Sensei on OPNsense - Application based filtering

[mb]

Just wanted to say it's a very nice interface and works well. Very user friendly. Ran into an issues where the reports are getting corrupted and I have to fix them. How far away on the roadmap is importing custom whitelist/blacklist and will it be on the free tier? Maybe even a page to add url's to pull our favorite lists and a few popular ones preloaded to enable?

Hi @mow4cash, glad to hear that Sensei is of use for you.

The thing about reports might be due to abrupt shutdown of the firewall or /var directory being mounted as a tmpfs directory. Former breaks database indexes and latter one resulting in loss of indices after a reboot.

You can currently create user defined black/white lists and custom categories with user-defined web categories.

I guess what you're looking for is bulk addition, am I correct? I guess we can provide a functionality to bulk import URLs/Domains in the free edition. This could be an enhanced version of the current functionality where you can not only input a single domain but a batch of domains to any user defined category.

Would that work?

[mb]

Thanks to @JohnDoe17's help, we figured out what's causing the Elasticsearch issue.

With 1.1 release, we had removed Elasticsearch package dependency (Because from now on, Sensei can also run with other databases).

With prior installation of Sensei, this means, elasticsearch is now an orphaned package.

OPNsense update triggered a pkg autoclean, which resulted in orphaned elasticsearch5 package being removed.  Reports data is not deleted and safe.

For the workaround, you'll need to re-install elasticsearch with this command;

Code Select Expand

pkg install elasticsearch5

1.1_2 is on the way to handle the new updaters.

[mb]

Dear Sensei users,

1.1_2 hotfix is out. This addresses the Elasticsearch issue.

Make sure you have Health Check enabled. It will take care of the rest and re-install the database for you.

[mow4cash]

Just wanted to say it's a very nice interface and works well. Very user friendly. Ran into an issues where the reports are getting corrupted and I have to fix them. How far away on the roadmap is importing custom whitelist/blacklist and will it be on the free tier? Maybe even a page to add url's to pull our favorite lists and a few popular ones preloaded to enable?

You can currently create user defined black/white lists and custom categories with user-defined web categories.

I guess what you're looking for is bulk addition, am I correct? I guess we can provide a functionality to bulk import URLs/Domains in the free edition. This could be an enhanced version of the current functionality where you can not only input a single domain but a batch of domains to any user defined category.

Would that work?

That would be great to be able to bulk import lists. Would it be possible to have imports from URL?

When I use the live session report viewer I noticed there is only a blacklist action and not a whitelist action. Is this by design?

[tong2x]

would be even great if it can also regularly import/update daily or weekly if not to much to ask.

@mow4cash
would all/most blacklist have the same format? like Shalla's Blacklists, the free ones.

[ckishappy]

thanks this helped to fix it

Thanks to @JohnDoe17's help, we figured out what's causing the Elasticsearch issue.

With 1.1 release, we had removed Elasticsearch package dependency (Because from now on, Sensei can also run with other databases).

With prior installation of Sensei, this means, elasticsearch is now an orphaned package.

OPNsense update triggered a pkg autoclean, which resulted in orphaned elasticsearch5 package being removed.  Reports data is not deleted and safe.

For the workaround, you'll need to re-install elasticsearch with this command;

Code Select Expand

pkg install elasticsearch5

1.1_2 is on the way to handle the new updaters.

[mb]

thanks this helped to fix it

@ckishappy, all welcome.

A quick note: we are aware of a problem with vlans. Looks like an ABI issue, and a re-compile is fixing. Will post an update soon.

[hbc]

How can I downgrade sensei back to 1.0.2? Or can anybody provide me an old package or download URL?

Version 1.1. patronizes me what I have to find moderate.

[actionhenkt]

I can block per host now with this update, nice. Are there plans for a "home use" subscription ? When deploying sensei I get the option to deploy for home use (10 devices), 25 devices etc. On the site where I can order a subscription it starts at 25 devices..

[mb]

@actionhenkt, happy to see that it worked well. Yes, we'll announce a home/small office subscription with an affordable pricing, very soon. (Hopefully late November/early December)

@hbc, just replied to your e-mail.

@tong2x, @mow4cash; we gave a bit of thought to this. We can provide an interface to process bulk domain/url imports. On the other hand, trying to pull the lists from list source URLs have multiple challenges. As @tong2x wrote, they have different formats, and trying to do that in the firewall itself; this looked like a seperate project, which required additional resources from the team. If someone is willing to handle that, we are happy to provide an interface in Sensei's UI so that they can be easily managed (i.e. they appear as third party community categories, and can be checked in/out).

[xpendable]

Hello,

I just upgraded to version 1.1 of Sensei and and find the new category presets in web controls to limiting as I am now locked in to the presets defined by Sunny Valley. I know the pricing for home versions will be coming shortly, however perhaps a better solution for restricting the web controls would be to limit the amount of categories selected to say 8-10 categories instead of predefined categories within set profiles.

Other then that I look forward to the subcription pricing for home users.

[giovanit]

Hello,

I just upgraded to version 1.1 of Sensei and and find the new category presets in web controls to limiting as I am now locked in to the presets defined by Sunny Valley. I know the pricing for home versions will be coming shortly, however perhaps a better solution for restricting the web controls would be to limit the amount of categories selected to say 8-10 categories instead of predefined categories within set profiles.

Other then that I look forward to the subcription pricing for home users.

I agree.

In my case, I use only 3 categories.

[JohnDoe17]

@mb

I just upgraded my firewall from 19.1.10_1 to 19.7.6 again, and I'm having the same problem with elasticsearch.  It's not starting.  In fact, I don't think it's even installed.  It looks like engine 1.1_3 is used, so I assumed the issue would be fixed.

Are you aware of this?  Did I misunderstand the fix?

Also, if I just upgrade the 19.1.10 components (and not go to 19.7.x), it seems to break Sensei too in the same way.

[bunchofreeds]

Hello,

Apologies if this has already been covered.

Can Sensei and Suricata co-exist on the LAN interface yet?

Thanks for any update on this.

[mb]

@giovanit, @xpendable we'll release home subscription this week.

@JohnDoe17, elastic issue has been addressed with 1.1_3. Health check does the elasticsearch5 re-install if it was removed. Make sure health check is turned on. If it does not do the job, just run

Code Select Expand

# pkg install elasticsearch5

and you are good to go. Your data is safe, after reinstall you'll have your old reports.

@bunchofreeds, yes this is not addressed yet. This is now one of the things in the top of our list. Hope to have it end of this year or early next year.