Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Issue with Suricata and interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issue with Suricata and interface (Read 3291 times)
aimdev
Full Member
Posts: 126
Karma: 5
Issue with Suricata and interface
«
on:
January 31, 2022, 12:44:15 pm »
Started suricata in ids mode, interface em0 wan.
On the console (direct connection) got a lot of
arpresolver: cannot allocate llinfo for xxx.xxx.xxx.xxx on em0
link state went down then up twice before I disabled suricata.
Messages were not found in gui syslog, despite the syslog option enabled in suricata administration
NIC’s on the system are Intel.
Hardware options CRC/TSO/LRO are not disabled. (ie enabled)
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Issue with Suricata and interface
«
Reply #1 on:
January 31, 2022, 01:49:45 pm »
Normally cryptic "arpresolver: cannot allocate llinfo for xxx.xxx.xxx.xxx on em0" means your gateway lies outside the subnet of your assigned address on em0. Doesn't have anything to do with IDS.
Cheers,
Franco
Logged
aimdev
Full Member
Posts: 126
Karma: 5
Re: Issue with Suricata and interface
«
Reply #2 on:
January 31, 2022, 04:10:55 pm »
The gateway is on xxx.xxx.0.1, opnsense uses dhcp, with a locked address of xxx.xxx.0.64.
The mask is 255.255.255.0/24 (as set in the upstream device).
There are no errors when suricata is disabled.
One other factor is em0 is placed in to promiscuous mode when suricata is enabled, I assume this is normal.
This issue may have been present in earlier versions, however as the console is not connected to opnsense on a regular basis, only during upgrades, it would have been missed.
Also the missing logs is a bit of a concern, though I am happy to be corrected if I have missed something.
Logged
orzechszek
Newbie
Posts: 10
Karma: 0
Re: Issue with Suricata and interface
«
Reply #3 on:
May 12, 2022, 09:19:48 pm »
Hi,
I have such issue on 22.1.7_1
Updated from version 21.7.8
When suricata is is activated "link state changed to down/up" and "arpresolver: cannot allocate llinfo for xxx.xxx.xxx.xxx on em0" is constantly occuring, it's not a problem.
But the strangest thing - router became unstable, GUI unaccessible because computer is loosing wifi connection when intrusion detection is enabled.
Everything disappear when suricata is disabled.
Is it possible that IDS cause such problems?
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Issue with Suricata and interface
«
Reply #4 on:
May 13, 2022, 07:58:02 am »
Might be a driver issue with MAC spoofing as suggested by others.
Cheers,
Franco
Logged
orzechszek
Newbie
Posts: 10
Karma: 0
Re: Issue with Suricata and interface
«
Reply #5 on:
July 06, 2022, 10:39:47 pm »
Hi,
Is this issue solved?
Logged
crissi
Full Member
Posts: 172
Karma: 4
Re: Issue with Suricata and interface
«
Reply #6 on:
July 07, 2022, 03:32:00 pm »
Hi,
updated to 22.1.9 today, have Standard Intel I211 Interfaces in my Box, and have this issue still as well...
Would also be interrested how to get this solved???
Logged
Cheers,
Crissi
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Issue with Suricata and interface