Messages

I just replied to another thread on this , im having the same problem, seems to be python3.7 for me. do a top command and see what process is causing the spike.

I'm seeing the same for me just updated 2 units and the cpu utilization seems much more spiky and erratic. in all cases it does seem to be that python3.7 seems peg the processor at random intervals for anywhere from 10 - 60 seconds in one case it was a few minutes. I upgraded from 19.1.10 --> 19.7 ->19.3

Im still monitoring and will report back any more info i have another 5 devices i need to update but am holding off until in know this isn't going to be a performance issue.

I have the same issue i dont see the "hosts" field when using IP List.

right now im using this grok pattern to help out.

%{WORD:ips}\[%{NUMBER:UNWANTED}\]: \[%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}\] %{DATA:description} \[Classification:%{DATA:classification}\] \[Priority: %{NUMBER:priority}\] \{%{WORD:protocol}\} %{IP:src_ip}:%{NUMBER:src_port} \-\> %{IP:dst_ip}:%{NUMBER:dst_port}

frig, i just got it working but not sure in the best way.

The first issue that i ran into was when i created the OPT1 (ovpnc4) interface and assinged it DHCP for address,i checked ifconfig on the opnsense box there was no address assigned to OPT1 until i restarted the openvpn client, i then received an IP from the openvpn server on the other end.

So with that sorted  I then created a static route to the host i needed 10.11.0.1/32 and used gateway OPT1. Thoroughly confused why this wasnt working. I added a outbound NAT from interface OPT1 and translation interface address and boom now working. Not sure if this is the most efficient way of doing it but it is working.

Also added a any any firewall rule for the newly added OPT1 interface

I only needed access to the openvpn private network not any networks behind the openvpn server so it may have made this more of a unique scenario.

I hope this makes sense and can help someone else  :D

thanks bart for your replies.

Well the firewall is not blocking the traffic , do i need to create and new interface for this ? its seems as if opnsense is not using the routing table for this traffic. i can see the proper route out to that network via ovpnc4.
update:
I also created a new assignment interface (opt1) and still not routing out. the opnsese box itself knows how to route this traffic when im connected via ssh on the LAN network.

firewall is not blocking traffic when attempting to access 10.11.0.0/16

Hi

I have Openvpn server running on 10.51.0.0/16 - for user vpns

I have Openvpn clinet running on 10.11.0.0/16 for remote logging
Opensense connects via the client fine and from the opnsense box i can communicate over the client vpn network 10.11.0.0/16 but i need a workstation on the lan 192.168.50.0/24 to access the 10.11.0.0/16 network.
Ive looked though some posts re NAT entries but still cant get this going, seems it should be fairly simple but must be missing somthing? do i manually need to add somthing specific.

OpenVPN firewall rules are IPv4 * * * *
my outbound nat rules have 10.11.0.0/16 on WAN interface permitted.

help is appreciated.  ;D

fo me i find the script not useful , i just download the databases manually and scp them into the proper directory. make sure the files actually get copied, with the script i noticed it would copy into the tmp directory but never actually fully copy the file.

Does anyone have a graylog extractor for suricata messages send to syslog? :)

well i can see that these logs are just random probes from mother russia. But i dont see these anywhere in ntop these are attacks straight to the FW itself. Very confusing and not very useful info as the purpose of slack would be to aggregate the logs that would normally see from NTOP - which do not seem to get logged. :P

Anyone using the ntop alerts via slack?? Just trying this for the first time and not really sure what is happening , I thought that it would just forward the alerts that are appearing the the "flow alerts" section of ntop but apparently not im just getting stuff like below that does not in any way match the alerted flows in ntop.. no more info than that . is this just a useless feature?

22/04/2019 20:00:08][Blacklisted Flow] Client, server or domain is blacklisted [Flow: xxx.176.26.66:52077 xxx.xxx.local:40100] [L4 Protocol: TCP]

Nevermimd the GEO max maps were missing from

/usr/local/share/ntopng/httpdocs/geoip

using 19.1.5_1 and noticed that my geomap is no longer displaying flows.

Longitude and Latitude are reporting correctly in the browser and API key is installed.

anyone having the same issue?

J

run: chmod +x /usr/local/opnsense/scripts/OPNsense/Ntopng/generate_certs.php

Correct, im not going to make a script as i believe this will be fixed in a upcoming release...