Messages

46

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: February 12, 2019, 07:51:30 pm »

One thing I did notice was that suricata seems to go crazy when in IPS mode and configured to monitor gif interfaces. Brings the entire network stack down. I'm gonna guess that netmap doesn't work with tunneling interfaces (at least, not yet?) Thank goodness for the serial console port on the APU devices.

47

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: February 12, 2019, 02:52:56 pm »

Deployed successfully on another APU4c4 in a lab environment with tunneled IPv6. Working great!

48

18.7 Legacy Series / Re: enable PAE

« on: February 12, 2019, 01:36:13 pm »

PAE isn't really functional except on FreeBSD HEAD (13-CURRENT) where it recently received some much-needed love.

49

Intrusion Detection and Prevention / Re: ET Pro Telemetry Edition token

« on: February 12, 2019, 01:34:31 pm »

Never mind. I just had to be a little more patient. Sorry for the noise!

50

Intrusion Detection and Prevention / [SOLVED] ET Pro Telemetry Edition token

« on: February 11, 2019, 07:16:51 pm »

Hey all,

How soon after hitting the "go" button to "order" the free ET Pro Telemetry Edition ruleset should I get the email with the token?

51

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: February 11, 2019, 07:14:36 pm »

Installation of the test world+kernel sets on the APU4c4 securing HardenedBSD's build network and infrastructure succeeded without issue. I've got Suricata running in IPS mode and only inspecting traffic on the LAN interface. Seems to be working fine for me for now. I'll be placing the firewall under load over the next few days and will report back.

52

19.1 Legacy Series / Re: cpdup failure in 19.1-rc1 installer

« on: February 11, 2019, 06:37:51 pm »

Yup. For those, like me, who had to act in "emergency mode", I wrote an article about how to solve this: https://github.com/lattera/articles/blob/master/hardware/apu/2019-02-05_flashing_bios/article.md

I ended up using legacy v4.0.23, but I could upgrade to 4.9.0.1, I guess.

53

19.1 Legacy Series / Re: Kernel panic after upgrade

« on: February 11, 2019, 03:23:30 pm »

I have a spare R410 lying around. The RAM in it is dead. If you can hold out until I can buy new RAM (within a week or so), I'd be happy to test out on my (currently dead) R410.

54

19.1 Legacy Series / Re: Kernel panic after upgrade

« on: February 08, 2019, 07:41:51 pm »

You can also set them for only the current boot by escaping to the loader prompt in the bootloader. So when you see the OPNsense boot menu, hit select option 3, then type:

set vm.pmap.pti="0"
set hw.ibrs_disable="1"
boot

Doing this does disable Meltdown/Spectre mitigations. But only for that one boot just to see if that's the problem.

55

19.1 Legacy Series / Re: Kernel panic after upgrade

« on: February 07, 2019, 07:27:52 pm »

What happens when you set:

hw.ibrs_disable=1
vm.pmap.pti=0

56

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: February 07, 2019, 04:14:03 am »

Sounds good. In that case, next chance I get to do network maintenance on the HardenedBSD build infrastructure, I'll test this out.

57

German - Deutsch / Re: Problem OPNsense 19.1 und APU.4B4

« on: February 06, 2019, 07:41:11 pm »

Sorry I'm not responding in German. I don't speak or read German, but I can tell that the issue you're experiencing is the same issue I had. Take a look at this article that I wrote. You'll need to flash the v4.0.23 BIOS on your APU4b4 in order for OPNsense 19.1 to work. The problem stems from a BIOS bug that is triggered in FreeBSD 11.2, but not in FreeBSD 11.1.

If you have an existing OPNsense 18.7 installation, you will want to perform the following:

1. Gain console access to your OPNsense installation
2. Install the flashrom package: pkg install flashrom
3. Download the BIOS firmware (this link is for the APU4): fetch http://pcengines.ch/file/apu4_v4.0.23.rom.tar.gz
4. Untar the BIOS: tar -xf apu4_v4.0.23.rom.tar.gz
5. Flash it: flashrom -p internal:boardmismatch=force -w apu4_v4.0.23.rom

Now you can go ahead with the OPNsense 19.1 upgrade (or installation).

The article I wrote with more detailed instructions is: https://github.com/lattera/articles/blob/master/hardware/apu/2019-02-05_flashing_bios/article.md

58

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: February 06, 2019, 06:20:52 pm »

Once I switch my home network over to a new APU4 next month, I'll give this a shot. Were you looking for a specific time frame in which to conclude the testing?

59

19.1 Legacy Series / Re: problems updating to 19.1 on a Freebsd 12p3 bhyve VM, also with bhyveload

« on: February 06, 2019, 06:18:28 pm »

Interesting. Perhaps it's not the Intel SDBG disable, then. Lemme double-check a few things and I'll get back to you soon-ish. Probably around a week or so.

60

19.1 Legacy Series / Re: problems updating to 19.1 on a Freebsd 12p3 bhyve VM, also with bhyveload

« on: February 06, 2019, 06:14:01 pm »

Were you already passing in the -w option? How were you booting opnsense 19.1 in bhyve?