Topics - athurdent

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - athurdent

Pages 1 2

#21

Zenarmor (Sensei) / Hardware recommendation for gigabit throughput?

September 25, 2020, 01:55:24 PM

So, I have finally gotten around to play with Sensei and so far it's really amazing! Thank you, Sunny Valley for making this available to home users. I'm still experimenting, but I think I'll definitely get the Home subscription, to better protect the kids at least. Adblocking is really good, too!

But, and actually that has kept me from trying Sensei at all for quite some time, the tech specs on the Sensei site seem a little conservative, at least for the typical home user that has gigabit but does not max out the line constantly.
I have OPNsense running on Proxmox with a Supermicro board / i3-7100 CPU 3.9GHz, assigned 2 vCPUs and 3G RAM and I am getting around 620 Mbit/s running a speedtest with an iPhone SE 2020. According to the Sensei HW specs I should probably only be getting around 300 MBit/s with that HW, on bare metal.

So, what would be a good, preferably fanless, solution for home users that want to filter their kid's traffic and still be able to achieve 1G for the occasional download?
Are the Protectli/Qotom boxes any good? Anyone running Sensei on one of those Protectli i3 barebones?

Thanks!

#22

Intrusion Detection and Prevention / GeoIP problems

February 17, 2020, 09:26:49 AM

My GeoIP database is downloading fine, using the new method, see screenshot below. I'm using the latest version of OPNsense.

It seems there is no error handling if something goes wrong, or tables end up empty. I might be missing some settings here though, new to OPNsense.

Sometimes an error is logged in syslog, e.g. selecting Asia/IPv4 results in an empty table:

Code Select

configd.py: encode idna: unable to decode AE#012AF#012AM#012AZ#012BD#012BH#012BN#012BT#012CN#012CY#012GE#012HK#012ID#012IL#012IN#012IQ#012IR#012JO#012JP#012KG#012KH#012KP#012KR#012KW#012KZ#012LA#012LB#012LK#012MM#012MN#012MO#012MY#012NP#012OM#012PH#012PK#012PS#012QA#012SA#012SG#012SY#012TH#012TJ#012TL#012TM#012TW#012UZ#012VN#012YE, return source

Another example, this one seems OK for IPv4 but is empty for IPv6: US,BE,DE,FR,GB,IE,NL

Problems arise when using GeoIP as suggested in the manual, by allowing access only for selected countries, and not blocking every unwanted country on top of the ruleset:

If the above mentioned IPv6 table ends up empty for some reason, an allow rule with that table as source has no effect and access is blocked because there is any empty table, which does not contain "any" as failsafe it seems.

#23

20.1 Legacy Series / FreeRADIUS Plugin does not configure user's VLANs properly

February 10, 2020, 09:25:22 AM

Flling in the VLAN field for a user does nothing, here's a user with VLAN 200 configured.

Code Select

root@OPNsense:~ # cat /usr/local/etc/raddb/users

TestUserwithVLAN  Cleartext-Password := "password"
       Framed-Protocol = PPP

#24

20.1 Legacy Series / Enabling Suricata IPS mode breaks OpenVPN IPv6

February 04, 2020, 09:14:12 AM

My installation runs on a Proxmox KVM with VTXNET interfaces.

OpenVPN IPv6 connections work fine with Suricata disabled and also when it's enabled without IPS mode.
Enabling IPS mode results in:

Code Select

09:04:04.141495 IP6 (flowlabel 0x093d8, hlim 54, next-header TCP (6) payload length: 44) 2a02:***.57451 > 2a04:***.443: Flags [S], cksum 0xec4a (correct), seq 984059939, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 1291158504 ecr 0,sackOK,eol], length 0
09:04:05.146364 IP6 (flowlabel 0x093d8, hlim 54, next-header TCP (6) payload length: 44) 2a02:***.57451 > 2a04:***.443: Flags [S], cksum 0xe862 (correct), seq 984059939, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 1291159504 ecr 0,sackOK,eol], length 0
09:04:06.152410 IP6 (flowlabel 0x093d8, hlim 54, next-header TCP (6) payload length: 44) 2a02:***.57451 > 2a04:***.443: Flags [S], cksum 0xe479 (correct), seq 984059939, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 1291160505 ecr 0,sackOK,eol], length 0

My incoming firewall rules for port 443 IPv6 logs the connection as successful, IPS does not log any Alert when trying to connect.

#25

Intrusion Detection and Prevention / Some ET rulesets emtpy

February 01, 2020, 08:38:42 AM

Hi there,

finally switched from pfSense to OPNsense 20.1 and I really like it :)

I'm using the telemetry rule set with the code from Deciso.
One problem though, I was wondering why Suricata does not catch ET CINS, ET DROP or ET COMPROMISED anymore like it did frequently on my pfSense Suricata.

It seems the respective rulesets are empty, just enabled and downloaded all as a test fo this. All the 58B sized are empty.
How do I fix this?

Edit: seems to be a problem with the telemetry plugin. If I uninstall that, the rules are not empty anymore.

Code Select


root@OPNsense:/usr/local/etc/suricata/rules # ls -lah
total 27224
drwxr-x---  2 root  wheel   2.0K Feb  1 08:22 .
drwxr-xr-x  5 root  wheel   512B Feb  1 08:17 ..
-rw-r-----  1 root  wheel    98B Feb  1 08:20 OPNsense.rules
-rw-r-----  1 root  wheel   233K Feb  1 08:20 abuse.ch.feodotracker.rules
-rw-r-----  1 root  wheel   932K Feb  1 08:20 abuse.ch.sslblacklist.rules
-rw-r-----  1 root  wheel    16K Feb  1 08:20 abuse.ch.sslipblacklist.rules
-rw-r-----  1 root  wheel    11M Feb  1 08:20 abuse.ch.urlhaus.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 botcc.portgrouped.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 botcc.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:18 ciarmy.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 compromised.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 drop.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 dshield.rules
-rw-r-----  1 root  wheel   2.7K Feb  1 08:20 emerging-activex.rules
-rw-r-----  1 root  wheel    37K Feb  1 08:20 emerging-attack_response.rules
-rw-r-----  1 root  wheel    13K Feb  1 08:20 emerging-chat.rules
-rw-r-----  1 root  wheel   3.8M Feb  1 08:20 emerging-current_events.rules
-rw-r-----  1 root  wheel   139K Feb  1 08:20 emerging-deleted.rules
-rw-r-----  1 root  wheel   5.2K Feb  1 08:20 emerging-dns.rules
-rw-r-----  1 root  wheel    18K Feb  1 08:20 emerging-dos.rules
-rw-r-----  1 root  wheel   132K Feb  1 08:20 emerging-exploit.rules
-rw-r-----  1 root  wheel   2.9K Feb  1 08:20 emerging-ftp.rules
-rw-r-----  1 root  wheel   6.6K Feb  1 08:20 emerging-games.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-icmp.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-icmp_info.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-imap.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-inappropriate.rules
-rw-r-----  1 root  wheel   151K Feb  1 08:20 emerging-info.rules
-rw-r-----  1 root  wheel   606K Feb  1 08:20 emerging-malware.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-misc.rules
-rw-r-----  1 root  wheel   800K Feb  1 08:20 emerging-mobile_malware.rules
-rw-r-----  1 root  wheel   2.8K Feb  1 08:20 emerging-netbios.rules
-rw-r-----  1 root  wheel    26K Feb  1 08:20 emerging-p2p.rules
-rw-r-----  1 root  wheel   217K Feb  1 08:20 emerging-policy.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-pop3.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-rpc.rules
-rw-r-----  1 root  wheel   6.8K Feb  1 08:20 emerging-scada.rules
-rw-r-----  1 root  wheel    47K Feb  1 08:20 emerging-scan.rules
-rw-r-----  1 root  wheel   3.5K Feb  1 08:20 emerging-shellcode.rules
-rw-r-----  1 root  wheel   3.5K Feb  1 08:20 emerging-smtp.rules
-rw-r-----  1 root  wheel   4.0K Feb  1 08:20 emerging-snmp.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-sql.rules
-rw-r-----  1 root  wheel   3.4K Feb  1 08:20 emerging-telnet.rules
-rw-r-----  1 root  wheel    58B Feb  1 08:20 emerging-tftp.rules
-rw-r-----  1 root  wheel   6.7M Feb  1 08:20 emerging-trojan.rules
-rw-r-----  1 root  wheel    38K Feb  1 08:20 emerging-user_agents.rules
-rw-r-----  1 root  wheel   4.5K Feb  1 08:20 emerging-voip.rules
-rw-r-----  1 root  wheel    86K Feb  1 08:20 emerging-web_client.rules
-rw-r-----  1 root  wheel    36K Feb  1 08:20 emerging-web_server.rules
-rw-r-----  1 root  wheel    13K Feb  1 08:20 emerging-web_specific_apps.rules
-rw-r-----  1 root  wheel    10K Feb  1 08:20 emerging-worm.rules
-rw-r-----  1 root  wheel    23K Feb  1 08:20 opnsense.file_transfer.rules
-rw-r-----  1 root  wheel    15K Feb  1 08:20 opnsense.mail.rules
-rw-r-----  1 root  wheel    11K Feb  1 08:20 opnsense.media_streaming.rules
-rw-r-----  1 root  wheel    12K Feb  1 08:20 opnsense.messaging.rules
-rw-r-----  1 root  wheel    12K Feb  1 08:20 opnsense.social_media.rules
-rw-r-----  1 root  wheel   392B Feb  1 08:20 opnsense.test.rules
-rw-r-----  1 root  wheel   1.2K Feb  1 08:20 opnsense.uncategorized.rules
-rw-r-----  1 root  wheel   1.0M Feb  1 08:22 rules.sqlite
-rw-r-----  1 root  wheel     0B Feb  1 08:22 rules.sqlite.LCK
-rw-r-----  1 root  wheel   151K Feb  1 08:18 telemetry_sids.txt
-rw-r-----  1 root  wheel   113B Feb  1 08:18 telemetry_version.json
-rw-r-----  1 root  wheel    58B Feb  1 08:20 tor.rules

root@OPNsense:/usr/local/etc/suricata/rules # cat ciarmy.rules
#@opnsense_download_hash:4e3f6edde96c40618e17f846a****

#26

General Discussion / CARP arp reply with wrong src mac

May 04, 2017, 01:16:46 PM

Hi, did a quick search in the forums and on github but did not find an answer, is this FreeBSD/pfSense CARP problem also an issue in OPNsense?

https://redmine.pfsense.org/issues/6957

Pages 1 2