"
Sorry if this is a stupid question, but i've noticed my WAN's external IP addr is included as a route in the loopback address... is that to be expected?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / v.high wired memory
May 09, 2023, 03:02:04 PM
This expected memory usage with ZenArmor running? (APU2c4)
I can't really remember what is was prior to the issue with 1.13, but I don't remember it being this high.
I can't really remember what is was prior to the issue with 1.13, but I don't remember it being this high.
#3
Intrusion Detection and Prevention / CrowdSec bouncer
May 01, 2023, 04:47:54 PM
I've noticed having the Crowdsec IDS enabled results is a lot of CPU usage.
If I just enabled just the IPS bouncer, will the blocklist aliases still update?
I've also got ZenArmor running.
If I just enabled just the IPS bouncer, will the blocklist aliases still update?
I've also got ZenArmor running.
#4
General Discussion / PPPoE; IPoE; low power multi-threaded devices
March 19, 2023, 01:31:07 PM
Been looking for a fibre provider who doesn't use PPPoE.
Toob (UK) said they use IPoE.
From what I've read this is not an encapsulated protocol, using DHCP options for auth.
Just wanted to checked if IPoE's an issue with BSD based routers, like the single threaded PPPoE daemon is?
Are there other issues that could impact performance or limit functionality?
Toob (UK) said they use IPoE.
From what I've read this is not an encapsulated protocol, using DHCP options for auth.
Just wanted to checked if IPoE's an issue with BSD based routers, like the single threaded PPPoE daemon is?
Are there other issues that could impact performance or limit functionality?
#5
General Discussion / 23.1 upnp
February 01, 2023, 01:26:29 PM
do you still have to set up hybrid NAT rules for UPNP to work properly?
#6
Hardware and Performance / APU's and IOMMU
October 27, 2022, 02:14:19 PM
APU's have IOMMU support in the CoreBoot BIOS.
I know it's a virtualisation thing, but wondering if it's something you'd want enabled anyway for other purposes?
I know it's a virtualisation thing, but wondering if it's something you'd want enabled anyway for other purposes?
#8
Intrusion Detection and Prevention / LACP LAGG + Suricara
September 21, 2021, 12:03:27 AM
If you've got a LAGG interface, would you run Suricata on the parent interfaces in promisc mode, or the LAGG in promisc mode?
#9
General Discussion / Flow control on router or switch?
September 19, 2021, 04:01:10 PM
If my switch can handle flow control (disabled by default), would it be better to disable FC on OPNSense's parent LAN int's?
Suricata's running on the parent int's of a LAGG; got some VLANS...
Also, should I leave FC enabled on the WAN int?
Suricata's running on the parent int's of a LAGG; got some VLANS...
Also, should I leave FC enabled on the WAN int?
#10
21.7 Legacy Series / miniupnp fault
August 25, 2021, 03:53:08 PM
think something's up with the miniupnp daemon.
i have to restart the servive about once a day for windows to it up.
not sure what logs to look at, but if you point me in the right direction i'll see what i can see.
i have to restart the servive about once a day for windows to it up.
not sure what logs to look at, but if you point me in the right direction i'll see what i can see.
#11
General Discussion / Hybrid Outbound NAT; static ports; upnp
July 02, 2021, 07:53:14 PM
Was hoping to get some clarification regarding a lazy config as I don't fully understand the implications of it.
Currently for the game I'm using hybrid outbound NAT with two manual wan rules (one UDP, one TCP) specifying; required port ranges via alias; a specific host; static ports checked (os-upnp isn't enabled). This gets me an "open" NAT type in the game.
The bit I don't understand is, say I just full lazy and went with one manual rule on the wan, lots of any's, and static ports checked, then enabled upnp with default deny disabled, does this mean all connections from any hosts applications would then use static ports, or only connections triggered via upnp?
Correct if I'm wrong, but it seams even with upnp enabled when using automatic outbound NAT, port randomisation still occurs, which makes me wonder why even bother with upnp if you're not using hybrid outbound and static ports?
Hope that made sense...
Currently for the game I'm using hybrid outbound NAT with two manual wan rules (one UDP, one TCP) specifying; required port ranges via alias; a specific host; static ports checked (os-upnp isn't enabled). This gets me an "open" NAT type in the game.
The bit I don't understand is, say I just full lazy and went with one manual rule on the wan, lots of any's, and static ports checked, then enabled upnp with default deny disabled, does this mean all connections from any hosts applications would then use static ports, or only connections triggered via upnp?
Correct if I'm wrong, but it seams even with upnp enabled when using automatic outbound NAT, port randomisation still occurs, which makes me wonder why even bother with upnp if you're not using hybrid outbound and static ports?
Hope that made sense...
#12
General Discussion / DNS caches
May 08, 2021, 04:05:58 PM
Can someone explain where the best place to put a DNS cache is?
My dns goes:
AdGuard Home -> Unbound -> DNSCrypt-Proxy (all within OPNsense across localhost).
All three of these services have caching options.
I would have thought the best place would have been DNSCrypt, or is it worth having caches at each stage?
Or is it best at just Unbound since it can refresh the cache based on the ttl?
My dns goes:
AdGuard Home -> Unbound -> DNSCrypt-Proxy (all within OPNsense across localhost).
All three of these services have caching options.
I would have thought the best place would have been DNSCrypt, or is it worth having caches at each stage?
Or is it best at just Unbound since it can refresh the cache based on the ttl?
#13
Intrusion Detection and Prevention / Suricata ET Open & Pro SSL mitm
April 23, 2021, 07:44:18 AM
Just trying to understand this a little better. Which of the rulesets require ssl mitm decryption? I've noticed some of the rulesets are essentially IP based block lists, but others I'm guessing must require ssl mitm DPI to function?
#14
20.1 Legacy Series / Redis failing to start
July 14, 2020, 06:22:28 PM
Installed the Ntopng plugin, then Redis, but Ntopng failed to start.
Thought a reboot might help and saw the following output via serial:
Opnsense's dash did report Ntopng as running, but it's GUI was inaccessible.
Uninstalled; rebooted; reinstalled; same problem.
Thought a reboot might help and saw the following output via serial:
Code Select
Starting ntopng.
14/Jul/2020 17:09:48 [Ntop.cpp:2240] Setting local networks to 127.0.0.0/8
14/Jul/2020 17:09:50 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:09:51 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 14]
14/Jul/2020 17:09:52 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:09:53 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 13]
14/Jul/2020 17:09:55 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:09:56 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 12]
14/Jul/2020 17:09:57 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:09:58 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 11]
14/Jul/2020 17:10:00 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:01 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 10]
14/Jul/2020 17:10:02 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:03 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 9]
14/Jul/2020 17:10:05 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:06 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 8]
14/Jul/2020 17:10:07 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:08 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 7]
14/Jul/2020 17:10:10 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:11 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 6]
14/Jul/2020 17:10:13 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:14 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 5]
14/Jul/2020 17:10:15 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:15 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 4]
14/Jul/2020 17:10:17 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:18 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 3]
14/Jul/2020 17:10:19 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:20 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 2]
14/Jul/2020 17:10:22 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:23 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 1]
14/Jul/2020 17:10:25 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:26 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 0]
14/Jul/2020 17:10:27 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:28 [Redis.cpp:148] ERROR: ntopng requires redis server to be up and running
14/Jul/2020 17:10:28 [Redis.cpp:149] ERROR: Please start it and try again or use -r
14/Jul/2020 17:10:28 [Redis.cpp:150] ERROR: to specify a redis server other than the default
/usr/local/etc/rc.d/ntopng: WARNING: failed to start ntopng
>>> Invoking start script 'ntopng'
Starting ntopng.
14/Jul/2020 17:10:32 [Ntop.cpp:2240] Setting local networks to 127.0.0.0/8
14/Jul/2020 17:10:34 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:35 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 14]
14/Jul/2020 17:10:36 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:37 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 13]
14/Jul/2020 17:10:39 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:40 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 12]
14/Jul/2020 17:10:41 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:42 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 11]
14/Jul/2020 17:10:44 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:45 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 10]
14/Jul/2020 17:10:46 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:47 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 9]
14/Jul/2020 17:10:49 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:50 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 8]
14/Jul/2020 17:10:51 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:52 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 7]
14/Jul/2020 17:10:54 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:55 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 6]
14/Jul/2020 17:10:56 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:58 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 5]
14/Jul/2020 17:10:59 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:00 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 4]
14/Jul/2020 17:11:02 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:03 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 3]
14/Jul/2020 17:11:04 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:05 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 2]
14/Jul/2020 17:11:07 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:08 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 1]
14/Jul/2020 17:11:09 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:10 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 0]
14/Jul/2020 17:11:12 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:13 [Redis.cpp:148] ERROR: ntopng requires redis server to be up and running
14/Jul/2020 17:11:13 [Redis.cpp:149] ERROR: Please start it and try again or use -r
14/Jul/2020 17:11:13 [Redis.cpp:150] ERROR: to specify a redis server other than the default
/usr/local/etc/rc.d/ntopng: WARNING: failed to start ntopng
>>> Error in start script 'ntopng'Opnsense's dash did report Ntopng as running, but it's GUI was inaccessible.
Uninstalled; rebooted; reinstalled; same problem.
#15
Intrusion Detection and Prevention / Maltrail doesn't log unless monitor interface set to nothing
April 02, 2020, 08:44:32 AM
Think I may have found a bug in Maltrail.
Logging works fine so long as Monitor Interface is set to Nothing Selected.
Since I've got nothing listening on the WAN I specified internal interfaces only and everything stopped working.
If i manually specify all interfaces logging stops working; if I uncheck everything, Maltrail starts working again.
Two of my interfaces are vlans though, so would that mess things up? Should I just be selecting the parent interface for inspection?
Logging works fine so long as Monitor Interface is set to Nothing Selected.
Since I've got nothing listening on the WAN I specified internal interfaces only and everything stopped working.
If i manually specify all interfaces logging stops working; if I uncheck everything, Maltrail starts working again.
Two of my interfaces are vlans though, so would that mess things up? Should I just be selecting the parent interface for inspection?
#16
Intrusion Detection and Prevention / Suricata results
February 13, 2020, 04:07:48 PM
I'm seeing results that make me wonder to what extent Suricata is really opperating.
I have PPPoE WAN, so I'm running Suricata on the LAN and WLAN:
First I tried adding FB's SHA1 fingerprint to a custom rule:
Then, using Edge, browsed to FB and it loaded without aleting; changing from alert to drop didn't help.
I did clear Edge's caches beforehand, just to make sure.
I then took a closer look at OPNsense-App-detect/media-streaming which, afaict, is a DNS filter.
I downloaded and enabled to block, restarted both OPNsense and Pi-Hole DNS services to clear their caches, then cleared Edge's caches, and was still able to browse to Netflix and YouTube.
I then enabled to block OPNsense-App-detect/test and tried downloading the Eicar test:
So that worked, but over port 80.
Do I really need to enable full MiTM SSL inspection? I believed some of these rules worked fine without this as they inspected packet headers, or SSL fingerprints, or matched traffic against an IP or DNS blacklist?
Anyone able to shed some light on this, so I better understand how this product works?
Many thanks.
I have PPPoE WAN, so I'm running Suricata on the LAN and WLAN:
First I tried adding FB's SHA1 fingerprint to a custom rule:
Then, using Edge, browsed to FB and it loaded without aleting; changing from alert to drop didn't help.
I did clear Edge's caches beforehand, just to make sure.
I then took a closer look at OPNsense-App-detect/media-streaming which, afaict, is a DNS filter.
I downloaded and enabled to block, restarted both OPNsense and Pi-Hole DNS services to clear their caches, then cleared Edge's caches, and was still able to browse to Netflix and YouTube.
I then enabled to block OPNsense-App-detect/test and tried downloading the Eicar test:
So that worked, but over port 80.
Do I really need to enable full MiTM SSL inspection? I believed some of these rules worked fine without this as they inspected packet headers, or SSL fingerprints, or matched traffic against an IP or DNS blacklist?
Anyone able to shed some light on this, so I better understand how this product works?
Many thanks.
#17
General Discussion / Strange address within LAN netflow data
February 13, 2020, 03:07:34 PM
Hey,
Is it odd that I'm seeing this 93.* IP address in the neflow data of my LAN?
Is it odd that I'm seeing this 93.* IP address in the neflow data of my LAN?
#18
General Discussion / Sensei on APUs
February 02, 2020, 05:49:21 AM
Hello,
Has anyone installed Sensei on a PC Engines APU?
How was the performance?
Thanks.
Has anyone installed Sensei on a PC Engines APU?
How was the performance?
Thanks.
#19
19.7 Legacy Series / constant ~50% cpu usage according to 'sysctl dev.cpu.*'
September 05, 2019, 10:09:08 PM
Just noticed this, wondered if anone could help explain it.
'sysctl dev.cpu.*' pretty much always displays the following values:
dev.cpu.0.cx_usage: 59.95% 40.04% last 20173us
dev.cpu.1.cx_usage: 100.00% last 26422us
dev.cpu.2.cx_usage: 100.00% last 44450us
dev.cpu.3.cx_usage: 100.00% last 18583us
Yet 'top' shows nowhere near this kind of usage:
And neither does the GUI:
I'm running OPNsense 19.7.3-amd64 on an APU2C4 with BIOS v4.10.0.0
'sysctl dev.cpu.*' pretty much always displays the following values:
dev.cpu.0.cx_usage: 59.95% 40.04% last 20173us
dev.cpu.1.cx_usage: 100.00% last 26422us
dev.cpu.2.cx_usage: 100.00% last 44450us
dev.cpu.3.cx_usage: 100.00% last 18583us
Yet 'top' shows nowhere near this kind of usage:
And neither does the GUI:
I'm running OPNsense 19.7.3-amd64 on an APU2C4 with BIOS v4.10.0.0
#20
General Discussion / Corrupt cap files
August 20, 2019, 07:40:16 PM
Hi,
Whenever I leave an interface capture running for any amount of time, Wireshark reports the following when I open the file:
"The capture file appears to be damaged or corrupt.
(pcap: File has 992550946-byte packet, bigger than maximum of 262144)"
Is this because I'm leaving the capture running for a long time, or something else?
Looking around Google a lot of people mention it could be to do with the transfer method, but I just downloaded the file via the GUI.
Thanks.
Whenever I leave an interface capture running for any amount of time, Wireshark reports the following when I open the file:
"The capture file appears to be damaged or corrupt.
(pcap: File has 992550946-byte packet, bigger than maximum of 262144)"
Is this because I'm leaving the capture running for a long time, or something else?
Looking around Google a lot of people mention it could be to do with the transfer method, but I just downloaded the file via the GUI.
Thanks.
Pages1
