61
15.7 Legacy Series / Re: OPNsense 15.7.7_1-i386 - Connection Error checking for updates
« on: August 09, 2015, 02:33:04 am »
Console worked.
I like your sig, weust. Me too.
I like your sig, weust. Me too.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
62
15.7 Legacy Series / Re: OPNsense 15.7.7_1-i386 - Connection Error checking for updates
« on: August 08, 2015, 11:32:35 pm »
I assume you mean under System-> Firmware? If I check there, it says "current status is unknown" and isn't offering any.
63
15.7 Legacy Series / Re: OPNsense 15.7.7_1-i386 - Connection Error checking for updates
« on: August 08, 2015, 08:30:53 pm »
Not yet. I run it headless as an appliance, so I have to drag out some peripherals to do that.
64
15.7 Legacy Series / [SOLVED] OPNsense 15.7.7_1-i386 - Connection Error checking for updates
« on: August 08, 2015, 07:45:03 pm »
I've been successfully doing updates with the GUI since 15.1. Yesterday, and today, checking for updates results in:
Connection Error
Click to retry
Problems at your end?
Connection Error
Click to retry
Problems at your end?
65
15.7 Legacy Series / IDS Auto-block
« on: July 31, 2015, 11:17:29 pm »
Is it (or will it be) possible to auto-block external addresses that are located by the IDS and Suricata rules?
The alerts are fantastic for tracking down a misbehaving host. It isn't always possible to 1) get to it right away and 2) monitor threats realtime.
Or does it already do this and I'm not seeing a setting or understanding that enabling will do this.
Thank you as always.
The alerts are fantastic for tracking down a misbehaving host. It isn't always possible to 1) get to it right away and 2) monitor threats realtime.
Or does it already do this and I'm not seeing a setting or understanding that enabling will do this.
Thank you as always.
66
15.7 Legacy Series / Suricata/OPNsense Questions
« on: July 06, 2015, 12:35:10 am »
Greetings. I'm exploring 15.7 and found the Intrusion Detection! Excellent job, devs!
First, I checked the wiki because I'd like to learn a little more about it since I've not heard of Suricata before now. Some general questions:
1) By default, IDS is monitoring LAN, is this correct? I would have thought I'd want to watch for these at WAN.
2) Is there a list somewhere, (Suricata site?) that defines what all of these rulesets are? Some are obvious, some not so much.
Once again, thank you. Very nifty!
First, I checked the wiki because I'd like to learn a little more about it since I've not heard of Suricata before now. Some general questions:
1) By default, IDS is monitoring LAN, is this correct? I would have thought I'd want to watch for these at WAN.
2) Is there a list somewhere, (Suricata site?) that defines what all of these rulesets are? Some are obvious, some not so much.
Once again, thank you. Very nifty!
67
15.7 Legacy Series / Re: Help with Guest WiFi & DNS
« on: July 03, 2015, 01:34:46 am »
Please disregard. My IP6 rule was fine, but I had left my IP4 allow rule to TCP, not "any".
68
15.7 Legacy Series / [SOLVED] Help with Guest WiFi & DNS
« on: July 03, 2015, 01:11:57 am »
Hi all, I'm new at configuring a more professional firewall than what an off-the-shelf router offers. I must be missing something simple.
I have OPNsense running great as my firewall, WAN/LAN interfaces. Today, I wanted to use the builtin wireless card (OPT1) to create a guest WAP along with DHCP service on that interface.
Everything works except that DNS on that interface will not resolve anything. Going to the numeric IP address of anything works great. I tried letting it use the default DNS as well as manually entering Google's DNS servers. Nothing.
I've allowed "any" to "any" on that interface to get it up and running, so I don't think it is blocking DNS. I do plan to lock it down later and use the captive portal.
I'm just stuck.
I have OPNsense running great as my firewall, WAN/LAN interfaces. Today, I wanted to use the builtin wireless card (OPT1) to create a guest WAP along with DHCP service on that interface.
Everything works except that DNS on that interface will not resolve anything. Going to the numeric IP address of anything works great. I tried letting it use the default DNS as well as manually entering Google's DNS servers. Nothing.
I've allowed "any" to "any" on that interface to get it up and running, so I don't think it is blocking DNS. I do plan to lock it down later and use the captive portal.
I'm just stuck.
69
Development and Code Review / UPS Support
« on: June 26, 2015, 01:20:52 am »
I didn't see anything on the roadmap. I'm curious if we'll eventually see UPS support for graceful shutdowns.
Perhaps when plugin support is added we'll see something like this?:
http://wiki.ipfire.org/en/addons/nut/start
Perhaps when plugin support is added we'll see something like this?:
http://wiki.ipfire.org/en/addons/nut/start
70
15.1 Legacy Series / Re: msk0 watchdog timeout
« on: June 26, 2015, 01:12:16 am »
No worries at all, it's been working great with a USB adapter. I'll probably update the hardware in a few months anyhow. Thanks!
71
15.1 Legacy Series / Re: msk0 watchdog timeout
« on: June 23, 2015, 02:06:51 am »
Well, unfortunately, that didn't fix it.
I'm going to run off a USB->Ethernet adapter instead of the built-in NIC for awhile to be sure that the problem is not something about my system (hardware).
If I get that error with the adapter, maybe my older computer I'm using this for is having an issue of some sort.
I'm going to run off a USB->Ethernet adapter instead of the built-in NIC for awhile to be sure that the problem is not something about my system (hardware).
If I get that error with the adapter, maybe my older computer I'm using this for is having an issue of some sort.
72
15.1 Legacy Series / Re: msk0 watchdog timeout
« on: June 22, 2015, 10:57:05 pm »
Thanks! Installed.
I was seeing the error every few hours under load, so I should know quickly if it is better. I'll probably let it go for a couple of days (unless it happens again) before reporting back.
Thank you again.
I was seeing the error every few hours under load, so I should know quickly if it is better. I'll probably let it go for a couple of days (unless it happens again) before reporting back.
Thank you again.
73
15.1 Legacy Series / Re: msk0 watchdog timeout
« on: June 21, 2015, 08:26:28 pm »
Hello,
Thank you for the quick reply - just fantastic!
I don't believe that will work for me, but correct me if I'm wrong. The older box is 32-bit only (core2duo that is 64-bit capable, but sadly no 64-bit BIOS support) so i386 is the version of OPNsense I've installed.
Thank you again.
Thank you for the quick reply - just fantastic!
I don't believe that will work for me, but correct me if I'm wrong. The older box is 32-bit only (core2duo that is 64-bit capable, but sadly no 64-bit BIOS support) so i386 is the version of OPNsense I've installed.
Thank you again.
74
15.1 Legacy Series / msk0 watchdog timeout
« on: June 21, 2015, 06:41:32 pm »
I'm fairly positive this is a FreeBSD bug, but thought I'd post here in case 1) someone has a workaround or 2) it isn't a FreeBSD bug.
I just installed OPNsense on an older PC using the built-in NIC (Marvel Yukon) and a USB adapter. This is really just for my home with a few users and it gets my WiFi router out of NAT/Gateway duty and into infrastructure mode. So, not a lot of horsepower needed and there is a definite speed improvement and a lot more options!
Everything worked fantastic for about 12 hours, then the console showed:
msk0 watchdog timeout
prefetch unit stuck
initialization failed no memory for Rx buffers
msk0 is my LAN and obviously everything went dead until a reboot.
Again, I'm fairly positive this is a FreeBSD issue based a regression bug here in the 10.x series (there are also 2 other related reports that are in-progress:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=186872
My next step, pending other hints here, is to go with another USB Ethernet dongle to see if the error pops up again with a different interface. The older PC I'm using is a small form factor with no PCI slots, hence the USB approach.
I just installed OPNsense on an older PC using the built-in NIC (Marvel Yukon) and a USB adapter. This is really just for my home with a few users and it gets my WiFi router out of NAT/Gateway duty and into infrastructure mode. So, not a lot of horsepower needed and there is a definite speed improvement and a lot more options!
Everything worked fantastic for about 12 hours, then the console showed:
msk0 watchdog timeout
prefetch unit stuck
initialization failed no memory for Rx buffers
msk0 is my LAN and obviously everything went dead until a reboot.
Again, I'm fairly positive this is a FreeBSD issue based a regression bug here in the 10.x series (there are also 2 other related reports that are in-progress:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=186872
My next step, pending other hints here, is to go with another USB Ethernet dongle to see if the error pops up again with a different interface. The older PC I'm using is a small form factor with no PCI slots, hence the USB approach.