Intrusion Detection, when enabled IPS not working

Started by Taomyn, September 05, 2016, 10:25:30 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
October 14, 2016, 02:53:36 PM #15
I got the PM. Did not create a ticket yet. Sorry for the delay.
October 14, 2016, 03:18:29 PM #16
Quote from: franco on October 14, 2016, 02:53:36 PM
I got the PM. Did not create a ticket yet. Sorry for the delay.


No problem, I was more concerned that you didn't receive the information from me and was still waiting.
October 18, 2016, 11:23:15 PM #17
October 19, 2016, 08:58:11 AM #18
 8)  let me know if you/they require any more info from my setup.
October 19, 2016, 10:13:34 PM #19
Will do. Right now, it's more of a technical discussion to locate the actual underlying issue.


Thanks,
Franco
November 03, 2016, 03:31:03 PM #20
Anything happening about this?
November 07, 2016, 07:41:08 AM #21
Progress was slow: we exchanged a few emails and another user here provided trace files on top of the non-working config. We don't have an outlook just yet.
December 04, 2016, 09:17:16 AM #22
Any news?
December 05, 2016, 05:24:52 PM #23
We did talk about it with Victor from Suricata and he said the PPPoE doesn't look different, but for some reason the traffic is not properly processed. We're missing some bit of intel (or a reproducible setup) without which we cannot continue to uncover the underlying issue.
December 05, 2016, 06:33:27 PM #24
Quote from: franco on December 05, 2016, 05:24:52 PM
We did talk about it with Victor from Suricata and he said the PPPoE doesn't look different, but for some reason the traffic is not properly processed. We're missing some bit of intel (or a reproducible setup) without which we cannot continue to uncover the underlying issue.

So what can I provide you from my setup to hopefully give you what is missing? I'll happily install/config things to get more diagnostics if that would help.
March 14, 2017, 09:55:57 AM #25
Now that v17 has been out a while, any chance of re-visiting this issue?


Also, can this thread be moved to the v17 sub-forum seeing as it applies to it as well?
March 14, 2017, 02:10:47 PM #26
Moved as requested. A netmap bug with Suricata / FreeBSD 12-CURRENT and another IPsec have priority at the moment.
January 09, 2018, 12:10:24 AM #27
Hi guys,

Same issue here, no IDS/IPS on PPPoE.
Is there something I can help with?

I'm on base/kernel 18.1.b, everything up to date.
OPNsense 17.7.11-amd64
FreeBSD 11.1-RELEASE-p2
LibreSSL 2.5.5

Just switched from pfsense a few days ago. Everything looks so much nicer here, the code, the quality, the community, the support. I'm happy I switched. Thank you for all your hard work!
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
January 09, 2018, 08:56:04 AM #28
Hi there,

This issue is still beyond our reach. Suricata now considers Netmap and FreeBSD a first level support tier, although that won't help us if the FreeBSD kernel side is not up to the task, which is the case here.

For the most part it's recommended to run Suricata on the internal networks, not the PPPoE WAN interfaces where this issue does not apply as well. It may require tweaking the HOME_NET setting under the advanced options.


Cheers,
Franco
January 09, 2018, 09:45:28 AM #29
Indeed. Well, things are looking good anyway on the LAN side, for now, without any tweakings as per this setup. Hopefully, the kernel will be updated soon or workarounds implemented for this to work properly.

Thanks Franco!
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
Print
Go Up Pages 1 2 3
User actions