Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - dave

Pages: [1] 2

General Discussion / WAN IP in loopback

« on: November 03, 2024, 11:30:32 pm »

Sorry if this is a stupid question, but i've noticed my WAN's external IP addr is included as a route in the loopback address... is that to be expected?

General Discussion / v.high wired memory

« on: May 09, 2023, 03:02:04 pm »

This expected memory usage with ZenArmor running? (APU2c4)

I can't really remember what is was prior to the issue with 1.13, but I don't remember it being this high.

Intrusion Detection and Prevention / CrowdSec bouncer

« on: May 01, 2023, 04:47:54 pm »

I've noticed having the Crowdsec IDS enabled results is a lot of CPU usage.

If I just enabled just the IPS bouncer, will the blocklist aliases still update?

I've also got ZenArmor running.

General Discussion / PPPoE; IPoE; low power multi-threaded devices

« on: March 19, 2023, 01:31:07 pm »

Been looking for a fibre provider who doesn't use PPPoE.

Toob (UK) said they use IPoE.

From what I've read this is not an encapsulated protocol, using DHCP options for auth.

Just wanted to checked if IPoE's an issue with BSD based routers, like the single threaded PPPoE daemon is?

Are there other issues that could impact performance or limit functionality?

General Discussion / 23.1 upnp

« on: February 01, 2023, 01:26:29 pm »

do you still have to set up hybrid NAT rules for UPNP to work properly?

Hardware and Performance / APU's and IOMMU

« on: October 27, 2022, 02:14:19 pm »

APU's have IOMMU support in the CoreBoot BIOS.

I know it's a virtualisation thing, but wondering if it's something you'd want enabled anyway for other purposes?

General Discussion / Syncthing incoming SPAT

« on: February 27, 2022, 02:19:48 pm »

ignore

Intrusion Detection and Prevention / LACP LAGG + Suricara

« on: September 21, 2021, 12:03:27 am »

If you've got a LAGG interface, would you run Suricata on the parent interfaces in promisc mode, or the LAGG in promisc mode?

General Discussion / Flow control on router or switch?

« on: September 19, 2021, 04:01:10 pm »

If my switch can handle flow control (disabled by default), would it be better to disable FC on OPNSense's parent LAN int's?

Suricata's running on the parent int's of a LAGG; got some VLANS...

Also, should I leave FC enabled on the WAN int?

21.7 Legacy Series / miniupnp fault

« on: August 25, 2021, 03:53:08 pm »

think something's up with the miniupnp daemon.
i have to restart the servive about once a day for windows to it up.
not sure what logs to look at, but if you point me in the right direction i'll see what i can see.

General Discussion / Hybrid Outbound NAT; static ports; upnp

« on: July 02, 2021, 07:53:14 pm »

Was hoping to get some clarification regarding a lazy config as I don’t fully understand the implications of it.

Currently for the game I’m using hybrid outbound NAT with two manual wan rules (one UDP, one TCP) specifying; required port ranges via alias; a specific host; static ports checked (os-upnp isn’t enabled). This gets me an “open” NAT type in the game.

The bit I don’t understand is, say I just full lazy and went with one manual rule on the wan, lots of any’s, and static ports checked, then enabled upnp with default deny disabled, does this mean all connections from any hosts applications would then use static ports, or only connections triggered via upnp?

Correct if I'm wrong, but it seams even with upnp enabled when using automatic outbound NAT, port randomisation still occurs, which makes me wonder why even bother with upnp if you’re not using hybrid outbound and static ports?

Hope that made sense...

General Discussion / DNS caches

« on: May 08, 2021, 04:05:58 pm »

Can someone explain where the best place to put a DNS cache is?

My dns goes:

AdGuard Home -> Unbound -> DNSCrypt-Proxy (all within OPNsense across localhost).

All three of these services have caching options.

I would have thought the best place would have been DNSCrypt, or is it worth having caches at each stage?

Or is it best at just Unbound since it can refresh the cache based on the ttl?

Intrusion Detection and Prevention / Suricata ET Open & Pro SSL mitm

« on: April 23, 2021, 07:44:18 am »

Just trying to understand this a little better. Which of the rulesets require ssl mitm decryption? I've noticed some of the rulesets are essentially IP based block lists, but others I'm guessing must require ssl mitm DPI to function?

20.1 Legacy Series / Redis failing to start

« on: July 14, 2020, 06:22:28 pm »

Installed the Ntopng plugin, then Redis, but Ntopng failed to start.
Thought a reboot might help and saw the following output via serial:

Code: [Select]

Starting ntopng.
14/Jul/2020 17:09:48 [Ntop.cpp:2240] Setting local networks to 127.0.0.0/8
14/Jul/2020 17:09:50 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:09:51 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 14]
14/Jul/2020 17:09:52 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:09:53 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 13]
14/Jul/2020 17:09:55 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:09:56 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 12]
14/Jul/2020 17:09:57 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:09:58 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 11]
14/Jul/2020 17:10:00 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:01 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 10]
14/Jul/2020 17:10:02 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:03 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 9]
14/Jul/2020 17:10:05 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:06 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 8]
14/Jul/2020 17:10:07 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:08 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 7]
14/Jul/2020 17:10:10 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:11 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 6]
14/Jul/2020 17:10:13 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:14 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 5]
14/Jul/2020 17:10:15 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:15 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 4]
14/Jul/2020 17:10:17 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:18 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 3]
14/Jul/2020 17:10:19 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:20 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 2]
14/Jul/2020 17:10:22 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:23 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 1]
14/Jul/2020 17:10:25 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:26 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 0]
14/Jul/2020 17:10:27 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:28 [Redis.cpp:148] ERROR: ntopng requires redis server to be up and running
14/Jul/2020 17:10:28 [Redis.cpp:149] ERROR: Please start it and try again or use -r
14/Jul/2020 17:10:28 [Redis.cpp:150] ERROR: to specify a redis server other than the default
/usr/local/etc/rc.d/ntopng: WARNING: failed to start ntopng

>>> Invoking start script 'ntopng'
Starting ntopng.
14/Jul/2020 17:10:32 [Ntop.cpp:2240] Setting local networks to 127.0.0.0/8
14/Jul/2020 17:10:34 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:35 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 14]
14/Jul/2020 17:10:36 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:37 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 13]
14/Jul/2020 17:10:39 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:40 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 12]
14/Jul/2020 17:10:41 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:42 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 11]
14/Jul/2020 17:10:44 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:45 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 10]
14/Jul/2020 17:10:46 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:47 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 9]
14/Jul/2020 17:10:49 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:50 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 8]
14/Jul/2020 17:10:51 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:52 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 7]
14/Jul/2020 17:10:54 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:55 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 6]
14/Jul/2020 17:10:56 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:10:58 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 5]
14/Jul/2020 17:10:59 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:00 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 4]
14/Jul/2020 17:11:02 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:03 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 3]
14/Jul/2020 17:11:04 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:05 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 2]
14/Jul/2020 17:11:07 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:08 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 1]
14/Jul/2020 17:11:09 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:10 [Redis.cpp:83] Redis has disconnected, reconnecting [remaining attempts: 0]
14/Jul/2020 17:11:12 [Redis.cpp:99] ERROR: Connection error [Operation timed out]
14/Jul/2020 17:11:13 [Redis.cpp:148] ERROR: ntopng requires redis server to be up and running
14/Jul/2020 17:11:13 [Redis.cpp:149] ERROR: Please start it and try again or use -r
14/Jul/2020 17:11:13 [Redis.cpp:150] ERROR: to specify a redis server other than the default
/usr/local/etc/rc.d/ntopng: WARNING: failed to start ntopng
>>> Error in start script 'ntopng'

Opnsense's dash did report Ntopng as running, but it's GUI was inaccessible.

Uninstalled; rebooted; reinstalled; same problem.

Intrusion Detection and Prevention / Maltrail doesn't log unless monitor interface set to nothing

« on: April 02, 2020, 08:44:32 am »

Think I may have found a bug in Maltrail.

Logging works fine so long as Monitor Interface is set to Nothing Selected.

Since I've got nothing listening on the WAN I specified internal interfaces only and everything stopped working.

If i manually specify all interfaces logging stops working; if I uncheck everything, Maltrail starts working again.

Two of my interfaces are vlans though, so would that mess things up? Should I just be selecting the parent interface for inspection?

Pages: [1] 2