Request for Feedback: Help us decide Zenarmor's next UI on OPNsense

mb · June 14, 2022, 03:53:36 AM

Dear beloved OPNsense users,

Your opinion matters to us. Please help us decide the future of Zenarmor's UI on OPNsense

In the past year, Zenarmor's Cloud User Interface received significant improvements on the usability side. We want to bring those improvements to the Zenarmor OPNsense plug-in.

We have two options that we would like you to see and provide your feedback.

Please have a look at the Poll below and share your opinion with us.

https://docs.google.com/forms/d/1pWbiObQsKgdaUIduI_mImLo-MW695KmfftwxizxVBzc/viewform?ts=62a4f641

Best
Zenarmor Team

athurdent · June 14, 2022, 07:15:19 AM

Looks like the cloud interface being integrated into OPNsense?

I'd still really like a good mobile view or an app, just checked the cloud interface with an iPhone and it's not very comfortable to use.

In general Zenarmor is working awesomely and speedy here. :)

Mbl · June 14, 2022, 11:25:30 AM

Not sure if mobile is the right device to check / maintain / lookup topics on a firewall...

athurdent · June 14, 2022, 11:30:20 AM

Quote from: Mbl on June 14, 2022, 11:25:30 AM
Not sure if mobile is the right device to check / maintain / lookup topics on a firewall...

For me it's perfect for a quick status check, e.g. regarding recent blocks or threats, or traffic usage of a client.

walkerx · June 14, 2022, 08:29:17 PM

I think before the UI is updated, any current issues are resolved

Waiting to find out why whenever I start Zenarmor, I lose IPv6 connectivity whether in normal or bypass operation and can't restart the DHCPv6 Server :(

mb · June 14, 2022, 08:57:22 PM

Hi @walkerx,

Yes, this is not directly related to Zenarmor. It's because of netmap(4); an Operating System subsystem we use to grab packets off the wire.

If you have IPv6 WAN tracking enabled in a netmap enabled interface and when an application opens the interface in netmap mode, netmap re-initializes the interface; causing the interface to go DOWN/UP. Since you have WAN tracking here, this in turn triggers the OPNsense code to re-configure the related WAN addresses. This whole process can take up to a minute, during which time you lose WAN connectivity.

The behavior is the same if you use Suricata in IPS mode, which utilizes netmap the same way we do.

Having said that, we are evaluating several options which would potentially solve these sort of issues and would add device-independent IPS capabilities. If we can work out a methodology at least in theory, we'll go ahead and sponsor a development on the Operating System side of things.

Stay tuned for more updates on that.

I hope this is helpful.

mb · June 14, 2022, 09:05:07 PM

Hi @athurdent,

One of the reasons why we ideally want to have a single code base for both the OPNsense UI and Cloud is that this will significantly reduce our time to ship new features.

Mobile-friendly UI is on the roadmap. Once it's there, it'll work for both of the interfaces.

walkerx · June 14, 2022, 09:22:29 PM

Quote from: mb on June 14, 2022, 08:57:22 PM
Hi @walkerx,

Yes, this is not directly related to Zenarmor. It's because of netmap(4); an Operating System subsystem we use to grab packets off the wire.

If you have IPv6 WAN tracking enabled in a netmap enabled interface and when an application opens the interface in netmap mode, netmap re-initializes the interface; causing the interface to go DOWN/UP. Since you have WAN tracking here, this in turn triggers the OPNsense code to re-configure the related WAN addresses. This whole process can take up to a minute, during which time you lose WAN connectivity.

The behavior is the same if you use Suricata in IPS mode, which utilizes netmap the same way we do.

Having said that, we are evaluating several options which would potentially solve these sort of issues and would add device-independent IPS capabilities. If we can work out a methodology at least in theory, we'll go ahead and sponsor a development on the Operating System side of things.

Stay tuned for more updates on that.

I hope this is helpful.

I can wait hours with zenarmor enabled and dhcpv6 can't be restarted

I have looked at setting the ipv6 manually based on the info i got from my isp for the pd and nd, but not sure how to set this up as the instructions in the guide were a bit confusing when not using the same references throughout

athurdent · June 15, 2022, 07:50:17 AM

Quote from: mb on June 14, 2022, 09:05:07 PM
Hi @athurdent,

One of the reasons why we ideally want to have a single code base for both the OPNsense UI and Cloud is that this will significantly reduce our time to ship new features.

Mobile-friendly UI is on the roadmap. Once it's there, it'll work for both of the interfaces.

Hi @mb,

awesome, thank you! I really like the cloud interface and to have a consolidated view on Zenarmor locally and in the cloud is also a more streamlined user experience.

Looking forward to the new view.

Hope there will be more developer time to get L3 RSS / multicore support integrated then ... :-)

FullyBorked · June 17, 2022, 08:04:56 PM

Provided my feedback hope it is useful. 8)

Request for Feedback: Help us decide Zenarmor's next UI on OPNsense

mb

June 14, 2022, 03:53:36 AM

athurdent

June 14, 2022, 07:15:19 AM #1

Mbl

June 14, 2022, 11:25:30 AM #2

athurdent

June 14, 2022, 11:30:20 AM #3

walkerx

June 14, 2022, 08:29:17 PM #4

mb

June 14, 2022, 08:57:22 PM #5

mb

June 14, 2022, 09:05:07 PM #6

walkerx

June 14, 2022, 09:22:29 PM #7

athurdent

June 15, 2022, 07:50:17 AM #8

FullyBorked

June 17, 2022, 08:04:56 PM #9