Messages

511

18.1 Legacy Series / Re: 18.1.1 IPS still blocking access to joomla admin panel

« on: February 05, 2018, 04:50:49 pm »

looks like some much needed changes to suricata.yaml coming in 18.1.2.
I tried to change the eve event log drop type to allow alerts but that caused IDS to crash for me in 18.1.1. Worked in 17.7.12 though.

512

18.1 Legacy Series / Re: Email Notification authentication

« on: February 05, 2018, 04:34:30 pm »

But the email server still needs to allow AUTH PLAIN to accept the messages. That is the issue. OPNsense may send encrypted with STARTTLS, but the server has to be left vulnerable by allowing AUTH PLAIN for all incoming SMTP.

513

18.1 Legacy Series / Re: 18.1 Network Performance (17.7.11-12 was fine)?

« on: February 05, 2018, 04:24:21 pm »

the i354 uses igb drivers, not em or bce. So the em and bce references would have to change to igb.
Use the guide found here https://forum.opnsense.org/index.php?topic=6590.0 for igb

514

18.1 Legacy Series / Re: Email Notification authentication

« on: February 05, 2018, 04:19:22 pm »

Yes, and there the authentication method used for email is AUTH PLAIN.
Monit alerts do not use AUTH PLAIN, which is good

515

18.1 Legacy Series / Email Notification authentication

« on: February 05, 2018, 12:10:30 am »

I have one complaint about email notifications, and it is most likely a FreeBSD issue.
The authentication method used is PLAIN which violates security protocols. Most email servers do not accept this method on purpose and the ones that do advise against using it.

How do I go about making a request to change this authentication method. I am not even sure which module handles that. Or at least an option to offer more modern methods. Kind of silly that a security device would leave an open door like that.

Thanks

516

General Discussion / Monit is a great plugin.

« on: February 05, 2018, 12:00:53 am »

Monit is just another example and reason why OPNsense is the choice of firewalls. I highly recommend this plugin because of the built-in system monitoring capability. This plugin gives us a heads up on stressed or failing hardware which is crucial for me since some of my firewalls are very remote. It can also alert when the network has issues. Just one of many reasons I forked over to OPNsense.

517

General Discussion / Re: PFSense config import?

« on: February 04, 2018, 11:47:34 pm »

Old post, but interesting concept. I would think some of the backup configs could be imported into OPNsense. Like maybe the Interfaces, NAT, and rules configs. But the layout is different so it would be an undertaking, but possible.
Anyone up for the challenge? I would love to see PFsense squirm.

518

18.1 Legacy Series / Re: New Live Firewall log view

« on: February 02, 2018, 01:08:40 am »

What would be nice is when the info windows pops up there is a button to create an allow firewall rule

519

18.1 Legacy Series / Re: Has anyone had a problem-free upgrade from OPNsense 17.7.12 to 18.1?

« on: February 02, 2018, 12:51:04 am »

First off, I only saw a performance reduction when IDS/IPS was enabled.
My specific issues had to do with custom IPS rules and tunables that I had placed in the wrong place and were erased during the upgrade.
As far as the custom IPS rules, I use pass rules to reduce the IPS engine load,
Use the tunable guide in the IPS topics for some improved performance.

One more thing that I noticed is you have to apply the IPS rules again, even if you didn't change anything after the upgrade or anytime suricata updates because the generic suricata.yaml will be used until you hit apply in the rules tab. This will affect your interfaces and engine algorithms used with IPS. The settings migrate ok in OPNsense, just doesn't apply them to suricata.yaml until you hit apply.

520

18.1 Legacy Series / Re: 18.1 Network Performance (17.7.11-12 was fine)?

« on: February 01, 2018, 09:13:29 pm »

Tried 17.7.12 and all went back to expected speeds.
Then I realized that the upgrade had rewritten some of my performance tweaks.
All speeds look normal now running 18.1_1.

I also noticed a new suricata.yaml. I will have to dive into that because I also had changes in there as well.

521

18.1 Legacy Series / Re: 18.1 Network Performance (17.7.11-12 was fine)?

« on: February 01, 2018, 07:04:55 pm »

Ok, great I will try it and report back the results. Glad I take lots of configuration backups.

522

18.1 Legacy Series / New Live Firewall log view

« on: February 01, 2018, 07:03:22 pm »

I really like the new live firewall view, but I wish the normal view was also available since there doesn't seem to be any option to allow the blocked rule to create a new allow firewall rule like there was in the old normal view.

523

18.1 Legacy Series / Re: 18.1 Network Performance (17.7.11-12 was fine)?

« on: February 01, 2018, 06:54:18 pm »

If I reinstall 17.7.5, how do I update to 17.7.12 without going to 18.1?

524

18.1 Legacy Series / Re: 18.1 Network Performance (17.7.11-12 was fine)?

« on: February 01, 2018, 06:49:29 pm »

Applied it.
System>Firmware still shows 18.1 installed. And console shows 18.1_1 installed
Tried the speedtest again with no improvement.

Not sure the downgrade worked

525

18.1 Legacy Series / Re: 18.1 Network Performance (17.7.11-12 was fine)?

« on: February 01, 2018, 06:37:15 pm »

Not sure, but I had to do the NAT patch to get NAT to work.

What is the shell command to revert back to 17.7? Or should I reinstall 17.7 to test it again just to make sure. And if I reinstall 17.5, how do I prevent it upgrading to 18.1. I would want to get back to 17.7.12

Something else I noticed right off, the memory usage has dropped from 12% with 17.7 to 6% with 18.1