Messages

1

24.7 Production Series / Traffic source on S2S VPN tunnel

« on: August 21, 2024, 02:50:08 pm »

hey

I see some packets are being blocked coming from a S2S wireguard tunnel to the OPNSENSE. On the other side (also OPNSENSE) I don's see any device that is talking on that port.

Does anybody have an idea how to investigate that?

Topology is:
OPNSENSE1 <---S2S WG-->OPNSENSE2

thx

2

General Discussion / Static Routing vs Firewall based

« on: May 31, 2024, 02:11:29 pm »

Hi

is there a general difference in using static routes configuration vs configuring routes using FW rules and pointing them to the right gateway?

I did some tests and both works, I see more flexibility in using FW rules. Would like to ask if there is a general case when static routes should be used?

thx

3

Intrusion Detection and Prevention / Re: Suricata stopped working after updating to 22.10 BE

« on: November 01, 2022, 07:37:15 am »

figured out it was an issue within the zenarmor installation. I was not able to save any change without a error message about the configuration.
In the end I had to reset the config and re-install zenarmor to get it back to work.

4

Intrusion Detection and Prevention / [resolved] Suricata stopped working after updating to 22.10 BE

« on: October 31, 2022, 11:44:41 am »

Hi

the service stopped working after updating to 22.10 business edition. This is what I can see in the logs, tried to activate on different interfaces, all the same issue.
Any ideas?

Code: [Select]

2022-10-31T11:39:31 Error suricata [107141] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:ix0/R failed: Cannot allocate memory
2022-10-31T11:39:02 Error suricata [107014] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:38:35 Error suricata [106896] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:38:08 Error suricata [106796] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:12:50 Error suricata [101682] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb6^ failed: Cannot allocate memory
2022-10-31T11:10:00 Error suricata [100664] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb6^ failed: Cannot allocate memory
greY

5

Zenarmor (Sensei) / Re: Adding trunk interface breaks vlan routing

« on: October 24, 2022, 11:13:14 am »

Hi @mb
yes I'm referring to th OPNsense Business Edition.

Versions   
OPNsense 22.4.3_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1q 5 Jul 2022

Zenarmor
Engine Version:   1.11.5
UI Version: 22.9.22
Database Version: 1.11.22092202

6

Zenarmor (Sensei) / Re: Adding trunk interface breaks vlan routing

« on: October 23, 2022, 12:45:40 am »

yes, forgot to mention that. The bypass mode has no impact, only removing the interface enables the vlan routing again. This box is a Hyper-V guest.

I also tested the behavior on a business edition hardware box which seems not to have this issue.

7

Zenarmor (Sensei) / Adding trunk interface breaks vlan routing

« on: October 22, 2022, 08:41:53 pm »

Hi,
looks like adding the trunk interface to the protected interfaces breaks the routing between VLANs.
Can anybody confirm?

Adding single VLANs seems to be OK, but then not able to protect the LAN...

Deployment mode: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver
Engine Version: 1.11.5 View Release Notes Version History
UI Version: 22.9.22
Database Version: 1.11.22092202
OPNsense 22.7.6-amd64

HW offload is default/disabled


greY

8

22.7 Legacy Series / Activation issue

« on: October 14, 2022, 12:26:25 pm »

Hi
trying to activate business edition from the community edition (22.7.5).
Seems it has an issue getting the right packages

I attached a few screenshots of the configuration, any ideas how to fix it?
Would like to avoid a fresh install of BE if possible.

greY

9

Zenarmor (Sensei) / Re: VLAN DHCP not working

« on: March 13, 2021, 11:35:12 am »

Sensei is running as "Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver", bypass mode is not active (see attached)

My OPNsense is runing as a Hyper-V guest.

But driver issue makes sense to me. I have one another box running on dedicated hardware with a quite similar configuration regarding VLANs, without issues.

10

Zenarmor (Sensei) / VLAN DHCP not working

« on: March 12, 2021, 09:58:35 pm »

Hi

my setup is:
- LAN with 3 VLANS (10, 11 and 1010)
- DHCP relay, forwarding do an MS DHCP service
- Sensei 1.8

If sensei is configured for the parent LAN interface, all VLANs will not get IPs over DHCP. If sensei is configured for all VLANS (but LAN), DHCP for all interfaces is working as expected.

Does anybody have an idea what is going on there?

br
greY

11

General Discussion / Re: Firewall Rule

« on: February 16, 2021, 09:31:58 am »

makes sense, thank you

setting firewall to "conservative" fixed it

12

General Discussion / Firewall Rule

« on: February 15, 2021, 10:36:23 pm »

Hi

hope, somebody can help to understand or to fix a FW rule issue between LAN and a VLAN.
I have a screenshot attached, with a blocked packet due to a "default deny rule".
At the same time there is a "Default allow LAN to any rule" ... 

Any ideas what's the issue could be? I'm on OPNsense 21.1.1-amd64

thx
greY

13

General Discussion / Re: Rondom WAN drop out

« on: November 26, 2020, 11:29:32 am »

experiencing possibly the same issue with 20.7.5
...mostly during MS Teams sessions.

14

20.7 Legacy Series / Re: OpnSense fails

« on: November 21, 2020, 08:43:39 pm »

had a similar issue here. Problem was a hardware defect on the used ethernet nic.

15

19.1 Legacy Series / Re: Kernel panic after upgrade

« on: March 08, 2019, 06:44:15 pm »

Here's an ISO snapshot based on the following commit: https://github.com/opnsense/src/commit/060d54597

https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/OPNsense-201903080927-OpenSSL-dvd-amd64.iso.bz2

All feedback is welcome. Other types of images can be requested if needed. The image is for testing, we don't recommend production use just yet.


Thank you,
Franco

thx Franco
successfully booted on Hyper-V 9.0 (MS Server 2019) !