Topics

1

22.7 Legacy Series / Using API on api/haproxy/settings/addAcl ==> "result": "failed"

« on: August 16, 2022, 02:10:50 am »

Hello,

I work a day to find a way to POST a new ACL via the API of HAProxy.

Can anyone can help me to know the exact format of JSON I have to create ?

I am using C#. There is my code :

Code: [Select]

                var url = this.haproxy.Client.BaseUrl + this.haproxy.BaseUrl + this.baseUrl + "/addAcl";

                var acl = new
                {
                    acl = new
                    {
                        name = name,
                        expression = "hdr_sub",
                        hdr_sub = name,
                        negate = "0"
                    }
                };


                var serializerSettings = new JsonSerializerSettings();
                serializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
                var json = JsonConvert.SerializeObject(acl, serializerSettings);

                var response = await this.haproxy.Client.httpClient.PostAsJsonAsync(url, json, cancellationToken);
I tried a lot of format, but I always got "result": "failed" from OpnSense.

Thank you for your help !

2

Intrusion Detection and Prevention / [100250] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - StateQueue behaving

« on: February 22, 2022, 03:23:58 pm »

Hi,

I have made a Factory Reset and restore my config backup.

After that, I obtain this error. So Suricata stop working

[100250] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - StateQueue behaving weirdly. Fatal Error. Exiting. Please file a bug report on this

Can anyone can help me ?

Thank you !

3

21.7 Legacy Series / Lost Communication Randomly with 21.7.7

« on: December 24, 2021, 01:38:14 am »

Hi,

My config has 3 ports :

WAN
LAN
DMZ

The LAN is configured to use IPv4 and this port is connected to Asus RT-AC68U. The Asus is also configured to use IPv4, not v6.

Since I updated to 21.7.7, I don't understand why because I have no log about that, my LAN stop communicates. But the system still responding from outside. I have a website on DMZ and it is responding. So it is just my LAN port that randomly stop communicates.

If I physically disconnect and reconnect the cable behind Asus, the communication start working again until next down. This morning I must did that 3 times.

Tonight I got another down, I try another test. I went to the OpnSense directly and by the menu I restart all services and the communication start working again.

I conclude that it is not a physical problem because before 21.7.7, I don't have this problem, and by restarting all services it is working again.

May be I missing something about a configuration that I have to make with 21.7.7 ?

Thank you for your help !

4

French - Français / Perte d'Internet lors d'attaque ddos sur gre protocole

« on: October 02, 2021, 09:36:12 pm »

Bonjour,

Depuis je dirais un mois, c'est la troisième ou quatrième fois que je perd Internet. En vérifiant Live View dans OpnSense, j'ai constaté que cela est dû à des attaques sur le protocole gre.

Voici un exemple de paquet :

   filterlog[12410]   9,,,02f4bab031b57d1e30553ce08e0ec131,em0,match,block,in,4,0x0,,51,3832,0,DF,47,gre,1402,99.147.221.58,?.?.?.?,datalength=1382

J'ai caché mon adresse externe par souci de sécurité (?.?.?.?). Il y a plus de 70 paquets/seconde.

L'attaque persiste jusqu'à ce que je redémarre mon modem Internet, sans redémarrer OpnSense. Après le redémarrage tout redevient normal.

Je ne suis pas un spécialiste de sécurité ni de réseautique.

Est-ce que quelqu'un peut m'expliquer ce qu'est le protocole "gre" ?

Est-il possible de se protéger contre ce genre d'attaque ?

5

Hardware and Performance / Router Mode = 135Mbps, Access point Mode = 10Mbps : WHY ?

« on: December 22, 2020, 04:46:31 am »

Hi,

Last weekend I mounted my first OpnSense installation on a Lenovo computer 4 cores, 8Gb RAM, 120Gb SSD. I installed PCIE 4 RJ45 ports on this computer.

My setup is Internet => OpnSense => LAN => Asus RT-AC68U.
                                                   => DMZ => Lenovo (Web Server)

I configured WAN, LAN, DMZ. WAN is on the onboard network interface. Lan is on the first interface of PCIE and DMZ on another interface of the PCIE.

When I put Asus to Router Mode, I got 135Mbps. Why when I put it to Access Point Mode, the connexion drop to 10-15Mbps ?

If I put again to Router Mode, the connexion come back to 135Mbps.

I got the same result with Netgear R7000.

Your help will be appreciated.

Thank you !!