@mb: is there an update about this issue?I ran into this issue on my physical test hardware with only two ethernet ports, where one is running several VLANs. After reading your post I removed the parent adapter from the protected interfaces and it is working again. But that was on Sensei 0.8.0.beta8...Thanks!
Just installed 0.8.0.beta8 and did an audit of the packages and found that an outdated library is being used that is vulnerable. Any way I can manually update this w/o breaking anything or will it be fixed in the stable release?libXdmcp-1.1.2_2 is vulnerable:libXdmcp -- insufficient entropy generating session keysCVE: CVE-2017-2625WWW: https://vuxml.FreeBSD.org/freebsd/1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335.html
Quote from: the-mk on May 09, 2019, 06:35:18 pm@mb: is there an update about this issue?I ran into this issue on my physical test hardware with only two ethernet ports, where one is running several VLANs. After reading your post I removed the parent adapter from the protected interfaces and it is working again. But that was on Sensei 0.8.0.beta8...Thanks!Hi @the-mk,Yes, we have updates on this. Sensei is is now able to process VLAN trunk interfaces.So, if you're using VLANs -, the latest advise is:Stay with the stock kernel which comes default with the OPNsense release, we need more work in new kernel with regard to netmapYou can now protect untagged (trunk) vlan interfaces. Sensei will process both tagged and untagged frames at the same time. This is the advised & performant method.Or, you can still choose to protect vlan child interfaces or vlan parent interfaces. The important thing to be careful here is do not have them at the same time, or you'll hit a bug present in current netmap code
With beta7 i was able to add OPT1(vlan interface) to the protected interfaces. I can still do this with beta 8. What did actually change with beta8? I think I'm overlooking something.
It would be nice to add different Sensei rules for different Vlans. I was hoping this was one of the things that changed in beta8.
I can confirm faster DNS lookups now with cloud threat intel enabled!
is anyone using the scheduled reports in reports&data section of the configuration (Sensei 0.7)?Is it just me or is the "click to download and view detailed reports" link not working within the email (getting a blank html file with 0 bytes)?It does not work for me in MS Outlook (Office 365) and Thunderbird.If I access that mails through the webmail of my GMX (my mail provider) I can see that there's a html file attached. I can see the attachment in the app on my iPhone, but that's not my favorite "view that report" device.
Dear Sensei users,0.8.0.beta9 is out now. Below are the updates against 0.8.0.beta8:Support for Large Settings (More than 1000 users)Thanks to the newly introduced L2 Transparent Bridge Mode, you can run Sensei for thousands of users.In this mode, where Sensei literally bridges two of your ethernet interfaces, we can scale to the number of Rx/Tx ethernet queues, thus making maximum use of the multiple CPU cores in the system.This also helps you to keep your existing firewall and still enjoy the functionality offered by OPNsense & Sensei as an additional layer of defense.Practically, what this means is that, if you deploy Sensei on an 8-core server with a --say 64GB of memory, you can serve 8000 users behind this configuration.Please be noted that we'll need a small integration with OPNsense to be able to fully provide this functionality. We'll keep you posted.Support for 4GB RAMIn an effort to be able to provide Sensei for people who have less than 8GB memory, and as per Archanfel80's suggestion, we've enabled Sensei to run for deployments with 4B of RAM.Please note that if you have 4GB memory, maximum number of users will be 100.Improved application signaturesBrowsec VPNMicrosoft UpdatesOffice UpdatesFixed a bug in Web based applications classification module which -in some cases- might lead to a crash.CloudNew Cloud Query InfrastructureFilteringFixed a bug where auto-whitelisting a host does not immediately take effect / requiring a restart of engine.IntegrationsImproved CLI access APIFirst bits of Active Directory IntegrationBetter ReportingNew report: Ethernet interface reports. You can now see which ethernet interfaces carry the most bandwidth and drill down to per-interface detailed reports.New report: VLAN reports. You can filter out a VLAN and drill down as deep as session details.New report: User reports. When the OPNsense captive integration is finished, you’ll be able to view user-based reports.All live session reports now have VLAN, Interface, Username columns.All live session reports now have auto-refresh / refresh interval optionsFixed a bug where charts were refreshed randomly causing excessive page loadsFixed a bug where setting Elasticsearch not to start at boot causing reporting to cease.Introduced an option to be able to reset all Elasticsearch Indexes.Introduced Elasticsearch Index Health Checker, where you can check and do a fix-up on an index basisElasticsearch shards are now single. Not requiring a replica. All indexes can be seen green now.Fixed a bug in Elasticsearch data retiring module, which -in some cases- would result in more disk space consumptionHow to update?For 0.8 users, in the OPNsense Web UI, you should have already seen Sensei reporting 0.8.0.beta9 update. Just click on "Update" and Sensei will take care of the rest.For 0.7 users, please wait for an announcement for 0.8.0.rc1; when it's out, you should also see 0.8 update in the OPNsense UI. We'll announce it from here and our twitter page.Hope you enjoy this one. -- Sensei team
Im glad i can help
