Messages

106

Zenarmor (Sensei) / Re: Elasticsearch does not start after installing recent Log4j patches

« on: December 20, 2021, 12:30:22 pm »

I did the same.

Before there were patched versions of Elasticsearch there was a simple patch script pushblished on the mentioned page. However, this script didn't change the config files.

I can try to reinstall, but I wanted to know if there are any known issues. Maybe there is something faulty with one of the recent upgrades?

Both of my updates using the GUI went fine, I also just restarted my Elasticsearch service as a test and that was no problem.

107

Zenarmor (Sensei) / Re: Elasticsearch does not start after installing recent Log4j patches

« on: December 20, 2021, 12:15:38 pm »

FWIW, I simply installed those updates via the normal GUI update function. Maybe take a backup, remove Sensei and re-install it using the GUI?

108

Zenarmor (Sensei) / Re: Anything from Zenarmor/Sensei for Log4Shell?

« on: December 18, 2021, 07:28:09 am »

Hi,

Elasticsearch package is updated to the 5.6.8_6. You need to run OPNsense update.

Great, many thanks @sy!
Update went fine, everything OK so far.

109

Zenarmor (Sensei) / Re: Patch My PC

« on: November 12, 2021, 07:12:05 pm »

Same about mirrors.daan.vodka .

Same as above.

110

Zenarmor (Sensei) / Re: Patch My PC

« on: November 12, 2021, 07:08:33 pm »

Zenarmor blocks https://patchmypc.com . Why?

You are filtering Undecided Safe.

111

Zenarmor (Sensei) / Re: Remove Sensei swap

« on: November 06, 2021, 05:09:24 am »

Hi @benyamin,

There are just last seconds IPDR data in this memory disk. They are injected to the DB then the engine writes new ones. So if anything happens to be able to lose data, it will be just the last seconds' session info. The reason to use mem disk is to prevent intensive I/O operations on the disk.

Nice, thank you for the insight! 👍

112

Zenarmor (Sensei) / Re: Remove Sensei swap

« on: November 03, 2021, 03:54:23 pm »

Looks like a memory device.
https://www.freebsd.org/cgi/man.cgi?query=mdconfig&apropos=0&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports&arch=default&format=html

113

Zenarmor (Sensei) / Re: Deciso DEC840/850 Sensei throughput

« on: October 30, 2021, 05:13:11 am »

Kudos to the OPNsense team. We've tested this with L2 Bridge mode and RSS work seems to be running great.

@athurdent, are you on L3 or L2 mode. If L2, we can send you a test binary right away. For L3 mode, stay tuned.

@lilsense, with that CPU score, you should be able to attain 1.5-2 Gbps per CPU core. Multiply that with the number of CPU cores. Scalability should be close to linear.

@mb Very good news, awesome work both of you! 

I‘lll have to stay tuned though, I‘m on L3. Really looking forward to testing this, looks like I could max out my 10G test setup with a score of 524263 (0.41s) and up to 8 possible cores for my VM. If threads also count/do any good, I could go up to 16.

114

Zenarmor (Sensei) / Re: Deciso DEC840/850 Sensei throughput

« on: October 28, 2021, 11:04:55 am »

@athurdent, thanks for the heads-up. I've just confirmed this with Franco. We'll be running our tests in the following week.

Note: team's agenda is quite filled with Shaping and TLS work, expect this to land in a production release later on. (We'll send you a test binary though

Hi @mb, thank you for your swift reply! This sound awesome, especially the test binary part! 
So, thank you very much in advance, really looking forward to beta-test throughput and stability!

115

Zenarmor (Sensei) / Re: Deciso DEC840/850 Sensei throughput

« on: October 27, 2021, 02:26:06 pm »

After it hits one of the OPNsense releases, we'll go ahead and enable multi-core support for Sensei.

Hi @mb, it's official now.

src: include RSS kernel support defaulting to off

Would be preeetty cool to see multi-core for Zenarmor. 

RSS works fine here it seems, my VM has 4 cores assigned:

Code: [Select]

root@OPNsense:~ # netstat -Q
Configuration:
Setting                        Current        Limit
Thread count                         4            4
Default queue limit                256        10240
Dispatch policy                 direct          n/a
Threads bound to CPUs          enabled          n/a

Protocols:
Name   Proto QLimit Policy Dispatch Flags
ip         1   1000    cpu   hybrid   C--
igmp       2    256 source  default   ---
rtsock     3    256 source  default   ---
arp        4    256 source  default   ---
ether      5    256    cpu   direct   C--
ip6        6    256    cpu   hybrid   C--
ip_direct     9    256    cpu   hybrid   C--
ip6_direct    10    256    cpu   hybrid   C--

Workstreams:
WSID CPU   Name     Len WMark   Disp'd  HDisp'd   QDrops   Queued  Handled
   0   0   ip         0   360        0   671367        0   198087   869454
   0   0   igmp       0     0        0        0        0        0        0
   0   0   rtsock     0     0        0        0        0        0        0
   0   0   arp        0     0        0        0        0        0        0
   0   0   ether      0     0   818270        0        0        0   818270
   0   0   ip6        0     2        0      175        0      344      519
   0   0   ip_direct     0     0        0        0        0        0        0
   0   0   ip6_direct     0     0        0        0        0        0        0
   1   1   ip         0   188        0  1120895        0    23110  1144005
   1   1   igmp       0     0        0        0        0        0        0
   1   1   rtsock     0     0        0        0        0        0        0
   1   1   arp        0     0     1670        0        0        0     1670
   1   1   ether      0     0  1209891        0        0        0  1209891
   1   1   ip6        0     2        0      763        0      359     1122
   1   1   ip_direct     0     0        0        0        0        0        0
   1   1   ip6_direct     0     0        0        0        0        0        0
   2   2   ip         0   298        0   833862        0    21968   855830
   2   2   igmp       0     0        0        0        0        0        0
   2   2   rtsock     0     0        0        0        0        0        0
   2   2   arp        0     0        6        0        0        0        6
   2   2   ether      0     0   841523        0        0        0   841523
   2   2   ip6        0     2        0      248        0      715      963
   2   2   ip_direct     0     0        0        0        0        0        0
   2   2   ip6_direct     0     0        0        0        0        0        0
   3   3   ip         0   921        0  2282494        0   121993  2404487
   3   3   igmp       0     0        0        0        0        0        0
   3   3   rtsock     0     5        0        0        0      186      186
   3   3   arp        0     0      537        0        0        0      537
   3   3   ether      0     0  2359454        0        0        0  2359454
   3   3   ip6        0     2        0     1348        0      418     1766
   3   3   ip_direct     0     0        0        0        0        0        0
   3   3   ip6_direct     0     0        0        0        0        0        0

116

Zenarmor (Sensei) / Re: Cloud gaming service hickups

« on: October 27, 2021, 01:20:02 pm »

Try entering the IP in Configuration -> Exempted VLANs & Networks.
Works fine here.

117

Zenarmor (Sensei) / Re: Zenarmor 1.10 MAC address exemption?

« on: October 19, 2021, 05:36:58 am »

@mb, awesome thank you very much!

118

Zenarmor (Sensei) / Re: Zenarmor 1.10 MAC address exemption?

« on: October 18, 2021, 05:45:53 am »

Hi @ mb,

Thank you for your feedback and for listening, highly appreciated!

While it would be great to have a full mobile experience, I'd mainly use it for viewing statistics and drilling down to hosts. In general, the home view (the one with the bar graphs, you get when repeatedly clicking on Home) could be pretty mobile friendly. I also like that it shows traffic usage in e.g. GB, that is pretty useful. Top X clickable bar graphs seem a good choice, hovering over something with a touch display is always a bit user unfriendly on mobile.

So, my top 3:
- quickly identify threats/blocked traffic and see which hosts are affected (bar graphs, like the current landig page/Home view)
- check reports and DPI statistics, get an overview of apps/urls/accumulated traffic used by hosts. Like the current Home view, but it should have drill down functionality for hosts and apps (also with bar graphs)
- firewall health and statistics

Would also be cool to generally have an email functionality that instantly reports compromised hosts or severe threats, so we can act quickly on them.

119

Zenarmor (Sensei) / Re: Sensei not starting

« on: October 16, 2021, 04:08:42 pm »

Hmm, not sure, this might be one for the general forum part. Is your OPNsense on the latest version?

120

Zenarmor (Sensei) / Re: Sensei not starting

« on: October 16, 2021, 03:46:06 pm »

I think so! It's 4 all together. Please see the screenshots attached.

Hmm, not really that deep into OPNsense packet management, but status Orphaned does probably not look that good. Those show up as installed here.