Messages

1

19.1 Production Series / Re: Create report from LOG

« on: February 15, 2019, 12:41:04 am »

Thank you Franco, Splunk is powerful but it isn't what I'm lookin for.
I'm searching for something simple like LogMX.
1. I export LOG from the last 30 days in CSV format from Reporting - Insight - Export - FlowSourceAddrDetails
2. I import them in a simple software
3. the software resolve the hostname of the public IP

Any other idea?

2

19.1 Production Series / Create report from LOG

« on: February 11, 2019, 08:11:16 am »

Hello, I need to create a report or an audit from the LOG files of the last month in OPNsense.
What software I can use? What files I must export?

3

Development and Code Review / Re: Sensei on OPNsense - Application based filtering

« on: November 23, 2018, 11:57:10 am »

Good morning, will Sensei one day consume less resources in terms of RAM and CPU?
For example an Atom CPU or a Celeron with 4GB or 8GB of ram?

4

18.7 Legacy Series / Outbound NAT rules not instantly applied

« on: November 22, 2018, 12:04:05 pm »

Hello, I've found on different OPNsense firmware version that NAT rules are not applied until I reboot OPNsense.
Outbound NAT is in Manual outbound NAT rule generation (no automatic rules are being generated).
It's there a way to reload Outbound NAT without reboot?

5

Development and Code Review / Very interesting reading about some test on FreeBSD

« on: November 21, 2018, 11:40:55 pm »

I share an interesting reading about some test between FreeBSD and Linux:
https://medium.com/@matteocroce/linux-and-freebsd-networking-cbadcdb15ddd?fbclid=IwAR1Z5WOODJWTey3eEQZEtHGUP7uQTczcwLAT4qyLOa2Dlm_yBj-80mTwahM

Here the reply of a FreeBSD developer
https://twitter.com/ocochardlabbe/status/1063347386393743361

And here is the paper he wrote:
https://people.freebsd.org/~olivier/talks/2018_AsiaBSDCon_Tuning_FreeBSD_for_routing_and_firewalling-Paper.pdf

Have a nice read

6

18.7 Legacy Series / Help creating weekly report

« on: November 21, 2018, 11:29:10 pm »

Hello, I need help or suggestion with creation of OPNsense report.
The first report that I need is weekly report of Social Network usage:
- global;
- per source MAC address or source IP;
- can I specify what Social Network? For example Facebook?

The second report is daily with bandwith usage:
- global;
- per source MAC address or source IP;

In both report can I resolve destination IP to display the FQDN of destination?
Thank you

7

18.7 Legacy Series / IDS IPS with Suricata and OPNsense in Transparent Mode

« on: August 22, 2018, 05:30:00 pm »

Hello, I'm trying to make working Suricata with OPNsense in Transparent Bridged mode.
According to this page:
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
I must setup (Suricata) Interface on WAN or BRIDGE or LAN?
What about (Suricata) Home Networks: blank (any) or the broadcast address of the transparent network?

I need to know how it's configured to work, for example: if I set only WAN as interfaces
A packet arrives from WAN, pass through Suricata and then it goes to BRIDGE?
PACKET --> WAN --> SURICATA --> BRIDGE --> LAN
or
PACKET --> SURICATA --> WAN --> BRIDGE --> LAN

Can I suggest to insert this settings of Suricata on OPNsense Web Configuration Page?
https://github.com/StamusNetworks/SELKS/wiki/Initial-Setup---Suricata-IPS
interface: WAN
threads: 4 # or a number that is below half the number of cores available
defrag: yes
cluster-type: cluster_flow
cluster-id: 98
copy-mode: ips
copy-iface: LAN
tpacket-v3: no
ring-size: 2048
use-mmap: yes

interface: LAN
threads: 4 # or a number that is below half the number of cores available
defrag: yes
cluster-type: cluster_flow
cluster-id: 98
copy-mode: ips
copy-iface: WAN
tpacket-v3: no
ring-size: 2048
use-mmap: yes

With the availability of this settings, I can make a transparent firewall with 3 interfaces:
em0 Management of OPNsense with IP
em1 WAN without IP
em2 LAN without IP
in this mode I don't need to create a bridge and all traffic is copied from "copy-iface:" option in Suricata (transparent).
The rule can be written on WAN or LAN indifferently.

Thank you for any precious help

8

18.1 Legacy Series / [SOLVED] Re: Problem with VIP CARP MASTER redundancy

« on: April 27, 2018, 04:10:38 pm »

The problem was the switch installed on WAN
Extreme Network X430
https://www.extremenetworks.com/product/x430-series/

Changed with another and the problem was gone, I think is IGMP Snooping problem like this post
https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#Switch.2FLayer_2_Issues

9

18.1 Legacy Series / Re: Problem with VIP CARP MASTER redundancy

« on: March 29, 2018, 06:17:07 pm »

The other problem is that the connection speed slow down because both want to be the master.
Problem with OpenVPN, both reply on WAN.
If you shutdown, for example, the backup firewall, the connection speed drastically increase.

10

18.1 Legacy Series / Re: Problem with VIP CARP MASTER redundancy

« on: March 28, 2018, 01:19:04 pm »

No, two identical hardware with OPNsense installed bare metal

11

18.1 Legacy Series / OPNsense with WAN multi IPs

« on: March 27, 2018, 09:11:32 am »

Hello, I have setup an OPNsense with one WAN public IP and four Virtual Public IPs Alias.
How I can setup OPNsense to not surf on internet with the four Virtual IP Alias, but only the WAN IP?
Every client continue to change Public IP on which it surf internet.
Thank you

12

18.1 Legacy Series / Re: Problem with VIP CARP MASTER redundancy

« on: March 27, 2018, 09:07:36 am »

Anyone can help me?

13

18.1 Legacy Series / [SOLVED] Problem with VIP CARP MASTER redundancy

« on: March 13, 2018, 03:24:27 pm »

Hello, I have two firewall with CARP VIP configured like the attached images.
On fw1 all IP are Master.
On fw2 3 IPs remain Master this 3 IPs simultaneously and I don't understand why?
If on fw1 I enter in CARP Maintenance Mode the fw2 becomes the Master on all IPs correctly.

Any help appreciated

14

18.1 Legacy Series / Re: DNS problem between Viscosity on OSX and OpenVPN on OPNsense

« on: February 12, 2018, 03:57:18 pm »

Make sure Unbound has your VPN Subnet in there. By default, it only does the /32 and won't work.

https://imgur.com/a/eIeKp

I have a separate entry there for my VPN Network.

Thank you.
You are right, there is no VPN Subnet in Unbound Access List

15

18.1 Legacy Series / [SOLVED] DNS problem between Viscosity on OSX and OpenVPN on OPNsense

« on: February 08, 2018, 04:19:19 pm »

I have an OPNsense with OpenVPN Server up and running.
In OpenVPN I have setup DNS and domain.
When I connect from Mac OSX with Viscosity I can't resolve name of internal server:
Tried short name
server
Tried long name
server.domain.local

Working with IP I don't have any problem.
Any suggestion?
Thank you