Messages

1

Intrusion Detection and Prevention / Re: IPS not alerting

« on: September 23, 2023, 09:48:24 pm »

Not to hijack, I am on a wireguard_interface and not wan. Eicar does not drop or send alerts. There is something wrong with Suricata. Just wan and no wireguard vpn connection, eicar works fine.

2

Intrusion Detection and Prevention / Re: Suricata crashing

« on: September 23, 2023, 03:21:28 pm »

I also get

 App-Layer protocol rdp enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.

3

Intrusion Detection and Prevention / Wireguard_Interface Surriccata error

« on: September 17, 2023, 07:06:09 pm »

I got Suriccata to work by fixing my IDS home network to 10.59.XX.0/24. I got logs now.
How do I get rid of the warnings?
A post says to /usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml ?

2023-09-17T08:59:48-04:00   Warning   suricata   [100618] <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol http2 enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.

4

23.7 Production Series / Re: 23.7.4 killed wireguard

« on: September 15, 2023, 03:44:11 pm »

Upgraded to 23.7.4 and the wireguard connection is fine.No problems.

5

Intrusion Detection and Prevention / Re: Suricata Not Finding Anything

« on: September 09, 2023, 10:59:04 pm »

I am also getting nothing with Surricata  on opnsense 23.7.3  I am using wireguard. Should Surricata be on wan or wireguard_interface? I have zenamor on the lan.  Ran www.eicar.eu and  the payload gets downloaded with no intrusion setection alerts.

Without zenarmor, I had Surricata on the lan and it was working perfectly and blocking www.eicar.eu

The Suuricata log
[100247] <Warning> -- [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl for 'wg1': Device not configured (6)


Need help on this one.

6

Intrusion Detection and Prevention / Re: Zenarmor

« on: August 13, 2023, 05:22:37 pm »

Zen on lan , suricata on wan, using wireguard to vpn.
Unable to block on Suricata the http://eicar.eu download.

I have the rule enabled and on alert.
The logs have no alerts indicating the eicar rule got triggered and was it subsequently downloaded.

7

Intrusion Detection and Prevention / Re: Zenarmor

« on: August 12, 2023, 07:08:23 pm »

Got it to work using zen on lan and Surricata on wan. If I am using wireguard should the Surricata interface selection be both for wan and wireguard?

8

Intrusion Detection and Prevention / Zenarmor

« on: August 12, 2023, 04:21:57 pm »

Using Surricata  on lan and zenarmor on wan, tired both L3 native and emulated netmap and the dashboard displays the wan with zero throughput when doing the Ookola up/down speed test? Why? Any suggestions?
I and running wireguard to the vpn.

I think I have the answer.
Currently zenarmor does not support wireguard or openvpn.
Maybe I could put Surricata on the wan  and zenarmor on lan
will it work?

https://www.zenarmor.com/docs/troubleshooting/configuration

9

Hardware and Performance / Re: i225-v PCIe NIC

« on: July 22, 2023, 09:27:29 pm »

@CJ, were u able to get 2.5gb? I have an Acer Magician AM07  Ryzen 5500u dual lan I225-V and was wondering if I could achieve  that speed.
Thanks

10

Hardware and Performance / Re: i225-v PCIe NIC

« on: July 22, 2023, 02:10:03 pm »

Any new updates on opnsense I225-V?
Do issues still exists?

11

23.1 Legacy Series / Intrusion Dectction Schedule

« on: July 15, 2023, 07:36:48 pm »

Cannot edit or delete schedule. Services-> Intrusion Detection -> admin-> schedule. When I select cancel it does open  schedule tab for review.

12

23.1 Legacy Series / Re: No Internet But Can Ping

« on: July 02, 2023, 02:40:19 pm »

@Mayo132
Second solution was, that there was set up an Proxyscript on the clients -> After this was disabled everything was working fine.

Can u further elaborate how to make the change? Thanks

13

23.1 Legacy Series / Re: No Internet But Can Ping

« on: July 01, 2023, 04:20:16 pm »

Having a similar problem when I disable my dhcp lan connection to OPNSense 23.1, the W10 (Broadcom nic)  network connection does not get internet access again when enabled. I am not sure wny.

14

23.1 Legacy Series / Unable to configure wireless interface in access point mode via Web GUI

« on: July 01, 2023, 04:08:11 pm »

Read the archives. Hasn't this been fixed? Cannot get the wifi card to access point and unable to detect the SSID?

https://forum.opnsense.org/index.php?topic=20956.msg97723#msg97723