Messages

16

Zenarmor (Sensei) / Re: Repeated "Ethernet detached" events / Flapping caused by Sensei Zenarmor?

« on: December 20, 2022, 08:08:40 pm »

I can see why my post was a bit misleading. The WAN and LAN are just labels on eth0 and 1. This is configured as a transparent filtering bridge between the WAN (handled by another edge FW/router) and the LAN.

17

Zenarmor (Sensei) / Repeated "Ethernet detached" events / Flapping caused by Sensei Zenarmor?

« on: December 20, 2022, 05:29:15 pm »

I have been having a problem with repeated ethernet detached events which seem to cause very brief interface flapping.

I have narrowed this down to Sensei/ZA as it does not happen when in bypass, but I cannot figure out how to fix and wondering if anyone can add any insight. It also should be noted that I am running in a somewhat unique config using their Bridge Mode which is labeled as "experimental" so there's that. However, I would think running a NGFW in a transparent filtering bridge config isn't unusual and should work.

Here is my setup:

• Protectli appliance with Intel(R) Core(TM) i3-7100U CPU, 8 GB RAM, Intel NICs.
• Two interfaces enabled in OPNs and configured as a transparent filtering bridge in OPNs as L2 bridge (EM1/LAN and EM0/WAN shown in logs), no L3 IP assigned.
• Third MGT interface assigned (this interface isn't protected by Sensei and doesn't have the issue)
• CRC/TSO/LRO disabled on all interfaces
• Firewall disabled as I don't need any of those features and want to remove unnecessary variables
• Sensei configured to protect the bridge (not the MGT interface)

Code: [Select]

2022-12-20T10:13:02-05:00 Error opnsense /usr/local/etc/rc.newwanip: Failed to detect IP for WAN[wan]
2022-12-20T10:13:02-05:00 Error opnsense /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'em0'
2022-12-20T10:13:02-05:00 Error opnsense /usr/local/etc/rc.linkup: DEVD: Ethernet attached event for static wan(em0)
2022-12-20T10:13:01-05:00 Error opnsense /usr/local/etc/rc.newwanip: Failed to detect IP for LAN[lan]
2022-12-20T10:13:01-05:00 Error opnsense /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'em1'
2022-12-20T10:13:01-05:00 Error opnsense /usr/local/etc/rc.linkup: DEVD: Ethernet attached event for static lan(em1)
2022-12-20T10:12:59-05:00 Error opnsense /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for static wan(em0)
2022-12-20T10:12:58-05:00 Error opnsense /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for static lan(em1)
Thanks in advance!

18

20.1 Legacy Series / WAN Quality - Interpreting RRD Chart/Packet Loss

« on: February 21, 2020, 10:25:43 pm »

I am a bit confused by what I am seeing on the Reporting > Health > Quality > WAN. Specifically I am seeing intermittent loss represented as 100m or as high as 500m. I am expecting a percentage, so what does the "m" stand for? Even more confusing, I can find no other metric to corroborate the loss being reported. CPU/RAM and WAN bandwidth is not under strain (at all) and I cannot reproduce any ICMP packet loss via a manual ping to line up with what the Quality chart is showing. Internet quality tests (DSLReports, Ookla) come back clean and I also have moved the "monitor IP" to other reliable IP's and get the same result.

Thanks in advance.   

19

Development and Code Review / Re: Sensei blocking ns1.attdns.com .. ns2, ns3, ns4

« on: February 18, 2020, 10:40:37 pm »

Similar to IDS, it takes a bit of tuning to get the categories 100% for your environment. When you first turn on Sensei or make policy changes it is good practice to check to see what is being blocked via:

Sensei > Reports > Blocks > Live Blocked Sessions Explorer

Then add any necessary exceptions. Be careful not to whitelist entire categories which is the default. Just select the "hostname" radio button.

20

Intrusion Detection and Prevention / Re: Ads blocking

« on: February 14, 2020, 08:05:02 pm »

Forgot to mention, Sensei is resource intensive and requires a decent/modern CPU and free RAM. Make sure you follow their HW sizing guide, but it is a little confusing because it references number of devices (concurrent) AND bandwidth.

For example I have 400/20 for my WAN and less than 15 concurrent devices. Based on the WAN speed the chart would seem to point me to a quad core i7 CPU which is ridiculous. I am running a i3-7100U with 8G RAM and it isn't breaking a sweat. You could probably get away with 4GB RAM depending on your sizing and modules. Celeron's are a no-go (learned from personal experience).   

https://help.sunnyvalley.io/hc/en-us/articles/360025047373-Hardware-Requirements

21

Intrusion Detection and Prevention / Re: Ads blocking

« on: February 14, 2020, 07:46:47 pm »

From their site:

The engine processes the request, queries to "SVN Cloud" in real-time and decides whether it will be blocked or allowed. We check against 140+ Million Websites, under 120+ categories in milliseconds.

The free edition is limited but if you don't need more than 1 policy (you don't need to apply different policies to different machines/users), it is pretty functional. The paid version also gets you additional security features and allows granular filtering of apps and/or content (excellent for kids). I really liked the reporting which provides detailed traffic insight so I went ahead and purchased the Home edition.

I think you will need a paid edition to get the Ad blocking without globally enabling all the filtering. If all you are after is ad blocking you can probably do the same thing for free with OPNsense Web Proxy and lists but it isn't nearly as easy to setup. My suggestion is install it and see if it is something you want to spend $$ on.   

Their site has some good screenshots and video of the feature set:
https://www.sunnyvalley.io/sensei/

Link to the documentation for each feature:
https://help.sunnyvalley.io/hc/en-us/sections/360004602594-Modules

Version Comparison:
https://www.sunnyvalley.io/plans/

22

Intrusion Detection and Prevention / Re: Ads blocking

« on: February 13, 2020, 04:51:45 pm »

Sensei is pretty sweet and easy. Love the other functionality of it as well.

23

Hardware and Performance / Re: Netdata - CPU breakout by app (apps.plugin)

« on: February 07, 2020, 08:08:46 pm »

Yeah but nothing jumped out. Looks like there is a config file that might need editing to enable it. However, the netdata documentation says it is enabled by default so I doubt this is the issue. Will have to check it tonight.

Looks like it is located here:
/usr/local/etc/netdata/netdata.conf

Curious to know if this is enabled by default for others.

24

Hardware and Performance / Netdata - CPU breakout by app (apps.plugin)

« on: February 07, 2020, 03:55:13 pm »

Loving netdata plugin but the app breakdown of CPU usage is not populating and is instead lumping them all under system. Based on what I have read the plugin should install by default, but I am by no means an expert on cmd line configuration.

Thx in advance.

25

Hardware and Performance / CPU Interrupt Baselines and Guidance?

« on: February 06, 2020, 01:29:06 am »

Hoping some performance experts can help me to understand and evaluate performance of my OPNs install on a Protectli FW4B:

Intel(R) Celeron(R) CPU J3160 @ 1.60GHz (4 cores)
8 GB RAM
128 SSD
4 Intel GB NIC
WAN: 400 Mbps down / 20 Mbps up

Seeing the following under medium load (sometimes peaking over 1.0 but never seen over 2):

Load average   0.97, 0.64, 0.68


item                min             max              average
user                    0             30.157691647      3.507191605801969
nice                  0             0                      0
system           0             15.248910052      1.3458949910876143
interrupt #   0             8.4754407825      0.5792166584692486
(Interrupts jump to 18 or so when under a speed test maxing out WAN)


For interrupts, I don't really understand what is considered out of range.

Thanks in advance!

26

Zenarmor (Sensei) / Re: Sensei - Issues with upgrade to OPNs 20.1?

« on: February 05, 2020, 10:12:35 pm »

After a complete re-install of Sensei things are much better. I think that something must have not gone well with the 20.1 upgrade.

Turns out I was misinterpreting the load averages and thought it was a straight percentage. Considering I have 4 cores, the numbers aren't bad at all. However, the widgets on the dashboard and reports are still slow when setting the time-frame to anything larger than 1 hour. It addition I can't seem to achieve my max bandwidth with Sensei enabled. Works just fine without it.

Sunny Valley suggests a i5 with a clock speed of 3GHz or better for my bandwidth 400/20. I think this is where my setup falls short. The thing that is perplexing is the load averages and CPU performance data doesn't seem to support this, but it is possible I am missing the bottleneck in the perfdata.

Still interested in comparing specs of people running Sensei.

27

Zenarmor (Sensei) / Re: Sensei - Issues with upgrade to OPNs 20.1?

« on: February 04, 2020, 08:21:26 pm »

Following up on this after a complete re-install...

Things are slowly bogging down again and the DB seems to grow at a pretty good clip - (40 MB growth in approx 12 hours). CPU load increased dramatically when enabling security, app and web controls. Just seems odd as there is literally no traffic because nobody home (under 100k bps). Yet with Sensei running the CPU is showing load averages of: 0.68, 0.56, 0.62 (or higher with spikes over 1.0).

My hardware is a Protectli FW4B with 4 core Intel J3160, 8 GB RAM and SSD which seems to exceed the "recommended" spec for OPNs. I suppose it's possible the Celeron could be an issue??

Based on this is seems Sensei is extremely CPU intensive and requires a i5 or better even for small deployments. Before I scrap my (brand new) hardware, curious to know the hardware specs of others who are running Sensei with success.

28

Zenarmor (Sensei) / Sensei - Issues with upgrade to OPNs 20.1?

« on: February 03, 2020, 08:24:35 pm »

Curious to know if anyone is experiencing issues with Sensei and OPNs 20.1? Everything was running fine until I upgraded to 20.1 and now the report widgets are extremely slow to load. The configuration screens are slow as well. Re-install and everything runs fine for awhile but slowly degrades.

Opened a case with Sensei support and they believe it is the processor, yet there are no signs of bottlenecks in the perf data. Also, seems odd considering it was working just fine prior. I am using a Protectli FW4B with Intel(R) Celeron(R) CPU J3160 @ 1.60GHz (4 cores), 8 GB RAM and SSD. Only 3 users in the house and they aren't doing anything crazy. Usually less than 5 concurrent devices using discernible FW resources yet the DB seems large and grows to 500MB+ within 24 hours of fresh install.

Really enjoyed the features of Sensei and don't want to purchase a new box unless necessary.