OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • Sensei on OPNsense - Application based filtering
« previous next »
  • Print
Pages: 1 ... 19 20 [21] 22 23 ... 79

Author Topic: Sensei on OPNsense - Application based filtering  (Read 375737 times)

manjeet

  • Jr. Member
  • **
  • Posts: 54
  • Karma: 4
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #300 on: May 17, 2019, 06:31:17 am »
Thanks @MB for the update. Looking forward to it.

Also, Yesterday i enabled the email reporting and today i got this message "Scheduled reports could not be generated. Probably elasticsearch service is not running or not working properly. Please check elasticsearch service manually."

Elastic search is working fine, reports in dashboard and reports section looks all good. Do not understand what could be the issue..
« Last Edit: May 17, 2019, 06:33:37 am by manjeet »
Logged

mb

  • Hero Member
  • *****
  • Posts: 924
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #301 on: May 17, 2019, 03:52:32 pm »
Hi @manjeet,

We're having a look at Scheduled Reports now, let's also check this.
Logged

the-mk

  • Full Member
  • ***
  • Posts: 151
  • Karma: 15
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #302 on: May 18, 2019, 12:55:13 pm »
@mb: when I look to the reporting mail - how is that number of "unique local hosts" of the "quick facts" derived? I do not have that many hosts in my network...
Logged

N0_Klu3

  • Jr. Member
  • **
  • Posts: 92
  • Karma: 2
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #303 on: May 18, 2019, 01:05:41 pm »
So would this work at replacing pfblockerng?
As in AD Blocking?

Also I read stuff about VLANs, basically I have 2 VLANs running on my main LAN Ethernet port.
Would Sensei work?

I'm planning on rebuilding to OPNSense hopefully today, but I'd really like some sort of ad blocking to replace pfblockerng.
Logged

mb

  • Hero Member
  • *****
  • Posts: 924
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #304 on: May 18, 2019, 02:04:53 pm »
Hi @the-mk,

Do you see different statistics in the UI, or are they the same?

If they are: we saw this happen when Sensei was being run for a WAN interface. In that, LAN/WAN directions are being reversed for Sensei. So you see remote host count in place of locals and vice versa.

If not, let's have a look if we're missing something.


Hi @N0_Klu3,

You can try for yourself. It's easy to try out Sensei.

Yep, if you just add the parent LAN interface to the protected interfaces, than you're good to go.
Logged

N0_Klu3

  • Jr. Member
  • **
  • Posts: 92
  • Karma: 2
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #305 on: May 18, 2019, 06:14:01 pm »
@mb do you still need an invite or install link?
Logged

mb

  • Hero Member
  • *****
  • Posts: 924
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #306 on: May 18, 2019, 06:16:04 pm »
Hi @N0_Klu3,

You can use this command to install 0.8:

curl https://updates.sunnyvalley.io/getsensei8 | sh

Logged

Space

  • Full Member
  • ***
  • Posts: 105
  • Karma: 6
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #307 on: May 19, 2019, 10:15:09 am »
Hi,

are these files needed? Took most of my disk space ...

Code: [Select]
root@OPNvirt:/usr/local/sensei/log # du -sm * | sort -n
1 active
14156 archive

These logs contain statistics for all interfaces per second ... but I did not find an option to disable these logs ...

Thanks and best regards,

    Space
Logged

malac

  • Newbie
  • *
  • Posts: 19
  • Karma: 1
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #308 on: May 19, 2019, 11:54:43 am »
Quote from: mb on May 16, 2019, 02:22:48 pm
@manjeet,

This is addressed via policy based filtering coming up with Premium subscription. Details almost complete. Hope to announce it very soon.

@malac,

Please send your public IP address to sensei - at - sunnyvalley.io. We'll run a trace.

Have you found something?
Logged

mb

  • Hero Member
  • *****
  • Posts: 924
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #309 on: May 19, 2019, 04:16:50 pm »
Quote from: Space on May 19, 2019, 10:15:09 am
are these files needed? Took most of my disk space ...
These logs contain statistics for all interfaces per second ... but I did not find an option to disable these logs ...

Hi @Space,

Within this beta period, in times of troubleshooting, they can be very valuable for us to point out the location of some of the problems.

Nearing 1.0, we'll cease  to archive logs. In the meantime, adding a functionality to automatically purge logs older than 10 days.

Thanks for pointing this out.
Logged

mb

  • Hero Member
  • *****
  • Posts: 924
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #310 on: May 19, 2019, 04:19:02 pm »
Quote from: malac on May 19, 2019, 11:54:43 am
Have you found something?

Hi @malac,

Yep, it looks like engine is still a little bit too sensitive for response times. We've lowered the thresholds a bit. Coming with beta10.
Logged

the-mk

  • Full Member
  • ***
  • Posts: 151
  • Karma: 15
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #311 on: May 19, 2019, 04:48:13 pm »
Quote from: mb on May 18, 2019, 02:04:53 pm
Hi @the-mk,

Do you see different statistics in the UI, or are they the same?

If they are: we saw this happen when Sensei was being run for a WAN interface. In that, LAN/WAN directions are being reversed for Sensei. So you see remote host count in place of locals and vice versa.

If not, let's have a look if we're missing something.

when comparing the quick facts from the last report mail with the conns facts from the dashboard - they are pretty much the same when having the report interval set 05/18/2019 00:00 to 05/19/2019 00:00.
I'd expect that the number of unique local hosts are about the same numbers as IP-addresses are listed in the table of local assets from the dashboard.
protected interfaces on the firewall in question with sensei 0.7.0 are 6 vmx-network cards to different LANs and one vmx to WAN.
but maybe my understanding if unique local hosts is wrong here?
could it be that i.e. a host talking on the network of interface #1 is talking to another host on the network interface #2 and the same source hosts also talks to the internet (WAN)?
Logged

mb

  • Hero Member
  • *****
  • Posts: 924
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #312 on: May 20, 2019, 05:49:22 pm »
Hi @the-mk,

Thank you very much for providing additional information.

Whether we decide if some IP address is local or remote depends on the flow direction.

A little bit of background info how Sensei works & decides the flow direction:

Sensei deploys between the ethernet adapter and the host operating system, bridging the two, forwarding packets back and forth, and at the same time doing the inspection. Typically we are deployed on inner-facing interfaces.

It assumes that ethernet side of the bridge is LAN and Operating System side is WAN. So flows initiated from the LAN side is considered they are egress, and flows which are initiated from the WAN side are ingress.

For eggress connections, the source IP address who initiated the connection is tagged as "Local", whereas for ingress connections, it's the destination IP address.

So, in your scenario, I'd expect that you having a protected interface on the WAN side might complicate things, since this time sensei will regard all outgoing connections as Ingress (for that interface) and regard the remote IP addresses as local.

Might worth removing that interface from protected interfaces and try to see if this changes things.

If that's not the case, please let us know so that we can have a look at it together.
Logged

kaviraj

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #313 on: May 21, 2019, 09:26:44 am »
Hello,

Been testing sensei 0.8.0.beta9 since some days now and since yesterday am facing some strange problems. Some clients are unable to resolve DNS. If i change the client IP everything start to work again. I tried to uninstall and reinstall but still the same.

OPNsense is running over virtualised environment (Proxmox) with kernel 19.1.4 having netmap support as am using virtio.

Test case:
1. I have a client with IP 10.249.10.228/24. When i run a dig it returns a timed-out. A tcpdump on the hypervisor shows that the request was forwarded over the OPNsense interface but a dump on OPNsense interface shows nothing.

2. I stop sensei engine dig starts to work. But as soon as i start it, the client is unable to resolve DNS.

3. Same client but i change IP to 10.249.10.11/24. Dig works.

I may provide remote access if needed.

Thanks for your help.
Logged

mb

  • Hero Member
  • *****
  • Posts: 924
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #314 on: May 21, 2019, 01:46:56 pm »
Hi @kaviraj,

Many thanks for reaching out. Please watch for 0.8.0.beta10 which will be coming out today. We have a fix for this.
Logged

  • Print
Pages: 1 ... 19 20 [21] 22 23 ... 79
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • Sensei on OPNsense - Application based filtering
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2