Topics

1

24.7 Production Series / Netflow V9 template

« on: November 27, 2024, 03:26:36 pm »

Actually I do not know what to look for, but can anyone inform me where I can get a copy of the template used in opnsense? I wish to use this with GoFlow2 to see if I am missing some field(s)

Tks

Aimee

2

23.1 Legacy Series / Preliminary report on UG 23.1

« on: January 29, 2023, 02:58:37 pm »

Backup system reolink nics
upgraded no issues (no further tests carried out)
VM no

Operational system intel nics,
nut ups ok after patch
usb gps ok
dns leak test on unbound dot ok
feeds to network & firewall monitoring ok
cold start advert blocking test passed with reservations (register, sky, ispreview appear ok, mailonline not ok)
cpu & temperature no discernible change
VM no


Showtime 

3

22.7 Legacy Series / Forcing unbound 853

« on: October 07, 2022, 09:36:35 am »

I use dns on 853, forwarding port 53 to port 853, blocking other dns servers.
Recently I added Home Assistant, which appears to use 1.1.1.1:853 or 1.0.0.1:853.
There are issue's with Home Assistant and altering its dns, it feels ever so lonely and checks the mothership every 10 minutes or so.

Incidentally, with the log on the rule (used for check internet usage) it when goes beserk, tops up the log,
and the syslog monitor system ramps up with loads of backlogs.

Is there a way to force it to use unbound, as the clone of the port 53 forward didn't seem to work.

4

22.7 Legacy Series / opnsense shutdown issue

« on: October 07, 2022, 09:26:59 am »

Power down router, power led off, interface leds on, router restart.
Power down switch first, Power down router, stays powered down.
Bios is American Megatrends, reseting bios has not fixed the issue.
WOL is not installed
UPS attached

Anybody had this 'feature'?

Versions   OPNsense 22.7.5-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022

5

Zenarmor (Sensei) / mongodb issue

« on: August 06, 2022, 03:08:43 pm »

/local/lib/php/20200930/mongodb.so.so (Cannot open "/usr/local/lib/php/20200930/mongodb.so.so")) in Unknown on line 0
[06-Aug-2022 08:25:45 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'mongodb.so' (tried: /usr/local/lib/php/20200930/mongodb.so (Cannot open "/usr/local/lib/php/20200930/mongodb.so"), /usr/local/lib/php/20200930/mongodb.so.so (Cannot open "/usr/local/lib/php/20200930/mongodb.so.so")) in Unknown on line 0

Getting these since upgrade to 22.7_4-amd64 05-Aug-2022.
Report has been raised and sent, also a post in the German section
https://forum.opnsense.org/index.php?topic=29717.msg143542#msg143542
appears to have a similiar issue.
Zenamor was removed a few weeks ago and not reinstalled.
Is mongodb used anywhere else?
All other processes are function correctly as far as I can tell.

6

22.1 Legacy Series / Problem with Audit

« on: April 05, 2022, 11:44:28 am »

Problem with audit

22.1.3 o firmware: improve the connectivity audit

I am on 22.1.4 and I am getting this, despite the fact I can ping from the LAN, and when logged into opnsense the address mirrors.dotsrc.org  and 130.225.254.116.

root@opnsense:~ # ping 130.225.254.116
PING 130.225.254.116 (130.225.254.116): 56 data bytes
64 bytes from 130.225.254.116: icmp_seq=0 ttl=52 time=47.218 ms

root@opnsense:~ # ping mirrors.dotsrc.org
PING mirrors.dotsrc.org (130.225.254.116): 56 data bytes
64 bytes from 130.225.254.116: icmp_seq=0 ttl=52 time=46.910 ms

Also I can access
Welcome to mirrors.dotsrc.org
In addition despite turning all ipv6 off (AFAIK) I see this

Checking connectivity for host: mirrors.dotsrc.org -> 2001:878:346::116

This issue appears to screw up the pligin list, for example all the installed plugins are orphaned, and
there are no uninstalled plugins in the list

Please can someone else check ( I have checked all rules from ICMP, nothing obvious)

Thanks

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.1.4_1 (amd64/OpenSSL) at Tue Apr  5 10:23:07 BST 2022
Checking connectivity for host: mirrors.dotsrc.org -> 130.225.254.116
PING 130.225.254.116 (130.225.254.116): 1500 data bytes

--- 130.225.254.116 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://mirrors.dotsrc.org/opnsense/FreeBSD:13:amd64/22.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 783 packages processed.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .. done
Processing entries: .... done
SunnyValley repository update completed. 32 packages processed.
All repositories are up to date.
Checking connectivity for host: mirrors.dotsrc.org -> 2001:878:346::116
ping6: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://mirrors.dotsrc.org/opnsense/FreeBSD:13:amd64/22.1
Updating OPNsense repository catalogue...
pkg: https://mirrors.dotsrc.org/opnsense/FreeBSD:13:amd64/22.1/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://mirrors.dotsrc.org/opnsense/FreeBSD:13:amd64/22.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/meta.txz: Non-recoverable resolver failure
repository SunnyValley has no meta file, using default settings
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository SunnyValley
Error updating repositories!
***DONE***

7

22.1 Legacy Series / Unbound does not restart after changing tls status

« on: March 11, 2022, 06:58:11 pm »

I enabled a dns over tls entry (which has worked, but was disabled to identify sputios lets encrypt messages) and applied, unbound then halted and had to be manually restarted.

Only log entry shows (all log options on)
2022-03-11T17:49:27   Informational   unbound   [88990:0] info: start of service (unbound 1.15.0).   
2022-03-11T17:49:27   Notice   unbound   daemonize unbound dhcpd watcher.   
2022-03-11T17:48:58   Informational   unbound   [88349:0] info: service stopped (unbound 1.15.0).

This will occur if I disable the entry, and apply

Versions   OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

8

22.1 Legacy Series / Audits post latest update

« on: March 02, 2022, 04:02:03 pm »

Health Audit
>>> Check for missing package dependencies
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
py37-pymongo has a missing dependency: python37
py37-pymongo has a missing dependency: py37-setuptools
py37-pymongo is missing a required shared library: libpython3.7m.so.1.0
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: ................................................................... done
***DONE***

Security Audit
vulnxml file up-to-date
cyrus-sasl-2.1.27_2 is vulnerable:
  cyrus-sasl -- Fix off by one error
  CVE: CVE-2019-19906
  WWW: https://vuxml.FreeBSD.org/freebsd/a80c6273-988c-11ec-83ac-080027415d17.html

1 problem(s) in 1 installed package(s) found.

9

22.1 Legacy Series / Issue with Suricata and interface

« on: January 31, 2022, 12:44:15 pm »

Started suricata in ids mode, interface em0 wan.

On the console (direct connection) got a lot of
arpresolver: cannot allocate llinfo for xxx.xxx.xxx.xxx on em0
link state went down then up twice before I disabled suricata.

Messages were not found in gui syslog, despite the syslog option enabled in suricata administration

NIC’s on the system are Intel.
Hardware options CRC/TSO/LRO are not disabled. (ie enabled)

10

22.1 Legacy Series / Unidentified call to Google

« on: January 31, 2022, 11:18:39 am »

I am getting these, every six minutes

2022-01-31T10:04:00   Notice   /update_tables.py   resolving 1 hostnames (1 addresses) for Google took 0.01 seconds

I disconnected the lan input and waited to see if opnsense was the source, and I do believe it is.

Can someone advise why this is occurring.
Only Google is in the log, no other entity has been seen.

Thanks

11

21.7 Legacy Series / opnsense, suricata & telegraf

« on: October 29, 2021, 12:44:23 pm »

I am attempting to setup this combination following the instructions here,
https://www.influxdata.com/blog/network-security-monitoring-with-suricata-and-telegraf/

I added
- eve-log:
    enabled: yes
    filetype: unix_stream
    filename: /tmp/suricata-stats.sock
    types:
      - stats:
         threads: yes

to /usr/local/etc/suricata/custom.yaml

%YAML 1.1
---
# empty stub for custom modifications, add custom persistent config below

Note the word persistent.
This file is overwritten on an upgrade.(and possibly on other events?)

Why is this, and event it was not overwitten, will a subsequent directive overwrite the previous directive in suricata.yaml?

For telegraf a file /usr/local/etc/telegraf.d/suricata.conf was created.

[[input.suricata]]
  ## Data sink for Suricata stats log.
  # This is expected to be a filename of a
  # unix socket to be created for listening.
  source = "/var/run/suricata-stats.sock"

  # Delimiter for flattening field keys, e.g. subitem "alert" of "detect"
  # becomes "detect_alert" when delimiter is "_".
  delimiter = "_"

Despite telegraf being updated, this file survived.

To access the files in telegraf.d, (the recommended approach I believe, and works perfectly in debian)
the configdir values is required, or the files in telegraf.d will be ignored.
Here is one on a debian system (which works)

/usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d

Here is the confdir variable in the telegraf service file

: ${telegraf_confdir:=""}

I am unsure if the configdir is passed as a ps -aux | grep telegraf results in

daemon: /usr/local/bin/telegraf[91692] (daemon)

I am unsure if this is the intended processing of suricata & telegraf, or its an oversite.

Prior to raising a bug/enhancement, I would appreciate the communities views.

Thanks

12

21.7 Legacy Series / Spot the discrepency

« on: October 09, 2021, 08:13:23 pm »

Dashboard shows

OPNsense 21.7.3_3-amd64
FreeBSD 12.1-RELEASE-p20-HBSD
OpenSSL 1.1.1l 24 Aug 2021


Firmware shows

21.7.3 (installed)
2021-09-22


Health Audit shows

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.7.3_3 (amd64/OpenSSL) at Sat Oct  9 19:06:24 BST 2021
>>> Check installed kernel version
Version 21.7.2 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.7.2 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .................................................................... done
***DONE***

Why the discrepancy in the kernel and base versions?

13

21.1 Legacy Series / Installation times

« on: February 06, 2021, 03:57:32 pm »

Two installations, one a VM for test purposes,  the other on a 16Gb Intel(R) Celeron(R) CPU 3955U @ 2.00GHz (2 cores) system (live)
Both systems used SSD's
Time approx 20-30 minutes.
No apparent issues

14

21.1 Legacy Series / TOR Request for enhancement

« on: February 01, 2021, 06:54:39 pm »

Request that fields to set entry/exit nodes be added to the TOR service page.
Modifying the torrc file is not persistent when the TOR gui is saved.
As an aside, if opnsense is going to adopt the policy of removing the ability to add extra parameters to a service via a free text panel, then to ensure opnsenses' obvious superiority over other products, a means to add important parameters via defined fields should be provided as an alternative.
Or to put it another way, don't dumb down the product!!

15

20.7 Legacy Series / Softflow Support

« on: January 12, 2021, 09:18:22 am »

For operational reasons I would like to install a softflow deamon on the opnsense server.
Is this possible.
If not has anybody any experience with converting netflow into softflow.
Thanks
Aimee

Update sorted.