Messages

481

Intrusion Detection and Prevention / Re: OpenVPN interface + IDS/IPS

« on: January 18, 2018, 03:27:57 pm »

Sad day it is...

I would need to talk with my ISP, see if there is any possibility to ditch the PPPoE link, way too many issues with it... well none of them critical, just annoying

482

Intrusion Detection and Prevention / Re: OpenVPN interface + IDS/IPS

« on: January 18, 2018, 01:54:39 pm »

So basically everybody waits for somebody else to do something, a task that should be an otherwise coordinated effort because many things are involved...

This usually will lead to nothing in my experience, unfortunately. Do you think this is a dead-end and will remain like this?

483

Tutorials and FAQs / Re: Fast and easy way to protect your home and/or small office network with OPNsense

« on: January 18, 2018, 01:14:30 pm »

Thank you

You're perfectly right, take a look at this post: https://forum.opnsense.org/index.php?topic=6840.0

That's why I specified the target audience (home and/or small office), under no circumstances should this guide be deployed in SME or higher, as it is.

Thank you for adding this missing description, I'll include it in the INTRO part, so that people may be aware as to why this is not good for SME as it is and what needs to be tweaked in case of issues.

Update: updated the description of the guide

484

General Discussion / Re: How to open specific ports?

« on: January 18, 2018, 09:31:46 am »

Sure thing, you're welcome!
Nevertheless, you should ask around for a second opinion, someone else who also knows your network requirements (if possible)

485

17.7 Legacy Series / Re: Newbie has problem connecting to LAN After New Install

« on: January 18, 2018, 07:10:25 am »

If you managed to get the other stuff right, delete the leading /24 from the link and try this:

http://192.168.1.1

486

Intrusion Detection and Prevention / Re: OpenVPN interface + IDS/IPS

« on: January 17, 2018, 10:59:18 pm »

Indeed. Still, PPPoE at least would be nice to be supported, it's not the usual software driver one might think of. While it's old and whatever, it is widely used in many countries, it's not like it's dying...

Also, PPPoE is single-threaded, another annoying implementation... not OPNsense fault obviously, none of them.

487

Intrusion Detection and Prevention / Re: OpenVPN interface + IDS/IPS

« on: January 17, 2018, 10:47:02 pm »

Bloody netmap (kidding of course)

Thanks for the info Franco

488

Intrusion Detection and Prevention / Re: Windows Updates

« on: January 17, 2018, 10:44:08 pm »

Thank you, but i don't think this is my case, my firewalls are always up. I'm a security freak (more or less), my job is security related, i would never turn off my firewalls I even sandbox a lot of stuff on my main PCs, virtualize and use various containers to protect stuff.
Also, turning off wf is a very bad idea generally, lots of services will not work (as a rule) in windows without it. Strange thing is that windows logs contain errors usually related to connectivity, certificates, NTP while running wu. I'll dig deeper in the upcoming days...

I really think this is IDS/IPS related, no matter how much i would like it not to be. There are a few bugs related to ids/ips in the repository, who knows, something there might be my issue. It's not the end of the world, but i have to find out what exactly is the problem, as i intend to migrate my clients to opnsense soon. I will start disabling rulesets, narrow things down..

489

17.1 Legacy Series / Re: OPNsense vs. pfSense article - any thoughts on that?

« on: January 17, 2018, 10:02:28 pm »

I just deleted my pfsense forum account. Didn't contribute much, way less then here, but i browsed it a lot. When 18.1 will be out, i'll migrate all my clients to OPNsense. Lots of work, but it's worth it. Don't want to throw mud and blood so my reasons are irrelevant at this point, pfsense has been a good companion over the years, so all I can and will say is that i feel that they forgot about their roots. And i hate this.

Franco is one of those people who care, as limited his time may be. OPNsense feels like a fresh breath and things are going in the right direction, at least for my tastes.

Keep up the awesome work!

490

Web Proxy Filtering and Caching / Re: block lists not including urls nor expressions?

« on: January 17, 2018, 09:19:41 pm »

If you only try to block ads, why not use the most simple method available?
Use the DNS servers from here: https://adguard.com/en/adguard-dns/overview.html

Free, easy, simple, 0 maintenance, effective

P.S. Hopefully works with finish ad servers as well

491

Intrusion Detection and Prevention / OpenVPN interface + IDS/IPS

« on: January 17, 2018, 07:57:44 pm »

So...

Another issue:

- WAN link is PPPoE (it's known IPS won't work with this, yet, because of the freebsd kernel)
- IDS without IPS will list alerts for WAN (even if PPPoE), LAN and also the VPN interface (if you create one and add it to IDS)
- IDS+IPS is only working on the LAN interface, so the VPN interface is also failing to be scanned

I'm guessing this has something to do with the WAN being PPPoE, but can anybody confirm this, please?

Also attached a screenshot with IDS without IPS...

Thank you.

492

Intrusion Detection and Prevention / Re: Windows Updates

« on: January 17, 2018, 07:41:43 pm »

Yes, i too found these somewhere on the internet and learned that they brake wu. Already set them to 'alert', although didn't have actually alerts from these rules.

Also tried without IPS (attached Screenshot_6.png) and eventually without IDS at all (Screenshot_7.png).

Without IPS, i only had some geoip alerts i have set, absolutely nothing else..

After a few retries (10+), it will work eventually even with IDS/IPS. RDP works almost every time, but without IDS/IPS connections are almost instant, no delays whatsoever. With, i have to wait ~15-20secs to connect, almost times out. RDP as long as it works is fine, even with delays, but windows updates fail most of the time, with an error that suggests something is blocking it. But why is it working after many many retries? Strange...

493

Intrusion Detection and Prevention / Re: Windows Updates

« on: January 17, 2018, 05:14:10 pm »

Ok, i'll try & report back. Thank you!

494

Tutorials and FAQs / Re: Fast and easy way to protect your home and/or small office network with OPNsense

« on: January 17, 2018, 02:20:38 pm »

Feel free to comment, ask questions, tell your success/fail stories...
Criticism is also welcomed

495

18.1 Legacy Series / Re: PPPoE and pf restart after OPNsense reboot

« on: January 17, 2018, 01:36:05 pm »

Yep, great, up and running, i have not (yet) managed to reproduce any issue, 5+ reboots and still everything is fine (lan, wan, vpn, aliases etc.)