Messages

Because of recurring performance issues with unbound i think it is wise to restart the service every n hours.

I could not find the way to configure this from the web interface or in the manual pages.

Please advise.


Thank you

Het verbaast me niet echt. Ik kan je geen reden opgeven maar ik ben onder de indruk dat er een of andere exploit gevonden is voor unbound. Mijn dns doet gewoon raar.


Kan je vaststellen of er ook merkbaar veel CPU load is op de firewall ? Dat was bij mij alvast het geval, de ventilator draaide haast volcontinu gedurende enkele uren wat zeer ongewoon is.

still no luck


the igmp proxy did make a difference but it remains unclear why the speakers are not responding to discovery over multi-cast on port 1900/udp


despite a few packet capture i've not seen the speakers respond at this time

[STATUS]

Dear,

My set-up is the latest production release of OpSense on a system with three network interfaces (WAN,Mobile,LAN)

While my entire Sonos setup is working fine as it is entirely connected to Mobile  i now seek to make connections to it from LAN. This uses ssdp which is a multicast based protocol over 239.255.255.250 over port 1900/udp.


STATUS not working : traffic from Sonos Desktop does cross the interfaces but does not return

Validation i run a packet capture on the Mobile interface for "224.0.0.0/4 or 192.168.29.100" which is my Lan IP

As a "narrow it down approach" i've tried various settings. Now i have a rule on top of the rulebase permitting all address towards 239.255.255.250 on both Mobile and Lan, for these rules i've also enable 'allow options' and enabled 'any flags'

In a desperate attempt i've even created src: any dst: 239.255.255.250 for any protocol as well as src: 239.255.255.250 dst: any for any protocol on both networks

Please comment or advise on what to search for. Multicast is a notable omission in any threat related to opnsense.

[update 10:22 CET 29/06/2018 ]

The Sonos App on a Microsoft System is sending SSDP (239.255.255.250) to port 1900/udp but this does not cross the interfaces on the firewall (since multicast)

Installed the IGMP Proxy Service (mixed non-results thus far)

Configured Mobile as Upstream as the Sonos Speakers are here as well as the Sonos Controller on a Tablet
Configured LAN as Downstream as the Sonos Desktop Application is located here

For each of the configured IGMP i have configured the relevant subnet and also added 239.255.255.250/32

I'm not sure what you are asking here, just yet :)

Currently i have a makeshift influxdb running and output from opnsense is visible.

Hello,

I'm looking to have Telegraf output from opnsense. Not just for system monitoring but also for suricate monitoring, is this available in the current setup of Telegraf or is extra work required ? If need be i could provide extra hands here i figure.

Are you sure you want to do that ? Some rules will kill performance on that machine.