Sensei on OPNsense - Application based filtering

[mb]

Dear Sensei users,

Sensei 0.8.0.beta10 is out. This brings back VLAN child interfaces and fixes a bug with Cloud Threat Intel. You should now see much better uptimes.

Also addressed: libXdmcp, an Elasticsearch dependency package, is updated to version 1.1.3, fixing a security issue.

Complete list is as follows:

• VLAN child interfaces are back
• Better availability for Cloud servers
• Fixed senseigui.log directory creation error which resulted in a bumpy new install
• Elasticsearch dependency libXdmcp upgraded to release 1.1.3. To update, please use OPNsense update manager
• New feature: Engine Bypass: you can now temporarily bypass Sensei engine at runtime. This allows you to pause packet processing without completely stopping Sensei
• Whitelisting a web category from Live Blocked Sessions Explorer now works
• Fixed a bug in which you couldn't set the deployment sizes larger than 100 users
• More reliability fixes

Enjoy

Sensei team

[the-mk]

@mb: thanks for the clarification - I need to do a deeper check it on the weekend...

[OPNsense4ever]

elasticsearch shut down because it started to run out of disk space. How do I tune that? I've got a little over 300GB available for a family of 4 and a few guests a week.

Thanks!

[mb]

Hi @OPNsense4ever

You can use the following guide to determine for how many days you can have your reporting data.

https://guide.sunnyvalley.io/sensei/getting-started/getting-ready#disk-space

Then navigate to Sensei -> Configuration -> Reporting & Data

and set the maximum number of days to store reporting data.

When you set this number to a value smaller than the current one, Sensei will confirm with you if you want the surplus data to be deleted.

For this you need Elasticsearch to stay open, temporarily disable Health check to prevent Sensei from shutting it down again.

[OPNsense4ever]

Sweet! Thanks!

[JohnDoe17]

I'm new to Sensei, but I'm loving it so far!  Great work!

I do occasionally get a "crash report" notification though.

Here is the sequence of events:

0) Sensei was not installed.
1) Upgraded OPNsense from 18.7.10_4 to 19.1.8.
2) Installed Sensei 0.8.0.beta10.
3) Successfully completed the initial Sensei configure wizard.
4) Noticed a "crash report" when I went to the OPNsense Dashboard.

Unfortunately, I don't have the crash report in front of me at the moment, but I *did* submit it, so hopefully you'll get it from the OPNsense team eventually.  It was something about PHP crashing with bad data related to the "TCP Service Security" password.  I'll keep you posted if I see it again.

[mb]

Hi @JohnDoe17,

Thanks, great that you found Sensei useful for you.

One question: did you install Sensei 0.7 or the new 0.8 version?

[JohnDoe17]

2) Installed Sensei 0.8.0.beta10.

[mb]

Thanks JohnDoe17, I missed that.

Having a look at it if we're missing something. In the meantime, if you encounter it again, feel free to email the screenshot to sensei - at - sunnyvalley.io.

[JohnDoe17]

I got the crash to happen again.

Note that "Rainbow#Bicycle" is the password I was using for the test.  Does Sensei handle the "#" symbol in a password?

Code: [Select]

[28-May-2019 11:08:17 America/Chicago] PHP Fatal error:  Uncaught Error: Class 'OPNsense\Sensei\Exception' not found in /usr/local/opnsense/mvc/app/models/OPNsense/Sensei/Telnet.class.php:111
Stack trace:
#0 /usr/local/opnsense/mvc/app/models/OPNsense/Sensei/Telnet.class.php(75): OPNsense\Sensei\Telnet->connect()
#1 /usr/local/opnsense/mvc/app/models/OPNsense/Sensei/Sensei.php(151): OPNsense\Sensei\Telnet->__construct('127.0.0.1', 4346, 1, '', 1)
#2 /usr/local/opnsense/mvc/app/models/OPNsense/Sensei/Sensei.php(134): OPNsense\Sensei\Sensei->runTelnetCommands('127.0.0.1', 4346, 'Rainbow#Bicycle', Array, Array)
#3 /usr/local/opnsense/mvc/app/controllers/OPNsense/Sensei/Api/EngineController.php(89): OPNsense\Sensei\Sensei->runCLI(Array)
#4 [internal function]: OPNsense\Sensei\Api\EngineController->cliAction()
#5 [internal function]: Phalcon\Dispatcher->callActionMethod(Object(OPNsense\Sensei\Api\EngineController), 'cliAction', Array)
#6 [internal function]: Phalcon\Dispatcher->dispatch()
#7 /usr/local/opnsense/www/api.php(26): Phalcon\Mvc\Application->handle()
#8 {main in /usr/local/opnsense/mvc/app/models/OPNsense/Sensei/Telnet.class.php on line 111

[mb]

Dear Sensei users,

Sensei 0.8.0 Release Candidate 1 is out. This marks the first step into releasing 0.8 and towards 1.0. There will be no 0.9

Change log is as follows:

• Per-process health monitoring. Sensei engine now checks heartbeats from its packet processors and taking the corrective action in case of trouble.
• Customizable live session explorers. You can now customize which columns to be displayed and re-organize columns. Just drag a column and drop it on its new place.
• Performance improvement for Active Directory Module
• Engine logs older than two weeks are automatically purged now
• Fixed a bug with Sensei CLI API which caused some errors be reported in OPNsense Crash Reporter
• Default report retention time has been adjusted to be 7 days. You can set this to as high as 90 days

We're running 0.7 to 0.8 upgrade tests. As soon as they show that we're good to go, 0.7 users will be reported of the new 0.8 update.

Enjoy

Sensei team

[patcsy88]

Just reinstalled OPNsense and the RC1 on APU2C4 with 2GB Swap - so far so good!

[mb]

@patcsy88, thanks for sharing your experience. Glad to hear that.

@JohnDoe17, can you have a look and see if 0.8.0.rc1 is solving your issue?

[hbc]

@mb: Any news concerning CARP? As soon as I start sensei on CARP master, I have split communication. Cannot ping between CARP members and both nodes are master, dhcp service is communication-interrupted.

Sensei just on backup node seems to works, but except for proxy there is no traffic passing.

[mb]

Hi @hbc,

Since running the netmap bridge application produces the same result, we suspect this to be a netmap issue. I've been trying to get Chelsio adapter to see if we can re-produce this.

In the meantime, any chances you can try the same setup with a different adapter -- preferably em or igb?