Messages

I also have had problems with IPv6 in OPNsense. Miraculously, my problems seem to have disappeared after I played around a bit with the settings DHCPv6, SLAAC and static IPv6 in the WAN interface configuration.

Currently, I'm using a dual stack configuration with IPv4 Configuration Type PPPoE and IPv6 Configuration Type SLAAC.

Nevertheless, I can confirm the schnipp's observations.

• Registration of an IPv6 address with the built-in DynDNS client (Custom v6) failed.
• Static IPv6 was bound to the wrong interface (ix0_vlan7 instead of pppoe).
  

On top of that I also had issues using IPv6 as internet protocol in an IPsec configuration. In this case the link local address of the WAN interface (instead of its unique global address) has been assigned to the 'left' parameter in ipsec.conf.

Despite everything looks fine right now, I'm nonetheless worried that something is (partly) broken with regards to IPv6. Unfortunately I have not been able to reproduce the problems so far.

[connection method]

Hi all,

I have the same issue here with a site-2-site IPSec tunnel. OPNsense does not build up the IPsec tunnel.

In my setup I can pin down the problem to the connection method in the tunnel settings. OPNsense fails to establish the IPsec tunnel when 'Start immediate' is selected as connection method.

As soon as I select 'Start on traffic' as connection method, everything works fine.

Can anybody reproduce this issue with his/her own setup?

As I am experiencing the same issues with PPPoE reconnect loops I would be interested in a bugfix, too.

It's a pity that this issue hasn't been fixed yet.

Nevertheless, many thanks to all those who are contributing to the success of OPNsense.

Franco, thank you for referring to the potential PPPoE problems.

However, Schnipp is right that Suricata supports both PPPoE and VLAN decapsulation. So it's all the more incomprehensible and confusing that it still does not work in IPS mode.

As far as I understood, IDS uses simple packet capture while IPS utilizes netmap. Unfortunately, I have not found any reliable information on how far netmap can handle PPPoE and VLAN.

During some analysis I have seen that the output in /var/log/suricata/stats.log differs between IDS and IPS mode. While in both modes Suricata logs the decoding of IP, ethernet, TCP, UDP, PPPoE packets etc., app layer parsing/inspection seems to be different.

In IDS mode the following app layer parsings are logged:

Code Select Expand

app_layer.flow.http
app_layer.tx.http
app_layer.flow.tls
app_layer.flow.dns_udp
app_layer.tx.dns_udp
app_layer.flow.failed_udp

In IPS mode I just can see the following app layer parsings:

Code Select Expand

app_layer.flow.dns_udp
app_layer.tx.dns_udp
app_layer.flow.failed_udp

Any idea, how I can increase Suricata verbosity level to see more log details and error messages?

Still not working.  :-[

Tried the following interface configurations:

WAN:  pppoe0 (ix0_vlan7)
IPS:     vlan7 on ix0 (PPPoE)
IPS:     ix0


No success at all. Last example completely freezes my internet connection when enabling IPS mode.

Hi Franco,

thanks for spending some time on my issue.

Currently, OPNsense (WAN) is connected to my FTTH modem via ix0 interface. However, in OPNsense my WAN interface is assigned to pppoe0 (ix0_vlan7).

If I understand you correctly, this configuration might be the reason for my issues. Should I create a new "IPS" interface which is directly assigned to the physical ix0 interface and use this IPS interface instead of WAN interface within the IDS/IPS module?

IPS still not working as expected.

However, I realized that IDS mode also is causing troubles when I use third party rulesets, e.g. abuse.ch/URLhaus.

While access to the EICAR testfile is at least logged by OPNsense test ruleset, the system remains completely silent on any third-party rules.

Hi all,

I am experiencing some issues with IDS/IPS on OPNsense 18.1.8.

As I am new to IDS/IPS I am currently just using OPNsense/test rules as a very basic setup. In a first step I just have enabled the IDS functionality. The test rules work pretty fine.  E.g. access to the EICAR testfile will generate an alert and will be logged by OPNSense.

As soon as I enable IPS the problems are arising. Once again, I will access the EICAR test file. But now NEITHER an alert is being generated NOR the access to the file is being blocked.

Once I have disabled IPS again, logging works again like expected.

Am I missing something? Or is there a bug in the IPS module?

Is someone having the same issue?

Hello,

I have some issues with cloning my IPSec VPN Tunnel Settings.

Currently, I am using two different phase 1 entries. Cloning of the 2nd phase 1 entry works pretty fine. While during the cloning process of the 2nd phase 1 entry OPNSense offers the option to clone related phase 2 entries as well, this option is completely missing when I want to clone the 1st phase 1 entry.

A short review of the website's html source code shows that eight lines of html code are missing (relating to cloning of phase 2 entries) when I want to clone my 1st phase 1 entry.

Any ideas what is causing this behaviour? Can anyone point me in the right direction, please?

I am currently running OPNsense 18.1.6-amd64, FreeBSD 11.1-RELEASE-p9. But I already have this issue since I have started my OPNSense setup with version 18.1.

Hello all,

I just started with my own OPNsense setup and wanted to give some feedback.

So far everything works like a charm. Luckily, there are also no problems with PPPoE. On the WAN side I use the fiber optic bridge modem provided by my ISP Deutsche Telekom.

Regards,
glasi