: 1448
# prealloc: 4096
# - size: 65535
# prealloc: 512

Save changes
Start Suricata
Restart Opnsense

Adjustments tested in mini-pc:
Suricata active IPS Mode in LAN,WAN
Pattern matcher: Hyperscan
Promiscuous mode: disabled
Intel(R) Celeron(R) CPU J3160 @ 1.60GHz (4 cores)
Memory: 8 GB
Memory consumption opnsense with modified settings suricata: 20%
Internet connection: 50 MB

Optional: Advanced security options
In Suricata.yaml:

# Enable defrag per host settings
# host-config:
#
# - dmz:
# timeout: 30
# address: [192.168.1.0/24, 127.0.0.0/8, 1.1.1.0/24, 2.2.2.0/24, "1.1.1.1", "2.2.2.2", "::1"]
#
# - lan:
# timeout: 45
# address:
# - 192.168.0.0/24
# - 192.168.10.0/24
# - 172.16.14.0/24
# - Put here the range of local ip addresses of your system (Example: 192.168.50.1/24)

host-os-policy:
# Make the default policy windows.
windows: [0.0.0.0/0]
bsd: []
bsd-right: []
old-linux: []
linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]
old-solaris: []
solaris: ["::1"]
hpux10: []
hpux11: []
irix: []
macos: []
vista: []
windows2k3: []

Put here your local ips depending on the operating system. Examples:
Windows computer: windows: [0.0.0.0/0,192.168.50.16]
Nas ( Linux ): linux: [10.0.0.0/8, 192.168.50.18, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]

Intrusion Detection and Prevention / HOWTO - Advanced Settings Suricata

« on: July 10, 2019, 05:06:53 pm »

First Stop Suricata at Opnsense

Access by ssh (WinSCP for Windows: https://winscp.net/eng/download.php)

Open WinSCP:
Enter IP acces opnsense
Enter login/password opnsense

Search routes:

usr/local/etc/suricata/suricata.yaml
and
usr/local/opnsense/service/templates/opnsense/ids/suricata.yaml

Tuning Suricata ( IPS MODE ACTIVE ):
Edit the same parameters in the 2 files suricata.yaml
Search in suricata.yaml:

#max-pending-packets: 5000

detect-engine:
- profile: custom
- custom-values:
toclient-groups: 200
toserver-groups: 200
- sgh-mpm-context: auto
- inspection-recursion-limit: 3000

# Defrag settings:

defrag:
memcap: 128mb

flow:
memcap: 1gb
hash-size: 1048576
prealloc: 1048576
emergency-recovery: 30

# stream:
# memcap: 2gb
# prealloc-sessions: 30000

# reassembly:
# memcap: 4gb
# depth: 4mb
# chunk-prealloc: 5000
# segments:
# - size: 4
# prealloc: 1024

(repeat settings below with some changes):

stream:
memcap: 2gb
reassembly:
memcap: 4gb
depth: 4mb
#chunk-prealloc: 5000
#segments:
# - size: 4
# prealloc: 1024
# - size: 16
# prealloc: 2048
# - size: 112
# prealloc: 2048
# - size: 248
# prealloc: 2048
# - size: 512
# prealloc: 2048
# - size: 768
# prealloc: 4096
# - size: 1448
# prealloc: 4096
# - size: 65535
# prealloc: 512

Save changes
Start Suricata
Restart Opnsense

Adjustments tested in mini-pc:
Suricata active IPS Mode in LAN,WAN
Pattern matcher: Hyperscan
Promiscuous mode: disabled
Intel(R) Celeron(R) CPU J3160 @ 1.60GHz (4 cores)
Memory: 8 GB
Memory consumption opnsense with modified settings suricata: 20%
Internet connection: 50 MB

Optional: Advanced security options
In Suricata.yaml:

# Enable defrag per host settings
# host-config:
#
# - dmz:
# timeout: 30
# address: [192.168.1.0/24, 127.0.0.0/8, 1.1.1.0/24, 2.2.2.0/24, "1.1.1.1", "2.2.2.2", "::1"]
#
# - lan:
# timeout: 45
# address:
# - 192.168.0.0/24
# - 192.168.10.0/24
# - 172.16.14.0/24
# - Put here the range of local ip addresses of your system (Example: 192.168.50.1/24)

host-os-policy:
# Make the default policy windows.
windows: [0.0.0.0/0]
bsd: []
bsd-right: []
old-linux: []
linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]
old-solaris: []
solaris: ["::1"]
hpux10: []
hpux11: []
irix: []
macos: []
vista: []
windows2k3: []

Put here your local ips depending on the operating system. Examples:
Windows computer: windows: [0.0.0.0/0,192.168.50.16]
Nas ( Linux ): linux: [10.0.0.0/8, 192.168.50.18, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]

Intrusion Detection and Prevention / Aanval 9 Suricata

« on: July 10, 2019, 03:43:49 pm »

Hello. Is there any chance of integrating Aanval9 into opnsense?
https://www.tacticalflex.com/pages/aanval

Hola. ¿Hay alguna posibilidad de integrar Aanval9 en opnsense?

Pages: [1]