Feature Request - Better PC-Gaming Support

Started by W0nderW0lf, August 26, 2020, 09:14:29 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
August 26, 2020, 09:14:29 AM
Hello everyone,

I use 2 Workstations. The one is Linux for working and experimenting and the other is Windows to play games, paying bills and surf the internet. Since yesterday I tried to switch my Windows from my Router Network to behind OPNsense. I had to revert this step, because I couldn't run some of my gaming services like Battle.net or Star Citizen.

I've searched the Internet for a solution, but everything that I could find was related to XBox, PS4 or Steam. All of them required a Static Port NAT Outbound rule and also the UPnP-Service. Establishing the same for a Windows PC, just to play some games for an hour, is IMO not worth the effort and a high security risk.

I found out that Suricata is bottlenecking here. When I disabled Suricata, every Gameservice worked as intended. Unfortunately Suricata isn't providing any information on why or how these Services are getting blocked. Since Suricata is actively preventing some Attackers/Scanners from outside, I don't want to disable it for a longer period of time for testing purposes.

IMO - OPNsense is a must have for every home administrator. But gaming and Networksecurity is a Topic that needs to be further developed, to establish a better support for every homedevice. In some years my Son will join me online. I hope that until that day, we can safely run our Computer behind Opnsense without having to care about security.

I will try my best to find out myself on what need's to be done to get things right without digging holes into the firewall. But I am no NetSec pro. I am still new to the project and try the best I can, but it would be nice to know that someone out there could help.
August 26, 2020, 02:16:37 PM #1
Are the suricate rules on Alert or Block?
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
August 26, 2020, 02:30:02 PM #2
They are all on Block
August 26, 2020, 02:30:57 PM #3
I think there is a gaming rule, which is blocking gaming services ?![emoji51]
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
August 26, 2020, 03:26:10 PM #4 Last Edit: August 26, 2020, 03:35:21 PM by W0nderW0lf
That's what I thought myself, but even after setting all Rules with terms like "game, gaming, blizzard, battlenet" to alert, didn't work. So it must be a special rule with a kinda weird name.

I additionally disabled and cleared ET telemetry emerging-games completely
August 26, 2020, 03:58:44 PM #5
Set all rules to alert.
Than it should send an alert when you try to play games.

After that you know which rule was the problem
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
August 26, 2020, 04:31:17 PM #6
So now after 20 minutes of waiting to get all rules changed, I've set 106253 rules to alert, but still nothing is being reported. No single alert. Even the Attacker who scans my Firewall for weeks now isnt logging anymore. And I explicitly left that one rule enabled. Well... Poland is open now and battlenet nor star citizen are working...
Dont know what else I can do.
August 26, 2020, 07:04:29 PM #7
Show your IDS config please :)
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
August 26, 2020, 07:07:01 PM #8
And your firewall rules
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
August 27, 2020, 09:13:18 AM #9 Last Edit: August 27, 2020, 09:16:03 AM by W0nderW0lf
I hope that helps you. I have no special WAN rule. It's on default.
The Firewall rules shown here is from the Windows client. It's not from the default LAN Interface
August 27, 2020, 09:14:17 AM #10 Last Edit: August 27, 2020, 09:15:52 AM by W0nderW0lf
<mistakenly posted reply>. wanted to edit the previous one
August 27, 2020, 09:16:27 AM #11
Quote from: W0nderW0lf on August 27, 2020, 09:13:18 AM
I hope that helps you. I have no special WAN rule. It's on default.
The Firewall rules shown here is from the Windows client. It's not from the default
The rules are all set to drop.
Switch them to alert.

And try to change the interface from WAN to LAN
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
August 27, 2020, 09:26:49 AM #12
Yes they are on drop (again). When you asked me to change them to alert, I changed them all to Clear filter (alert). Because no Alert has been generated, while I tested for over 30 minutes, I changed it back to drop filter. Because nothing has been alerted.

I'll change the interface and give you feedback ASAP.
August 27, 2020, 09:29:06 AM #13
Btw ...
I already have sensei on all non WAN interfaces running.

Of course I turned Sensei off, when I was testing. I think it might break things, if I change the Interface from WAN to LAN, where Sensei already is listening on, or?
August 27, 2020, 09:57:45 AM #14
So... I tested and I and I am lil bit pissed, because, as expected this test could compromise my network. It did ... I se thousands of DNS attacks between my Linux Client and the Firewall, but Windows isn't generating a single Alert that indicates a block of gaming services...
Print
Go Up Pages1 2
User actions