Feature Request - Better PC-Gaming Support

Started by W0nderW0lf, August 26, 2020, 09:14:29 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 27, 2020, 09:58:48 AM #15
I think Suricata is kidding me.
August 27, 2020, 10:08:05 AM #16
Thats what I see instead of some Windows alerts
August 27, 2020, 11:29:56 PM #17
So somehow a miracle has happened I cannot explain.
After this huge Attack on my Linux Client, I thought it would be the best to backup opnsense and reinstall from new. Just in case opnsense has been compromized.
Turns out, this was the best decision of the day. Because, before and after the Upgrade from 20.1.9 to 20.7.1, I experienced some little bugs in opnsense like configctl timeouts and similar.
After Reinstalling with Base Image 20.7, updating to 20.7.1 I saw that none of the previous experienced bugs reappeared. I restored the previous made backup, activated and reloaded all suricata rules. A short while later, I saw in suricata the first ICMP blocks. Seemed like suricata was working again and doing it's job.
Later that evening, I turned on my Windows and started playing after that long day. But I forgot to switch the LAN cable from my non opnsense router back, so I could connect to blizzard. I didn't realize that Windows was still connected to opnsense. I wondered what went wrong and almost shit my pants, because I thought that suricata has stopped working and I have been compromised again.
When I checked the logs, I finally saw that Suricata has managed to alert a connection to blizzard
I changed nothing in Suricata. This tells me, that it somehow was bugged at some point. Now I can easily connect to blizzard and Star Citizen again...

Take a look:
August 28, 2020, 04:36:49 PM #18
Quote from: W0nderW0lf on August 27, 2020, 09:29:06 AM
Btw ...
I already have sensei on all non WAN interfaces running.

Of course I turned Sensei off, when I was testing. I think it might break things, if I change the Interface from WAN to LAN, where Sensei already is listening on, or?

You should only have Sensei on your LAN interfaces it's not meant to be on WAN.  Suricata can be ran on WAN, but Sensei and Suricata can't be on the same interfaces. 

I have Sensei enabled on my LAN, and Suricata on my WAN1, WAN2, and DMZ.  I have outbound nat set to Static (there is only a very small hit to security here).  I also have UPnP setup, but it's rarely used I almost never see anything in status except for a few games.  I'll argue security here isn't a huge issue as long as you keep an eye on it.  I wouldn't have it in my corp environments but at home it's convenient and fine with me.   battle.net works just fine for me, I don't play star citizen though so can't speak to that.

My advice would be to slow down a bit.  Disable everything extra, disable Sensei, disable Suricata.  Get your games working then slowly enable things until it stops working then you'll know where to focus your energy.   
August 28, 2020, 04:48:00 PM #19 Last Edit: August 28, 2020, 04:50:32 PM by W0nderW0lf
without meaning it badly, but did u even read?
I only mentioned this, because of the Ifirewall's advice. I wasn't 100% sure, but I know this myself.
I have it on all (non) WAN interfaces ... This means, I have it on all interfaces that are not directed to WAN...
Just LAN ...
Of course I know that you should only place it on non WAN interfaces, because sensei is advising this to you when you install it.
I also said, I uploaded my back up and it worked.
A back up places every setting as it was before. This also means, that I haven't done any config change in sensei or OPNsense itself. It was truly some kind of bug related to suricata.

My advice to you would be, read carefully before giving advices.
August 28, 2020, 04:56:31 PM #20
Quote from: W0nderW0lf on August 28, 2020, 04:48:00 PM
without meaning it badly, but did u even read?
I only mentioned this, because of the Ifirewall's advice. I wasn't 100% sure, but I know this myself.
I have it on all (non) WAN interfaces ... This means, I have it on all interfaces that are not directed to WAN...
Just LAN ...
Of course I know that you should only place it on non WAN interfaces, because sensei is advising this to you when you install it.
I also said, I uploaded my back up and it worked.
A back up places every setting as it was before. This also means, that I haven't done any config change in sensei or OPNsense itself. It was truly some kind of bug related to suricata.

My advice to you would be, read carefully before giving advices.

Yup, I misread very sorry to have offended you. 

My advice to you would be less of an asshat when someone is just trying to help you for free, taking time out of their busy day and schedule to spread some knowledge and help out a fellow user. 

Carry on I wish you well.
August 28, 2020, 05:07:55 PM #21
Quote from: W0nderW0lf on August 27, 2020, 11:29:56 PM
So somehow a miracle has happened I cannot explain.
After this huge Attack on my Linux Client, I thought it would be the best to backup opnsense and reinstall from new. Just in case opnsense has been compromized.
Turns out, this was the best decision of the day. Because, before and after the Upgrade from 20.1.9 to 20.7.1, I experienced some little bugs in opnsense like configctl timeouts and similar.
After Reinstalling with Base Image 20.7, updating to 20.7.1 I saw that none of the previous experienced bugs reappeared. I restored the previous made backup, activated and reloaded all suricata rules. A short while later, I saw in suricata the first ICMP blocks. Seemed like suricata was working again and doing it's job.
Later that evening, I turned on my Windows and started playing after that long day. But I forgot to switch the LAN cable from my non opnsense router back, so I could connect to blizzard. I didn't realize that Windows was still connected to opnsense. I wondered what went wrong and almost shit my pants, because I thought that suricata has stopped working and I have been compromised again.
When I checked the logs, I finally saw that Suricata has managed to alert a connection to blizzard
I changed nothing in Suricata. This tells me, that it somehow was bugged at some point. Now I can easily connect to blizzard and Star Citizen again...

Take a look:
So is it working now ?

But just because you disable your network should be able to get compromised, if it is easy possible you have other problems than gaming.

More important would be, what is trying to compromise your Clients or are they already compromised?
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
August 28, 2020, 05:10:06 PM #22
And generally it's not the right way to just enable all suricate rules and set them to drop.

Enable them wisely, look what alerts are happening and set them to drop and test your network.

But not the way how you do it. Just causing a big chaos while looking for bugs
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
August 28, 2020, 07:18:54 PM #23
Are the suricate rules on Alert or Block?
รีวิวคาสิโนออนไลน์

Print
Go Up Pages 1 2
User actions