Messages

Aw it IS proxmox.  Yes that is 100% the issue.  Try either a different driver OR pass through the entire NIC port.  Everything else would work as most other things are generic, netmap/suricata needs specific driver support, HyperScan doubly so.

Edit: SR-IOV is the best driver for this card and will allow full pass-through as you stated, try that and report back on any improvements...

Thank you for that.  I assumed that was the case but wanted to double check. 

vtnet1 does not support NS_MOREFRAG

This is a NIC reply NOT a suricata/OS reply.....Unfortunately this means its most likely a FreeBSD driver issue with your particular NIC.  What are you using? Bare metal or virtual? vtnet1 means you have it virtualized? In any case its a driver issue.  If this is virtualized you could try a different driver to pass thru.

1. No suricata works fine
2. HyperScan is limited to certain NIC's, AFAIK realtek/whatever will not work, Intel nics work well

I am using HyperScan and it works fine (quite an improvement actually).  Do you have sensei installed? 2 apps cant use the same interface with netmap...if something else is bound to that int suricata will fail to start...any other logs?

The plans are a bit confusing on this front, are we able to manage unix/bsd installs with the home plan or is that blocked? Central Policy is listed as not for paid home use BUT how then are we able to manage the firewall?

Basically, how do I manage a bare metal installation? I assume its possible since its listed as a "feature", to be able to install on BSD/Linux etc.  Would I need to run 2 boxes with opnsense, 1 box as a firewall and 1 box with firewall disabled running sensei if I wanted a dedicated sensei box?

So if I want to install this on Debian/CentOS in bridge between OPNSense and my network on a dedicated server, it will not not work, is that correct? Linux install requires Cloud Portal to function? How do I manage it? Thanks!

I am unclear on the cloud management.  How am I able to unblock blocked sites in reports? I am not able to find it.  Also I am not able to drill down, I see graphs but am not able to interact with them at all.  Is this expected, or is the cloud portal still not ready for prime time?

Thanks!!

Bump

Block pages are still not working, Im assuming it is a known issue?

This is correct, it is the same on 20.1.  If you want to use internal services based around a port forward you need to enable that.

What plugins? I had a few on pfsense and it was solid. Only reason I switched to opnsense was a more aggressive dev timeline.  Last pfsense release had terrible performance issues and would randomly hang due to a bug that was put in a future patch.  Opnsense has plugins, yes. Its the same base as pfsense (bsd) and as such can use ports.

pfsense does indeed support port scan blocking, as does opnsense.  The plugin you want for either firewall is called "suricata", and in the rulesets there is a category for scans :) that will detect port scans and block.

Would you share the solution just for closure? Thanks!

Great idea.  Much needed. :)

I am also having issues using any DNS mappings after the update.  I have internal sites that are now reachable from outside but not inside the network.  I was just thinking, I have DNS over TLS setup per the tutorial and the upgrade may have wiped those settings, not sure.  I will check when I get home.