1
Intrusion Detection and Prevention / Re: IPS PPPoE Interface
« on: November 26, 2024, 09:58:59 pm »
is there any hope or progress related opnSense (freeBSD) and suricata with PPPoE WAN Interfaces in IPS Mode will work?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.1 Legacy Series / Re: suricata and pppoe vlan11 tagged fiber / WAN dont work
« on: June 22, 2024, 01:27:36 am »
seems like it is not working and not supported by suricata / netmap
https://forum.opnsense.org/index.php?topic=31587.0
https://forum.opnsense.org/index.php?topic=31587.0
3
24.1 Legacy Series / Re: suricata and pppoe vlan11 tagged fiber / WAN dont work
« on: June 03, 2024, 08:44:56 am »
anyone successfully using suricata on a PPPOE WAN?
Best Regards
Best Regards
4
24.1 Legacy Series / OPNsense and UPNP in 2024
« on: May 30, 2024, 11:03:44 am »
Dear All
i investigated the issue (again) when you use more then 1 device/console/computer for gaming and try to get an open NAT. i read and do testing around 10 hours, but now im done and back here to ask if something changed bc the messages i read in other forums (pfsense, github..etc) are from 2 years+ ago.
Is the 2 computer/consoles/games issue with open NAT still present in 2024?
i have 2 consoles.
Szenario 1 = 1 console used
if i set up strict outbound NAT, 1 console has open NAT. OK
szenario 2 = 2 consoles used
if i try to use 2 consoles its not working with strict outbound NAT. so i try to use upnp (miniupnpd).
But im not able to get open NAT on the consoles. More then that, i think upnp is not wirking at all, bc i do not see any session in the status tab. also checked config file, route logs etc but its all the same und unclear (regarding to those thousned peoples they did similiar testing)
i know all this setup instruction with strict NAT, UPNP configuration and using NAT reflection etc, but again:
is any one able to use 2 consoles/games same time and got an open NAT?
Best Regards
Edit: installed an UPNP test tool on my pc (same network as the console) setup propper rules in UPNP-plugin on opnsense. result: the tool is not able to open port, also it does not recognize that there is UPNP service on OPNsense. the tool looks like it works, bc it was able to find other devices who seem to use upnp.
Edit2:
2024-05-30T12:12:13 Warning miniupnpd Port forwarding is now disabled
2024-05-30T12:12:12 Warning miniupnpd Check configuration of firewall on local machine and also on upstream router
2024-05-30T12:12:12 Warning miniupnpd STUN: ext interface pppoe0 has now public IP address x.x.x.x but firewall filters incoming connections set by miniunnpd
i do not have manual created wan rules in place. so what try miniupnpd try to say to me?
i investigated the issue (again) when you use more then 1 device/console/computer for gaming and try to get an open NAT. i read and do testing around 10 hours, but now im done and back here to ask if something changed bc the messages i read in other forums (pfsense, github..etc) are from 2 years+ ago.
Is the 2 computer/consoles/games issue with open NAT still present in 2024?
i have 2 consoles.
Szenario 1 = 1 console used
if i set up strict outbound NAT, 1 console has open NAT. OK
szenario 2 = 2 consoles used
if i try to use 2 consoles its not working with strict outbound NAT. so i try to use upnp (miniupnpd).
But im not able to get open NAT on the consoles. More then that, i think upnp is not wirking at all, bc i do not see any session in the status tab. also checked config file, route logs etc but its all the same und unclear (regarding to those thousned peoples they did similiar testing)
i know all this setup instruction with strict NAT, UPNP configuration and using NAT reflection etc, but again:
is any one able to use 2 consoles/games same time and got an open NAT?
Best Regards
Edit: installed an UPNP test tool on my pc (same network as the console) setup propper rules in UPNP-plugin on opnsense. result: the tool is not able to open port, also it does not recognize that there is UPNP service on OPNsense. the tool looks like it works, bc it was able to find other devices who seem to use upnp.
Edit2:
2024-05-30T12:12:13 Warning miniupnpd Port forwarding is now disabled
2024-05-30T12:12:12 Warning miniupnpd Check configuration of firewall on local machine and also on upstream router
2024-05-30T12:12:12 Warning miniupnpd STUN: ext interface pppoe0 has now public IP address x.x.x.x but firewall filters incoming connections set by miniunnpd
i do not have manual created wan rules in place. so what try miniupnpd try to say to me?
5
24.1 Legacy Series / Re: suricata and pppoe vlan11 tagged fiber / WAN dont work
« on: May 30, 2024, 10:49:04 am »Intrusion detection systems need to track the flows. If you do address translation then sources or targets of flows are rewritten. The original flow is terminated and replaced. Intrusion detection systems typically only see one leg of the entire communication. Either the original flow leg or the replaced, new flow leg. But in either case they keep on missing half of what's going on.
Feel free to read the documentation for details. It's all there right in the "Choosing an interface" chapter: https://docs.opnsense.org/manual/ips.html#choosing-an-interface".
PS: There is a reason why many admins hate NAT. You have to jump a lot of hoops and deal with heaps of BS just to keep using the old IPv4 address.
ok of course, but it does not matter in this szenario, bc suricata does not work and it worked back in the days when the interface was DHCP-WAN and not PPPOE-WAN.
Best Regards
6
24.1 Legacy Series / Re: suricata and pppoe vlan11 tagged fiber / WAN dont work
« on: May 29, 2024, 09:35:14 pm »Also NAT and intrusion detection systems are no friends.
?? what has suricata todo with NAT?
7
24.1 Legacy Series / Re: suricata and pppoe vlan11 tagged fiber / WAN dont work
« on: May 29, 2024, 09:34:03 pm »I don't believe you can use Suricata on PPPoE - it is not compatible.
why not, suricata does not see pppoe header i think
8
24.1 Legacy Series / suricata and pppoe vlan11 tagged fiber / WAN dont work
« on: May 28, 2024, 05:37:02 pm »
hi there
befor everthing was working fine.
i had an fiber wan connection which was DHCP.
Suricata was configured to look at the WAN interface and it was working, i got some alerts during the week.
bc of relocating, the ISP only offers fiber with pppoe in this area.
i reconfigured the wan (create vlan11 interface, create pppoe device with credentials, assigned pppoe interface as WAN)
opnsense got an public IP and internet working as well. this "happens" around 6 month ago.
Till then, i never got an suricata alert. so i was wondering if suricata is working properly. i tested it with eicar and nothing happend, so i dont get any alert since 6month and my testing triggered also no alert.
I then switched Promiscuous mode off after about 4 months, no change. After 2 months more still no alerts.
I suspect that Suricata cannot access the WAN interface. i think it has problems with the constellation interface->vlan->pppoe->WAN
Any idea what the problem could be, how I can troubleshoot and fix it?
what i did:
restart service
reboot
test with eicar, NOK
check ruleset (every drop/alert rules are enabled)
tested it with http://testmynids.org/uid/index.html
change pattern matcher aho <->hyper
Best Regards
befor everthing was working fine.
i had an fiber wan connection which was DHCP.
Suricata was configured to look at the WAN interface and it was working, i got some alerts during the week.
bc of relocating, the ISP only offers fiber with pppoe in this area.
i reconfigured the wan (create vlan11 interface, create pppoe device with credentials, assigned pppoe interface as WAN)
opnsense got an public IP and internet working as well. this "happens" around 6 month ago.
Till then, i never got an suricata alert. so i was wondering if suricata is working properly. i tested it with eicar and nothing happend, so i dont get any alert since 6month and my testing triggered also no alert.
I then switched Promiscuous mode off after about 4 months, no change. After 2 months more still no alerts.
I suspect that Suricata cannot access the WAN interface. i think it has problems with the constellation interface->vlan->pppoe->WAN
Any idea what the problem could be, how I can troubleshoot and fix it?
what i did:
restart service
reboot
test with eicar, NOK
check ruleset (every drop/alert rules are enabled)
tested it with http://testmynids.org/uid/index.html
change pattern matcher aho <->hyper
Best Regards
9
24.1 Legacy Series / Re: 24.1 - DHCP server moves to KEA - implications?
« on: May 06, 2024, 10:26:41 pm »
in pfsense 24.03 you can easily switch dhcp backend from ISC to KEA (and vice versa) with 2 click. I wish Opnsense would implement something similar. reservation and so on are still in place.
see attachment.
see attachment.
10
Intrusion Detection and Prevention / Re: OPNSense 23.1 suricata Keeps stopping.
« on: February 11, 2023, 12:29:27 pm »
similar issue with suricata after upgrade to 23.1_6. Suricata all rulesets are downloaded without ET PRO.
After boot opnsense successfully and everthing works fine, i have a disconnect on WAN after 5 mins(where is suricata running on) for around 5-10 seconds. this disconnct just happend once after ervery reboot after a uptime from around 5 min. After that, it runs for hours without issues.
edit: mb its bc suricata service starts a little bit delayed and when the service starts, its shutdown the WAN interface for a coupe of seconds.
After boot opnsense successfully and everthing works fine, i have a disconnect on WAN after 5 mins(where is suricata running on) for around 5-10 seconds. this disconnct just happend once after ervery reboot after a uptime from around 5 min. After that, it runs for hours without issues.
edit: mb its bc suricata service starts a little bit delayed and when the service starts, its shutdown the WAN interface for a coupe of seconds.
11
Virtual private networks / Re: (SOLVED) ProtonVPN on OPNSense
« on: October 26, 2022, 10:04:32 pm »Is there a way to decide which internal IPs can use the VPN?
I have about 20 devices connect to my LAN, and I'd like just a couple of those devices to use the VPN, is it feasible?
Tia.
yes it is. just use firewall rules with client IP as source and selected ProtonVPN as Gateway in that Rule
https://protonvpn.com/support/pfsense-2-5-x-vpn-setup/
BR
12
21.7 Legacy Series / 21.7 upgrade failure
« on: July 29, 2021, 12:56:27 am »
After upgrade it stucks at the "vlan changing name to..."
I use miniPC with intel CPU and NIC's (nrg-systems.de)
what i tested:
Running opnsense 21.1.9, upgrade to 21.7
-> Freeze on vlan config
Clean install 21.7(works) and restore with 21.1.9 backup
-> freeze on vlan config
Clean install 21.1.9, restore config 21.1.9 and upgrade to 21.7
-> freeze on vlan config
Clean install 21.1.9 and restore config 21.1.9
-> everything works fine
i also use LAGG interfaces with VLAN's
similar to this:
https://forum.opnsense.org/index.php?topic=23867.0
Thanks for Help!
Best Regards
I use miniPC with intel CPU and NIC's (nrg-systems.de)
what i tested:
Running opnsense 21.1.9, upgrade to 21.7
-> Freeze on vlan config
Clean install 21.7(works) and restore with 21.1.9 backup
-> freeze on vlan config
Clean install 21.1.9, restore config 21.1.9 and upgrade to 21.7
-> freeze on vlan config
Clean install 21.1.9 and restore config 21.1.9
-> everything works fine
i also use LAGG interfaces with VLAN's
similar to this:
https://forum.opnsense.org/index.php?topic=23867.0
Thanks for Help!
Best Regards
13
21.7 Legacy Series / Re: 21.7-RC1 Boot hang at “Configuring VLAN interfaces...” with imported 21.1 config
« on: July 29, 2021, 12:32:31 am »
same issue here with the final 21.7.
After upgrade it stucks at the "vlan changing name to..."
I use miniPC with intel CPU and NIC's (nrg-systems.de)
what i tested:
Clean install 21.7(works) and restore with 21.1.9 backup
-> freeze on vlan config
Clean install 21.1.9, restore config 21.1.9 and upgrade to 21.7
-> freeze on vlan config
Clean install 21.1.9 and restore config 21.1.9
-> everything works fine
i also use LAGG interfaces with VLAN's
Thanks for Help!
Best Regards
After upgrade it stucks at the "vlan changing name to..."
I use miniPC with intel CPU and NIC's (nrg-systems.de)
what i tested:
Clean install 21.7(works) and restore with 21.1.9 backup
-> freeze on vlan config
Clean install 21.1.9, restore config 21.1.9 and upgrade to 21.7
-> freeze on vlan config
Clean install 21.1.9 and restore config 21.1.9
-> everything works fine
i also use LAGG interfaces with VLAN's
Thanks for Help!
Best Regards
14
Zenarmor (Sensei) / Re: os-sensei-db (missing)
« on: March 30, 2021, 03:57:49 pm »
i tried it on another opnsense with active running sensei.
Short version:
just delete 'sensei-db'
cd /usr/local/opnsense/version/
rm -rv sensei-db
then use auto plugin resolver, and reset local conflicts
done
hint:
there is another folder under /usr/local/sensei-db
im not sure is it still in use or not.
to fix the GUI it is enough to delete the folder /usr/local/opnsense/sensei-db.
I also deleted the folder /usr/local/sensei-db, which had a lot of content, but the instance is still running, but can't say for sure if data (dashboard) is lost.
br
K
Short version:
just delete 'sensei-db'
cd /usr/local/opnsense/version/
rm -rv sensei-db
then use auto plugin resolver, and reset local conflicts
done
hint:
there is another folder under /usr/local/sensei-db
im not sure is it still in use or not.
to fix the GUI it is enough to delete the folder /usr/local/opnsense/sensei-db.
I also deleted the folder /usr/local/sensei-db, which had a lot of content, but the instance is still running, but can't say for sure if data (dashboard) is lost.
br
K
15
Zenarmor (Sensei) / Re: os-sensei-db (missing)
« on: March 30, 2021, 03:50:46 pm »
resolved!
what i did befor open this thread:
- uninstall sensei
- run automatic plugin resolver
- reset plugin conflicts
- reboot
result= sensei-db missing
then i opened this thread:
meanwhile i searched over cli for everything related for 'sensei' or 'os-sensei' or 'sensei-db' and delete it manually.
find / -name 'sensei-db'
- run automatic plugin resolver
- reset plugin conflicts
result: sensei-db missing still there
- reboot opnsense
result: sensei-db missing still there
- run automatic plugin resolver
- reset plugin conflicts
result: gone
what i did befor open this thread:
- uninstall sensei
- run automatic plugin resolver
- reset plugin conflicts
- reboot
result= sensei-db missing
then i opened this thread:
meanwhile i searched over cli for everything related for 'sensei' or 'os-sensei' or 'sensei-db' and delete it manually.
find / -name 'sensei-db'
- run automatic plugin resolver
- reset plugin conflicts
result: sensei-db missing still there
- reboot opnsense
result: sensei-db missing still there
- run automatic plugin resolver
- reset plugin conflicts
result: gone