Messages

1

Sensei / TLS 1.3 support

« on: May 28, 2021, 03:25:48 am »

Does anyone know if Sensei plans on supporting tls 1.3?  I put a ticket in with sunny valley helpdesk asking this a month ago and I never received a response.

Thanks

2

20.7 Legacy Series / Re: Syslog_ng causing ridiculous boot times

« on: January 27, 2021, 02:46:58 am »

Any suggestions here?

3

20.7 Legacy Series / Re: Syslog_ng causing ridiculous boot times

« on: January 16, 2021, 02:59:40 am »

I am sending logs to a system that is using elasticsearch and then forwarding them from there to a cloud SIEM.  Yes I also have sensei running but that's been updated several times since the issue started.  What would you suggest?  Do you think this is a sensei issue?

4

20.7 Legacy Series / Re: Syslog_ng causing ridiculous boot times

« on: January 14, 2021, 01:24:19 pm »

For what it's worth, I also tried installing syslog_ng from the packages section in the GUI but that didn't seem to help.  Here's the health audit:

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
>>> Check installed kernel version
Version 20.7.6 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 20.7.6 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for and install missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .
elasticsearch5-5.6.8_5: checksum mismatch for /usr/local/etc/elasticsearch/elasticsearch.yml
Checking all packages............ done
>>> Check for core packages consistency
Checking core packages: .................................................................... done
***DONE***

5

20.7 Legacy Series / Re: Syslog_ng causing ridiculous boot times

« on: January 14, 2021, 01:19:35 pm »

Can I ask which version and does the health audit say anything in particular?


Cheers,
Franco

Hey Franco.  I'm currently on 20.7.7_1 but the issue has been persistent for several versions now.  Been happening for about 6 months if not more.  The health audit shows everything is fine.

6

20.7 Legacy Series / Syslog_ng causing ridiculous boot times

« on: January 10, 2021, 02:35:34 am »

So I've been having this issue for a while now, and I've just been dealing with it.  I googled it, found a few things, but can't seem to find an actual fix.

Every time I reboot the firewall, it hangs on "Stopping syslog_ng" and I can see on the monitor it's waiting to kill some PID.  It takes forever though, causing like 10 minute reboot times on the firewall.  I didn't have this issue in version 19 that I can remember, and it seems to be a known thing from what I'm reading?  Just wondering if anyone knows an actual fix for this. 

Thanks

7

20.7 Legacy Series / Re: OpenVPN Redirect Gateway not working anymore?

« on: November 21, 2020, 07:46:50 pm »

So I have an admin vpn for myself that basically says anything on that net can get anywhere it wants.  I didn't make any rule changes.  With redirect gateway on I can hit everything on my LAN fine, I just can't seem to get out to the internet at all.  It's almost like the firewall just drops all the packets that aren't destined for the LAN.  I'm pretty stumped. 

It also does the same thing on any VPN I use.  I have 4 total not counting site-to-site tunnels but those use wireguard.  Any of the OpenVPN instances though, if redirect gateway is checked, there's no internet while on the vpn.

Another weird thing is that if I get on the VPN and do a continuous ping to say, 4.2.2.2, and check the live view of the firewall logs, I don't see any of that ping traffic. 

8

20.7 Legacy Series / OpenVPN Redirect Gateway not working anymore?

« on: November 20, 2020, 09:28:10 pm »

Redirect gateway used to work prior to the latest update.  On October 17th I was out of town and in a hotel with unsecured WiFi and actually used this feature to get around that and confirmed that all of my traffic was routing over the tunnel.

Today I had a reason to use the VPN again and this has seemingly stopped.  Trying to browse to any website, or ping out to the internet with the redirect gateway option checked just doesn't seem to work.  I did a PCAP on the openvpn interface on the firewall and I do see the pings in the pcap, but there are no replies and web browsing just seems to time out. 

If I uncheck redirect gateway, then pinging out to the internet and web browsing is fine.  I have about 4 different OpenVPN servers running and they are all sharing the same behavior. 

Here's the routing table from a PC I was using while connected to a public WiFi while on the VPN with redirect gateway enabled:

Code: [Select]

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   10.128.128.128   10.140.249.135     40
          0.0.0.0        128.0.0.0        10.5.19.5        10.5.19.6    291
         10.0.0.0        255.0.0.0         On-link    10.140.249.135    296
         10.5.0.0      255.255.0.0        10.5.19.5        10.5.19.6    291
        10.5.19.0    255.255.255.0        10.5.19.5        10.5.19.6    291
        10.5.19.4  255.255.255.252         On-link         10.5.19.6    291
        10.5.19.6  255.255.255.255         On-link         10.5.19.6    291
        10.5.19.7  255.255.255.255         On-link         10.5.19.6    291
   10.140.249.135  255.255.255.255         On-link    10.140.249.135    296
   10.255.255.255  255.255.255.255         On-link    10.140.249.135    296
     73.61.103.19  255.255.255.255   10.128.128.128   10.140.249.135    296
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0        10.5.19.5        10.5.19.6    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         10.5.19.6    291
        224.0.0.0        240.0.0.0         On-link    10.140.249.135    296
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link         10.5.19.6    291
  255.255.255.255  255.255.255.255         On-link    10.140.249.135    296
Not really sure why this stopped working.  I've made no firewall rule changes since I've been back from the vacation in October when it was working.  The only thing I've really done on the firewall since is to update to 20.7.4

9

20.7 Legacy Series / Re: PHP keeps spiking my CPU?

« on: November 03, 2020, 01:26:44 pm »

Yeah I saw your post and tried that.  Didn't work for me.  I restored from a backup and then re-imported some of my setting from a more recent backup and now it seems fine.

Mental note: Don't enable suricata like ever.  Everything was fine until I turned that on.

10

20.7 Legacy Series / PHP keeps spiking my CPU?

« on: November 03, 2020, 01:22:37 am »

So I did the latest update and since then I've had issues.  I did the update, then turned suricata on, and it kept killing my WAN link once a day, so ok, turned that back off, but now my firewall CPU keeps spiking.  If I look at top I see "php" and "php-cgi" keep spiking and hitting like 97%.

I reset the logs on the firewall, manually deleted all the suricata directories I could find, just stuff I found from trying to research this, but it's still doing it.  Anyone have any ideas?  My CPU graph in my network monitor used to idle at almost nothing and now it looks like a saw graph.  The web UI is lagging and downloads are painfully slow. 

11

20.7 Legacy Series / Re: Trying to login with LDAP removes my account from the admin group

« on: October 11, 2020, 03:28:00 am »

Good call.  Thanks!

12

20.7 Legacy Series / Re: Trying to login with LDAP removes my account from the admin group

« on: October 09, 2020, 03:02:30 am »

Ok so doing some more testing.  If I give my actual account permissions to everything, it works.  If I add the account to a group, say, admins, and give the -group- permissions to everything, it kicks me out of the group.

13

20.7 Legacy Series / Re: Trying to login with LDAP removes my account from the admin group

« on: October 09, 2020, 02:58:15 am »

Oh I also tried creating a new group with admin permissions, and adding my account using the import option.  Same result.

14

20.7 Legacy Series / Trying to login with LDAP removes my account from the admin group

« on: October 09, 2020, 02:55:40 am »

So I've had LDAP configured for a while on the firewall, but I figured I should start using it to actually login instead of just using the local database.  My account is a member of the local admins group.  I RDP'd to a VM, logged into the fw as root, Settings | Admninistration | Authentication...I checked both domain controllers and the local database for a backup.  I tried to login with my local account, which has the same username and password as my domain admin account, and the page kind of blinks and just shows me the login screen again.  When I check the user section from the virtual machine using the root account, my account has been removed from the admin group...

The tester works fine for my account, as well as various other test user accounts I've made.  Anyone know why this thing is kicking me out of the admin group?

Oddly enough, if I change the account on the firewall to use a different password than my domain password, it logs in fine.  I'm assuming this is just using the local database and not AD auth though. 

15

20.7 Legacy Series / Re: Does opnsense not let you put vlan's into ospf?

« on: September 22, 2020, 06:30:20 pm »

Actually if you do point to multipoint, you only get a route for the .1 of the vlan that lives on the firewall, so I went with broadcast which adds the entire /24 to the ospf routing table