Messages

31

20.7 Legacy Series / Re: Upgrade from 20.1 -> 20.7 failed when IPS/IDS enabled.

« on: August 07, 2020, 09:10:54 am »

Yes! Its a vmware VM on my side too, no vlan just native interfaces. As soon as i enabled blocking, the OS crashed and reset, then its stuck in a loop. Its an urgent issue since we use IPS many FW. Im reverted to 20.1 for now.

Same for me (it's a VM, no VLAN tagging, interface firectly on Internet with public address)

I let the IPS without blocking mode for now. At the second you activate blocking mode, it crashs

32

20.7 Legacy Series / Upgrade from 20.1 -> 20.7 failed when IPS/IDS enabled.

« on: August 06, 2020, 03:35:22 pm »

After upgrade from the latest 20.1.x to the 20.7 the firewall crashed right after the suricata service loaded. Some sort of CPU error, i cant see its scrolling too fast, then immediately reboot the machine. This stuck into a loop.
Full clean 20.7 install then restore the config.xml also cause this issue.
So the problem is with the suricata related part in the config.xml. Or even the whole suricata module bugged.
Make sure you are disabled before the upgrade.

33

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: September 11, 2019, 11:15:28 pm »

Its Solved!
Thank You for the help!
It was the libressl package issuse.

I had the 19.7.3 upgraded 19.7.4 now but same issue.

Hi @Archanfel80,

Couldn't reproduce this on a 19.7.4 (amd64/OpenSSL) with 1.0.2 fresh install. I'll be reaching out to you. Let's have a look together.

34

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: September 11, 2019, 10:30:31 pm »

I had the 19.7.3 upgraded 19.7.4 now but same issue.

Hi @Archanfel80,

Couldn't reproduce this on a 19.7.4 (amd64/OpenSSL) with 1.0.2 fresh install. I'll be reaching out to you. Let's have a look together.

35

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: September 11, 2019, 07:29:25 pm »

Hi!

It seems only the fresh install affected, or if i change the interface config in the exsisting one. That is also break something.

Hi @Archanfel80,

Thank you for bringing this to our attention. Trying to reproduce now. Does that affect a pre-existing Sensei install or this happens during a new install?

36

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: September 11, 2019, 04:26:33 pm »

There is an issue with the interfaces since the latest opnsense upgrade. No matter if i select any interfaces sensei said: "You must select at least one interface to start or restart sensei service!" and the packet engine not start. Tried a complete reinstall of sensei, including deleting the corresponding part in the config.xml. It did not help.

37

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: June 20, 2019, 09:27:21 am »

Just a quick report about an issue what i see.
If you installed sensei from the cli first while in the beta and updated since then for some reason the search data not deleted and consumed the disc space after the final 0.8 upgrade. I cant delete the date from the webui it just says simply 'error'.
I cant figured out why but removed the sensei completely, deleted the '/usr/local/sensei' folder and reinstall sensei from the plugins. Now everything works and the disc usage reduced dramatically. So if you're like me, so installed sensei while in the beta probably the best to backup the config remove sensei, delete the sensei directory, reinstall sensei and restore the config which is restore your custom sensei settings.

38

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: June 19, 2019, 02:33:45 pm »

Wow! This is great! One of the bests and most wanted missing feautures added to our belowed opnsense firewall. Sensei is one of a kind software for sure! Keep up the good work!

39

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: May 15, 2019, 06:01:53 pm »

True!
I can confirm that, i dont see the vlan interfaces unless i add manually to the config.xml (Sensei section) or do the same what you mentioned.

Im using tagged vlan interfaces and all shown correctly. See attached image.

Yes, but you had these interfaces already active before you upgraded sensei. If you remove them, you will not be able to readd them again unless you edit the right file to disable the display filter.

mb:

[...] since we started supporting vlan trunk interfaces, we are filtering child interfaces now. Because netmap was causing problems when there are more than 2-3 vlan child interfaces monitored at the same time. [...]

You will have to edit /usr/local/opnsense/mvc/app/controllers/OPNsense/Sensei/Api/ToolsController.php
and change $filterflag = true; to $filterflag = false; in line #51 where is the comparision with 'vlan'.

40

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: May 15, 2019, 02:40:48 pm »

Im using tagged vlan interfaces and all shown correctly. See attached image.

The folder /usr/local/sensei/log does not exist.

After manually creating /usr/local/sensei/log/active the plugin does seem to work.

The interface selection unfortunately does not show any tagged VLAN interfaces. Is this correct? I tought tagged VLANs are supported now?

Hi ruffy,

Having a look at log folder creation. Thanks for reporting this.

As for the VLAN tagged interface, any chances that you did not enable the trunk interface from OPNsense Interfaces menu?

41

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: May 15, 2019, 09:52:15 am »

Login to the firewall through SSH:
mkdir -p /usr/local/sensei/log/active
mkdir -p /usr/local/sensei/log/archive

reboot

I installed Sensei 0.8p9 on 19.1.6 (which I now updated to 19.1.7).
I get the following error when accessing the Dashboard or any sensei page:
Warning: fopen(/usr/local/sensei/log/active/Senseigui.log): failed to open stream: No such file or directory in /usr/local/opnsense/mvc/app/models/OPNsense/Sensei/Sensei.php on line 73 Can't open log file at '/usr/local/sensei/log/active/Senseigui.log'

The folder /usr/local/sensei/log does not exist.

After manually creating /usr/local/sensei/log/active the plugin does seem to work.

The interface selection unfortunately does not show any tagged VLAN interfaces. Is this correct? I tought tagged VLANs are supported now?

42

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: May 14, 2019, 04:36:01 pm »

I referred for this: "In an effort to be able to provide Sensei for people who have less than 8GB memory, and as per Archanfel80's suggestion, we've enabled Sensei to run for deployments with 4B of RAM."

Im glad i can help

How does it help to just quote the complete previous text without any sensful addition? 

43

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: May 14, 2019, 02:53:39 pm »

Im glad i can help

Dear Sensei users,

0.8.0.beta9 is out now. Below are the updates against 0.8.0.beta8:

Support for Large Settings (More than 1000 users)

Thanks to the newly introduced L2 Transparent Bridge Mode, you can run Sensei for thousands of users.

In this mode, where Sensei literally bridges two of your ethernet interfaces, we can scale to the number of Rx/Tx ethernet queues, thus making maximum use of the multiple CPU cores in the system.

This also helps you to keep your existing firewall and still enjoy the functionality offered by OPNsense & Sensei as an additional layer of defense.

Practically, what this means is that, if you deploy Sensei on an 8-core server with a --say 64GB of memory, you can serve 8000 users behind this configuration.

Please be noted that we'll need a small integration with OPNsense to be able to fully provide this functionality. We'll keep you posted.

Support for 4GB RAM

In an effort to be able to provide Sensei for people who have less than 8GB memory, and as per Archanfel80's suggestion, we've enabled Sensei to run for deployments with 4B of RAM.

Please note that if you have 4GB memory, maximum number of users will be 100.

Improved application signatures

• Browsec VPN
• Microsoft Updates
• Office Updates
• Fixed a bug in Web based applications classification module which -in some cases- might lead to a crash.

Cloud

New Cloud Query Infrastructure

Filtering

Fixed a bug where auto-whitelisting a host does not immediately take effect / requiring a restart of engine.

Integrations

• Improved CLI access API
• First bits of Active Directory Integration

Better Reporting

• New report: Ethernet interface reports. You can now see which ethernet interfaces carry the most bandwidth and drill down to per-interface detailed reports.
• New report: VLAN reports. You can filter out a VLAN and drill down as deep as session details.
• New report: User reports. When the OPNsense captive integration is finished, you’ll be able to view user-based reports.
• All live session reports now have VLAN, Interface, Username columns.
• All live session reports now have auto-refresh / refresh interval options
• Fixed a bug where charts were refreshed randomly causing excessive page loads
• Fixed a bug where setting Elasticsearch not to start at boot causing reporting to cease.
• Introduced an option to be able to reset all Elasticsearch Indexes.
• Introduced Elasticsearch Index Health Checker, where you can check and do a fix-up on an index basis
• Elasticsearch shards are now single. Not requiring a replica. All indexes can be seen green now.
• Fixed a bug in Elasticsearch data retiring module, which -in some cases- would result in more disk space consumption

How to update?

For 0.8 users, in the OPNsense Web UI, you should have already seen Sensei reporting 0.8.0.beta9 update. Just click on "Update" and Sensei will take care of the rest.

For 0.7 users, please wait for an announcement for 0.8.0.rc1; when it's out, you should also see 0.8 update in the OPNsense UI. We'll announce it from here and our twitter page.

Hope you enjoy this one.

--
Sensei team

44

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: April 23, 2019, 02:14:23 pm »

Yes! If you have less than 4GB ram the installer will also fail. You can remove this check too. The ram is not problem, i have sensei with 2GB apu board without problem, but that board have a quad core intel processor, and the cpu usage is kinda heavy. Im not sure the celeron processor can handle this.

Im keen to check your plugin, but installer complains on

"Unfortunately Celeron is not supported by Sensei."

i cant say that my CPU is weak, it peforms good on most of tasks.

What will happened if i remove this check from installer ? do you have any other cheks that will prevent to install it ?

45

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: April 11, 2019, 09:47:13 am »

Yeah, different rules on different interfaces would be a great feature, as also a scheduling function.