Messages

1

Hardware and Performance / Re: Migrating from ver. 19.1 to latest - to do or not to do?

« on: September 24, 2023, 11:34:16 am »

Hmmm...well, first half day and I am concerned about CPU performance. Same Virtual Hardware config (8GB, 4 CPU, 120GB SSD RAID 10), same modules, config, plugins... ok, I added ACME client for LE SSL, but this should have no performance hit....

- os-vmware plugin is installed
- NICs are E1000
- ESX VM is 6.7U2 version

Old 19.1 OPNSense: average CPU approx. 270 MHz
New 23.7 OPNSense: average CPU approx 1250 MHz
That's almost 5x more CPU consumption! See BLUE line: old 19.1 was stratching the bottom, while new 23.7 has significant CPU usage even on Sunday morning when there is no business traffic.

TOP shows most of the time suricata process consuming a lot of CPU.

2

Hardware and Performance / Re: Migrating from ver. 19.1 to latest - to do or not to do?

« on: September 24, 2023, 12:32:22 am »

SUCESS!

As per your advice, I went with exporting and importing config. Then I manually edited XML config file to reflect interfaces name change, which happened somewhere after FreeBSD 11 (I guess?) and few other specific settings, which might cause problems. Caveat in my case was I only have WAN access, because it is ESX host in datacenter and I am not into spending few hours there on console.
When finished, all FW and Plugins need to be updated, once again rebooted, and services came up to life.

Thank you guyz!

3

Hardware and Performance / Re: Migrating from ver. 19.1 to latest - to do or not to do?

« on: September 23, 2023, 12:09:34 am »

Hey guyz,

thank you for tips! 
I will try fresh install + restore config. The only question is, whether 19.1 config is compatible with latest 23.7. But having my old VM just shut down, brings me peace of mind. If anything goes wrong, I have old VM to power it up.

Will report back how it went...

4

Hardware and Performance / Migrating from ver. 19.1 to latest - to do or not to do?

« on: September 20, 2023, 08:17:24 pm »

Hi,

I have one pretty powerfull ESX 6.7 host with a dozen of web and mail services. All are protected with another virtual machine:
OPNsense 19.1.10_1-amd64
FreeBSD 11.2-RELEASE-p10-HBSD
OpenSSL 1.0.2s 28 May 2019

I've tried to upgrade many times before, but failed, dunno what exactly went wrong, but due to failures I simply kept it running at this old version.

I have over hundred of rules, aliases, tunnels, routes and stuff, which I will need to manually retype into new OPNSense, if I decide to do so. And I will definitelly go for it, but I need a good reason - what you say, will I benefit in performance or somewhere else, if I go with new version? Or should I expect same performance and security after a week of manually migrating all over?

5

Hardware and Performance / Re: Disk 109% full, how to increase size

« on: February 24, 2022, 11:21:43 pm »

Excellent starting point, thank you!!!

I had problems SSH-ing, see port 22 is opene, listening on WAN interfaces, but simply cannot connect with Putty. Nevermind... did it via remote console and like you said, found disk hog, 92 GB in size, flowd.log:

Code: [Select]

  92664854896 Jan 14 20:02 flowd.log
     11566548 Jun  7  2021 flowd.log.000001
     11566328 Jun  7  2021 flowd.log.000002
     11666820 Jun  7  2021 flowd.log.000003
     11598933 Jun  7  2021 flowd.log.000004
     11587141 Jun  7  2021 flowd.log.000005

Looks like known issue: https://github.com/opnsense/core/issues/2296

6

Hardware and Performance / Disk 109% full, how to increase size

« on: February 24, 2022, 10:30:25 am »

Hi,

My OPNSense 19.1.10_1-amd64 is running FreeBSD 11.2-RELEASE-p10-HBSD as a VIRTUAL MACHINE on ESX 6.5 server. It says DISK USAGE: 109% (100G/100G)

I dunno how is this even possible, and it is still running, but I will obviously need to act NOW.

Please...I have only copy/paste Linux knowledge - any reliable instructions on how to resize disk?

7

22.1 Legacy Series / Should I migrate 19.1. to 22.1 performance wide?

« on: February 02, 2022, 07:33:14 pm »

Hi,

I have 19.1. on ESX 6.5 server and yes, it's working. A lot of rules, a lot of NAT translations, and a lot of blocklists (aliases, external lists). Cannot auto-upgrade to any newer version, dunno why, but it does not work.

I am thinking about manually rewriting all rules to 22.1 version.
What ya think - will there be any benefit performance-wise or security-wise?

8

21.7 Legacy Series / Re: Any performance gain from 19.1 to 21.7 version?

« on: September 20, 2021, 10:35:49 am »

Thank you.

Well, I have VMWare 6.7 u 1, so it's virtualized HW. With mentioned 4000 active handles it's scratching the floor, not spiking over 8% CPU, so I guess performance wise would be fine.

Regarding UPDATE....I guess breaking point is 19.1 --> 19.7, because 19.1 was the last possible auto upgrade. From there on traffic was stuck, I tried twice, spent whole day trying to upgrade 19.1 to different versions, even one step up, but at no avail.
So I am stuck with 19.1 and need to manually upgrade.

9

21.7 Legacy Series / Any performance gain from 19.1 to 21.7 version?

« on: September 14, 2021, 09:48:49 am »

Hi,

I have production on 19.1 version on this:
- Host is FUJITSU server on ESX 6.7.0 Update 2
- OPNSense is 19.1 with approx. 4000 active states on average
- it has some 40 NAT rules
- it also has quite large BLOCKLISTS on FW Aliases (loading external files of up to 4000 IP addresses to block
- WAN is 1 Gbps bandwidth in datacenter

What do you think - will I gain or loose performance wise if I upgrade to 21.7?
It is PITA, because I will "upgrade manually", meaninig I need to rewrite by hand all rules and settings. Auto upgrade is not possible.

10

Intrusion Detection and Prevention / Re: How often is ALIAS URL table refreshed, if ever?

« on: February 02, 2020, 10:44:48 pm »

Chemlud, I just wanted to reply to you, that this is what I first tried. And I have tried many combinations there, each minute, each hour...
...BUT I took a look at this Cron guide https://www.codementor.io/@akul08/the-ultimate-crontab-cheatsheet-5op0f7o4r and realized, that I *might* have entered numbers wrong!
For example, I entere 5 for minutes and 0 for hours and 0 for days....whixch would in best case mean every day at 0:05 hours, but as also day was 0, I am not sure what that meant to Cron job.

So today I put my glases on, saw those dots are not asterisks * but rather zeros 0....oh, geeez, my oh my... Then I read the above mentioned cheat sheet )

So, for the URL TABLE Alias to reload every 2 minutes, picked up the following Cron job:
   Update and reload firewall aliases

...and entered the following schedule:
   */2   *   *   *   *

Now it works like a charm!
Thank you for kicking me back to the track!

BTW...If anybody else wants to take advantage of this list, it get's updated instantly. You are all welcome to use it: http://secureit.si/lockouts/list.php

11

Intrusion Detection and Prevention / Re: How often is ALIAS URL table refreshed, if ever?

« on: February 02, 2020, 02:28:02 pm »

Any idea on this subject?
How can I set URL TABLE refresh?
Is there any LOG of URL TABLE alias refresh scron?

My webhosting servers are under constant attacks, hundreds of brute force login attempts every minute, across all web sites. Attacking script maybe tries from same URL a dozen of times, then it obviously switches over to another web site at some other webhosting services.
My trap sites detect attacks at their first attempt, as they are made of traps actually. And immediately they push attacker's IP to the BAN LIST. So I am very interested to reload this BAN LIST into OPNSense FW --> ALiases --> URL TABLE list as son as possible, say every 1 minute at least to prevent any further attacks from the same IP.
It's crucial for me this mechanism to work.

12

Intrusion Detection and Prevention / Re: How often is ALIAS URL table refreshed, if ever?

« on: January 10, 2020, 11:21:02 pm »

Thank you, Franco, I assumed the same, too.
There are 2 fields with predefined values:
- Days: 0
- Hours: 4.00
How can I set it to refresh every 2 or 5 minutes?
I tried with 0.05 or 0.02 in hours field, but it does not seem to work.

13

Intrusion Detection and Prevention / [SOLVED] How often is ALIAS URL table refreshed, if ever?

« on: January 09, 2020, 11:15:10 pm »

Hi,

related to this: https://forum.opnsense.org/index.php?topic=15226.0 I am wondering, if ALIAS URL table, pulled from external source, is ever refreshed?

I have it configured to pull bad IPs to block them from external URL, but if I manually inject one testing IP there, it does not get blocked not after 1 hour, not after 1 day.
So I guess, whether list does not get updated ever, or maybe CRON for this update is not configured.

Any idea where refresh rate (update) can be set?

14

Intrusion Detection and Prevention / Re: How to check if Firewall blocking rule is working?

« on: January 08, 2020, 07:10:33 am »

I am checking those ALIAS rules, but it seems like it is not pulling IP's from the list. I mean, source IP is not blocked, and source IP is not within IP ALIASES.

I have CRON set to check LIST ALIAS every 5 minutes.

Any idea what's wrong?
Any LOG I can check?

15

Intrusion Detection and Prevention / Re: How to check if Firewall blocking rule is working?

« on: December 31, 2019, 07:58:55 pm »

Ok, but LIVE VIEW I assume shows near realtime logs. I cannot check there, for example:
"Dear tech support, our team member is on vacation on Barbados and they cannot send mail."
Where can I check things like this, when I only suspect issue happened 3 days ago?