Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - yeraycito

Pages: [1]

20.1 Production Series / No comment?

« on: January 27, 2020, 03:00:18 pm »

After using pfsense and now 1 year using opnsense I have to thank the developers for the work and effort they do to maintain and improve this program which I consider better than pfsense. From the few comments I see we seem to have been disappointed that it hasn't been updated to Freebsd 12 and instead it has been updated to a relase candidate. I have installed it and I have to say that it works just as well as the previous one 19.7. I was also expecting an update to Suricata 5 : https://svnweb.freebsd.org/ports/head/security/suricata/ who looks like she's ready. Looking forward to these changes I again thank the immense work of the developers of opnsense. Thank you. Sorry about my English.

19.7 Legacy Series / ExpressVPN not working

« on: August 08, 2019, 12:31:48 pm »

I tried to install an expressvpn client on opnsense by following this pfsense tutorial:
https://www.expressvpn.com/es/support/vpn-setup/pfsense-with-expressvpn-openvpn/
When I get to the OpenVPN client part and put in the settings and give it to save I don't save the data. It cannot be created. I also followed this NordVPN tutorial for opnsense and neither:
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm
Any ideas?

Tutorials and FAQs / HOWTO - Port Forwading in Opnsense

« on: July 11, 2019, 11:50:34 am »

Example Port Forwading

LAN: 192.168.50.1/24

IP LOCAL PORT FORWADING: 192.168.50.18

PORT: 40

1 - In OPNSENSE/Firewall/Settings/Advanced:

- Enable Reflection for port forwards

- Enable Automatic outbound NAT for Reflection

- Save changes

2 - IN OPNSENSE/Firewall/NAT/Port Forward:

- +Add

- Interface: WAN

- Protocol: TCP

- Destination: WAN address

- Destination port range: from to
any any

- Redirect target IP: Single Host or Network
192.168.50.18

- Redirect target port: (other)
40

- Description: ( optional )

- NAT reflection: Use system default

- Save changes

WARNING: Port 40 is OPEN

How to protect the port with suricata:

1 - In OPNSENSE/Services/Intrusion Detection/Administration: ( Settings tab )

- Enable advanced mode

- Enable suricata - Enable IPS mode

- Pattern matcher: Hyperscan

- Interfaces: LAN

- Home networks: 192.168.50.1/24 ( lan example )

- Save changes

2 - In OPNSENSE/Services/Intrusion Detection/Administration: ( Donwload tab )

- Enable ALL categories

- Manually edit all categories individually:
Imput Filter: Change all alerts to drop actions

- Donwnload & Update Rules

3 - In OPNSENSE/Services/Intrusion Detection/Administration: ( Rules tab )

- Search emerging scan

- ( On page 11 of the search results ) Enable ET SCAN NMAP -sS window 1024

- Apply

4 - Restart OPNSENSE

Tutorials and FAQs / HOWTO - Advanced Settings Suricata

« on: July 10, 2019, 05:07:11 pm »

First Stop Suricata at Opnsense

Access by ssh (WinSCP for Windows: https://winscp.net/eng/download.php)

Open WinSCP:
Enter IP acces opnsense
Enter login/password opnsense

Search routes:

routes:
usr/local/etc/suricata/suricata.yaml
and
usr/local/opnsense/service/templates/opnsense/ids/suricata.yaml

Tuning Suricata ( IPS MODE ACTIVE ):
Edit the same parameters in the 2 files suricata.yaml
Search in suricata.yaml:

#max-pending-packets: 5000

detect-engine:
- profile: custom
- custom-values:
toclient-groups: 200
toserver-groups: 200
- sgh-mpm-context: auto
- inspection-recursion-limit: 3000

# Defrag settings:

defrag:
memcap: 128mb

flow:
memcap: 1gb
hash-size: 1048576
prealloc: 1048576
emergency-recovery: 30

# stream:
# memcap: 2gb
# prealloc-sessions: 30000

# reassembly:
# memcap: 4gb
# depth: 4mb
# chunk-prealloc: 5000
# segments:
# - size: 4
# prealloc: 1024

(repeat settings below with some changes):

stream:
memcap: 2gb
reassembly:
memcap: 4gb
depth: 4mb
#chunk-prealloc: 5000
#segments:
# - size: 4
# prealloc: 1024
# - size: 16
# prealloc: 2048
# - size: 112
# prealloc: 2048
# - size: 248
# prealloc: 2048
# - size: 512
# prealloc: 2048
# - size: 768
# prealloc: 4096
# - size: 1448
# prealloc: 4096
# - size: 65535
# prealloc: 512

Save changes
Start Suricata
Restart Opnsense

Adjustments tested in mini-pc:
Suricata active IPS Mode in LAN,WAN
Pattern matcher: Hyperscan
Promiscuous mode: disabled
Intel(R) Celeron(R) CPU J3160 @ 1.60GHz (4 cores)
Memory: 8 GB
Memory consumption opnsense with modified settings suricata: 20%
Internet connection: 50 MB

Optional: Advanced security options
In Suricata.yaml:

# Enable defrag per host settings
# host-config:
#
# - dmz:
# timeout: 30
# address: [192.168.1.0/24, 127.0.0.0/8, 1.1.1.0/24, 2.2.2.0/24, "1.1.1.1", "2.2.2.2", "::1"]
#
# - lan:
# timeout: 45
# address:
# - 192.168.0.0/24
# - 192.168.10.0/24
# - 172.16.14.0/24
# - Put here the range of local ip addresses of your system (Example: 192.168.50.1/24)

host-os-policy:
# Make the default policy windows.
windows: [0.0.0.0/0]
bsd: []
bsd-right: []
old-linux: []
linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]
old-solaris: []
solaris: ["::1"]
hpux10: []
hpux11: []
irix: []
macos: []
vista: []
windows2k3: []

Put here your local ips depending on the operating system. Examples:
Windows computer: windows: [0.0.0.0/0,192.168.50.16]
Nas ( Linux ): linux: [10.0.0.0/8, 192.168.50.18, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]

Intrusion Detection and Prevention / HOWTO - Advanced Settings Suricata

« on: July 10, 2019, 05:06:53 pm »

First Stop Suricata at Opnsense

Access by ssh (WinSCP for Windows: https://winscp.net/eng/download.php)

Open WinSCP:
Enter IP acces opnsense
Enter login/password opnsense

Search routes:

usr/local/etc/suricata/suricata.yaml
and
usr/local/opnsense/service/templates/opnsense/ids/suricata.yaml

Tuning Suricata ( IPS MODE ACTIVE ):
EDIT THE SAME PARAMETERS in the 2 files suricata.yaml
Search in suricata.yaml:

#max-pending-packets: 10000

detect-engine:
- profile: custom
- custom-values:
toclient-groups: 200
toserver-groups: 200
- sgh-mpm-context: auto
- inspection-recursion-limit: 3000

# Defrag settings:

defrag:
memcap: 1gb

flow:
memcap: 1gb
hash-size: 65536
prealloc: 10000
emergency-recovery: 30

# stream:
# memcap: 1gb
# prealloc-sessions: 2k # 2k sessions prealloc'd per stream

# reassembly:
# memcap: 2gb
# depth: 2mb
# chunk-prealloc: 5000
# segments:
# - size: 4
# prealloc: 1024

(repeat settings below with some changes):

stream:
memcap: 1gb
reassembly:
memcap: 2gb
depth: 2mb # reassemble 2mb into a stream

host:
hash-size: 4096
prealloc: 1000
memcap: 256mb

http:
enabled: yes
# memcap: 128mb

I repeat: the same parameters must be edited in the 2 suricata.yaml files mentioned at the beginning.

Save changes
Start Suricata

Adjustments tested in mini-pc:
Suricata active IPS Mode in LAN,WAN
Pattern matcher: Hyperscan
Promiscuous mode: Enabled
Rules: ET PRO TELEMETRY ( all rules active-drop )

Intel(R) Celeron(R) CPU J3160 @ 1.60GHz (4 cores)
Memory: 8 GB
OPNSENSE 20.1
Memory consumption opnsense with modified settings suricata: 20%
Internet connection: 50 MB

Optional: Advanced security options
In Suricata.yaml:

# Enable defrag per host settings
# host-config:
#
# - dmz:
# timeout: 30
# address: [192.168.1.0/24, 127.0.0.0/8, 1.1.1.0/24, 2.2.2.0/24, "1.1.1.1", "2.2.2.2", "::1"]
#
# - lan:
# timeout: 45
# address:
# - 192.168.0.0/24
# - 192.168.10.0/24
# - 172.16.14.0/24
# - Put here the range of local ip addresses of your system (Example: 192.168.50.1/24)

host-os-policy:
# Make the default policy windows.
windows: [0.0.0.0/0]
bsd: []
bsd-right: []
old-linux: []
linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]
old-solaris: []
solaris: ["::1"]
hpux10: []
hpux11: []
irix: []
macos: []
vista: []
windows2k3: []

Put here your local ips depending on the operating system. Examples:
Windows computer: windows: [0.0.0.0/0,192.168.50.16]
Nas ( Linux ): linux: [10.0.0.0/8, 192.168.50.18, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"]

VERY IMPORTANT: We have to make a copy of the 2 suricata.yaml files. This is because every time we update opnsense the configuration is lost. When we update opnsense we have to edit ( or copy the 2 suricata.yaml files edited and saved before and replace them with the suricata.yaml files that exist ) 2 suricata.yaml files again.

Intrusion Detection and Prevention / Aanval 9 Suricata

« on: July 10, 2019, 03:43:49 pm »

Hello. Is there any chance of integrating Aanval9 into opnsense?
https://www.tacticalflex.com/pages/aanval

Hola. ¿Hay alguna posibilidad de integrar Aanval9 en opnsense?

Pages: [1]