Topics

1

Virtual private networks / OPNsensePIAWireguard Script Safe?

« on: June 24, 2021, 04:29:35 pm »

Curious if anyone has implemented the following:

https://github.com/FingerlessGlov3s/OPNsensePIAWireguard

I wanted to make sure that it is safe and nothing to be concerned with. I have implemented in OPNSENSE and no issues, looked at script (looks fine to me) however, given my limited knowledge thought I would aske here for feedbck.

Thanks

2

Intrusion Detection and Prevention / Snort Rule Set and Rules

« on: September 08, 2020, 02:26:49 am »

Question about rule-sets and rules, if you disable all rule-sets under Download Tab in Intrusion and Detection shouldn't that disable all the rules associated w/ that rule-set under rules and vice-versa (enable rulesets will enable all rules)?

I disabled all the snort rule-sets and I assumed that would disable all the rules, but I still see the rules as enabled and receiving alerts.

I was able to disable the snort rulesets and rules, now the rules tab is clear. I went back and enabled 3 snort rule-sets, enabled and downloaded rules however, no rules are showing under the rules tab even though I have 3 rule-sets enabled and installed. Having a challenge understanding the logic.

Thanks

3

20.7 Legacy Series / VLAN Help (Solved)

« on: September 05, 2020, 11:00:57 pm »

I setup VLAN20 and assinged to my LAN interface, enabled, created DHCP scope, and created firewall rules under the VLAN20 interface named IOT.

The clients get a DHCP address in the correct network, 192.168.20.0/24,but I can't access the other VLAN or the internet. Looking at the firewall logs I see the following:
 
2020-09-05T15:51:57   filterlog[78388]   6,,,0,em1_vlan20,match,block,in,4,0x0,,128,20785,0,none,17,udp,64,192.168.20.100,192.168.20.1,65037,53,44

Here is the firewall rule I created just to test:

IPv4 *   IOT net   *   *   *   *   *

 
What am I missing?

Thanks

4

20.7 Legacy Series / GeoIP Rules Question

« on: August 09, 2020, 03:26:54 pm »

Would the following rules be sufficient for GeoIP?

5

20.1 Legacy Series / Losing Public WAN IP

« on: May 17, 2020, 10:02:29 pm »

For some odd reason my WAN interface, which is set for DHCP (IPv4) and IPv6 set to none will lose it's public IP and I have to restart the interface in order to obtain an public IP and of course when that occurs I lose internet connectivity.

Also, I have noticed that the WAN interface will assign itself an IP of 192.168.100.1, which is getting from my cable modem (Xfinity/comcast).

I have looked in the logs and all I see are the DHCP logs for the WAN interface. I recently moved from untangle to opnsense and never had this issue before.

TIA

6

General Discussion / WAN slowness and Sensei

« on: May 17, 2020, 03:43:17 pm »

My setup consists of the following:

  OPNsense 20.1.6
  Corei i5 @2.5 4 cores
    Average Load: .39 .48 .54
  32GB RAM
    ~10% Utilization
  WAN 600Mb connection
  LAN 1Gb to Unifi USW POE switch
  Sensei 1.5 Premium Edition

Sensei Config:
  Default Policy
    Security tab all checked.
    App Control 3 blocked (Ad Tracker, ADs, and Games)
    Web Controls (Ad Tracker, Adults, Advertisements, Dating, Games, Hate, Illegal Drugs, Pornography, and Warez Sites)

The issue is my speeds will drop to sub 100Mb until I restart Sensei Packet Service, once I restart Sensei my speeds are up ~650 Mb for a day or so and will eventually decrease to 100Mb.

When I restart Sensei Packet Service I assume the interfaces are bounced as well and could this be another issue w/ OPNsense I am not aware of. I assume my hardware is capable?

Any suggestions?

TIA



 

7

Intrusion Detection and Prevention / IDS OPNsense VM

« on: October 07, 2019, 03:23:04 am »

Before I troubleshoot my potential issues (no alerts), is my issue that I have OPNsense running in a  VM?

I have enabled several rules( trojans, malware, and icmp) and generated traffic, but noting is showing under the alerts tab.

OPNsense: 19.7.4_1-amd64
VM Environment: XCP-ng 8.0.1
 

8

19.7 Legacy Series / Install Assistance

« on: September 28, 2019, 04:11:40 am »

NM, I read the documentation and good to go.....

I downloaded and installed the iso and configured OPNsense successfully in a VM however, I have the following message from the console:

You are currently running in LiveCD mode. A reboot will reset the configuration. SSH remote login is enabled for the users "root" and "installer" using the same password.

So my question and I may be having a senior moment, how do you go about installing OPNsense in a virtual environment avoiding the above message and issue?