pfsense migrant with a few issues.

Started by SpuddyUK, March 24, 2021, 02:51:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 24, 2021, 02:51:43 PM
Hi All,

After 5+ using pfsense, I decided to give opnsense a shot.

Few issues i'm having.


  • I can't for the life of me get NUT to see my USB connected APC BACK-UPS CS500. On pfsense it would find it fine using USBHID driver, on OPNsense no such luck. If I disconnect the USB cable, the console shows the UPS model/make as disconnected. And reconnected when I plug back in. I have tried USBHID and APCSMART. Any ideas? Also, the NUT configuration page seems to lock up OPNsense gui for 30-45 seconds at a time. nut_upsmon is started but nut_daemon will not start.
  • Suricata is a whole other beast on OPNsense. I just can't seem to get suricata to drop packets that match rules. It will send an alert fine. When I set a ruleset to action > drop, the gui still shows Alert? Also, in the alerts tab it shows allowed next to any traffic that matches rules. IPS and Promiscuous mode is ON. Maybe I'm misunderstanding things?

Appreciate any help on this matter. I don't want to cave in and restore that pfsense config!
March 24, 2021, 02:52:07 PM #1
nut issues.
March 24, 2021, 02:58:57 PM #2
Hi!

RE: Nut

https://forum.opnsense.org/index.php?topic=16105.0

maybe? :-)

RE: Suricata

Try it with the relatively new "Policy" tab in the "Intrusion Detection" menu. I used to turn on/off "drop" manually in the past, but that's no longer recommended...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 24, 2021, 03:20:26 PM #3
Quote from: chemlud on March 24, 2021, 02:58:57 PM
Hi!

RE: Nut

https://forum.opnsense.org/index.php?topic=16105.0

maybe? :-)


Thanks. I've rebooted the OPNsense device countless times, no luck.

Logs show
Code Select
2021-03-24T14:11:21 root[92642] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:11:21 upsmon[7994] upsmon parent: read
2021-03-24T14:11:21 upsmon[12422] Signal 15: exiting
2021-03-24T14:11:18 configctl[27774] event @ 1616595077.60 exec: system event config_changed
2021-03-24T14:11:18 configctl[27774] event @ 1616595077.60 msg: Mar 24 14:11:17 OPNsense.obscuredomain.net config[91606]: config-event: new_config /conf/backup/config-1616595077.6027.xml
2021-03-24T14:11:17 upsmon[12422] UPS APCBackupsCS500 is unavailable
2021-03-24T14:11:17 upsmon[12422] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation already in progress
2021-03-24T14:10:11 upsmon[12422] Communications with UPS APCBackupsCS500 lost
2021-03-24T14:10:11 upsmon[12422] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation timed out
2021-03-24T14:09:50 root[63060] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:08:56 upsmon[7994] Startup successful
2021-03-24T14:08:56 configctl[27774] event @ 1616594935.80 exec: system event config_changed
2021-03-24T14:08:56 configctl[27774] event @ 1616594935.80 msg: Mar 24 14:08:55 OPNsense.obscuredomain.net config[77203]: config-event: new_config /conf/backup/config-1616594935.8029.xml
2021-03-24T14:08:56 root[19237] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:08:55 upsmon[56962] upsmon parent: read
2021-03-24T14:08:55 upsmon[94389] Signal 15: exiting
2021-03-24T14:08:51 upsmon[94389] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation already in progress
2021-03-24T14:08:51 root[82563] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut

In terms of Suricata. I have a single policy set with 0 priority. Settings attached but basically all rulesets selected and a new action of drop.
March 24, 2021, 03:53:27 PM #4
For the UPS, make sure that all the other drivers are not enabled. I use the SNMP driver, but for some reason, my usbhid driver was also enabled. It might not be the case with you, but still might be worthwhile double checking.

Alternatively, have you tried connecting to the appropriate port instead of using auto?
Code Select
port=/dev/ttyXX

For SNMP, I had to explicitly set
Code Select
port=<UPS network card IP> even though my UPS continuously broadcasts it's presence on that IP. Auto didn't work for me in SNMP.
March 24, 2021, 04:48:39 PM #5
Quote from: Inxsible on March 24, 2021, 03:53:27 PM
For the UPS, make sure that all the other drivers are not enabled. I use the SNMP driver, but for some reason, my usbhid driver was also enabled. It might not be the case with you, but still might be worthwhile double checking.

Well, I'll be dammed. I had USBHID and APCSMART enabled simultaneously. Disabling APCSMART resolved it. Can only imagine first time I enabled USBHID, I probably needed to reboot OPNsense (I didn't do it) and immediately moved on to APCSMART without disabling USBHID. Thanks!

Still trying to get Suricata blocking instead of just alerting.
March 24, 2021, 11:15:16 PM #6
Please check this video

https://www.youtube.com/watch?v=_yIq3GM4gjA

i was able to get it working.

i use Policy based blocking instead of rule based

Moreover, if you have Sensei installed, you might have to select WAN instead of LAN for it to work
Print
Go Up Pages1
User actions