Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
IDS mode blocks all connections
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS mode blocks all connections (Read 7421 times)
interfaSys
Full Member
Posts: 165
Karma: 13
IDS mode blocks all connections
«
on:
February 05, 2016, 12:18:22 am »
Ever since on 16.1.1, I can't enable Suricata in IDS mode any more without it blocking all traffic. Was the firewall grouping feature purely a visual feature or did it change something in the way rules are loaded?
The setup is as follows:
LAN -> VPN GW
VLAN1 -> VPN GW
VLAN1 has a DHCP with its own DNS, located on the outside
I've set Suricata to use analyse LAN
As soon as it's on, connections to the outside world are blocked. Disabling HW acceleration has no effect.
Also, when it was working, the VPN connection had to be restarted after each reboot, but that doesn't work any more.
«
Last Edit: February 08, 2016, 01:47:26 pm by interfaSys
»
Logged
tamer
Newbie
Posts: 15
Karma: 1
Re: IDS mode blocks all connections
«
Reply #1 on:
February 08, 2016, 01:25:25 pm »
I'm not sure if this is related but enabling IDS/IPS on 16.1 (tested all up to 16.1.2) when LibreSSL is selected prevents the firewall from being able to use DNS for some reason. In my case however packets go through (if they are ok of course) as long as they are not DNS packets as those for some reason are dropped (ie ping works dig does not).
I was just wondering whether you're seeing this issue with LibreSSL only or with both? If both then likely my issue is different than yours.
Logged
interfaSys
Full Member
Posts: 165
Karma: 13
Re: IDS mode blocks all connections
«
Reply #2 on:
February 08, 2016, 01:47:02 pm »
I'm using OpenSSL, but iirc it wasn't only DNS requests which were blocked as pings were blocked as well.
No problem in IPs mode though.
Logged
tamer
Newbie
Posts: 15
Karma: 1
Re: IDS mode blocks all connections
«
Reply #3 on:
February 08, 2016, 01:55:51 pm »
Ok then mine is definitely another issue, thanks for the confirmation.
Logged
Kuragari
Jr. Member
Posts: 66
Karma: 11
Re: IDS mode blocks all connections
«
Reply #4 on:
February 09, 2016, 06:21:18 pm »
Exactly same problem for me.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
IDS mode blocks all connections