OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • Sensei on OPNsense - Application based filtering
« previous next »
  • Print
Pages: 1 ... 43 44 [45] 46 47 ... 79

Author Topic: Sensei on OPNsense - Application based filtering  (Read 360729 times)

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #660 on: December 05, 2019, 10:10:07 pm »
Hi @Antaris, thanks, well noted. This will ship with the next release.
Logged

JohnDoe17

  • Newbie
  • *
  • Posts: 37
  • Karma: 5
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #661 on: December 06, 2019, 05:57:02 pm »
@mb

Please consult the attached picture...

Is this message normal?  What does it mean?

Thanks.


Logged

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #662 on: December 07, 2019, 03:30:39 am »
Hi @JohnDoe,

This is HardenedBSD's SEGVGUARD. Message means, sensei engine terminated once and SEGVGUARD tracked the application for some time to make sure someboady is not trying to do a memory-guessing brute-force attack.

If it was, the mechanism would have stepped in and prevented further restarts of the process.

Although, this does not have a practical effect on your traffic, we would like to analyze these to find the root cause and fix the root problem.

When for any reason sensei engine is terminated, it is automatically restarted; and traffic flow resumes.
Logged

jf2001j

  • Newbie
  • *
  • Posts: 4
  • Karma: 1
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #663 on: December 08, 2019, 09:42:00 am »
Quote from: jf2001j on December 04, 2019, 07:53:55 am
I would like to see in the Sensei Dashboard all connections, including of the firewall itself (like checking for updates, Cloud Reputation check, check for phone-home functionality of other plugins, etc.).

Privacy is my concern. I use Sensei for getting an overview over iOT devices, but also want to trust that Sensei itself does not do unwanted connections. For this i have disabled all settings inside Sensei for connections to the Sensei backend, including auto-update.

Could you please describe why the JS from stripe.com included in several Sensei Dashboard webpages is loaded and why it posts data to https://m.stripe.com/4?

I'm also wondering why I did get the notification "Engine 1.2.1" is available for update inside Sensei without auto-update. But I don't have facts here. Perhaps an error on my side.
Logged

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #664 on: December 09, 2019, 09:39:27 pm »
@jf2001j, understood and well respected.

Stripe is our payment backend. This JS needs to get loaded if you want to do an in-app purchase for Sensei Subscription. Though, it might be better to delay its loading until the user opens "Upgrade to Premium" menu, instead of loading it during Sensei UI initialization routines.

If you disabled "Check For Updates Automatically", Sensei should not contact our update server anymore. If you did see a new update notification, two possibilities:

1. This could be a cached result of an update check done before you disabled auto updates.
2. You could have manually invoked "Check for updates" from Sensei -> Status and, this could be a cached result of this operation.

Thank you for your attention. Feel free to get back to us (you can also e-mail to privacy - at - sunnyvalley.io) if you see anything that needs further  attention here.
Logged

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #665 on: December 10, 2019, 11:18:26 pm »
Dear Sensei users,

Sensei 1.2.2 is out fixing some minor problems reported.

https://www.sunnyvalley.io/post/sensei-1-2-2

Enjoy,
Sensei Team
Logged

tusc

  • Newbie
  • *
  • Posts: 33
  • Karma: 4
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #666 on: December 10, 2019, 11:59:17 pm »
Quote
@mb I'm running into that bug that I reported back during beta again.

Quote
@donato, we received your problem report and logs, thanks. This looks like something related to the order of services. It looks like after opening an interface in netmap mode, a later interface related action is mangling its operation. Will keep you posted.

@mb, is this resolved in 1.2.2? I thought my issue was fixed when I disabled other services like maltrail and ntopng but I still see this problem. I just updated to 1.2.2 and about a few minutes after the packet engine is started I lose complete access to the firewall and Internet. Let me know what logs I can provide to help figure this out. Thanks.
Logged

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #667 on: December 11, 2019, 12:18:15 am »
Hi @tusc, nope, we have not addressed that one. It's a nasty bug, which we cannot reproduce. Working on it. If you can send the /usr/local/sensei/log/ directory over to us via e-mail that would be great. Email to send: sensei - at - sunnyvalley.io

or

Click on Contact Sensei Team on the upper right hand corner, select Problem Report and make sure you select "Send logs" option.
Logged

Quetschwalze

  • Newbie
  • *
  • Posts: 29
  • Karma: 3
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #668 on: December 11, 2019, 12:41:01 pm »
@mb Would it be possible to have the Firewall Aliases available in Sensei's Policy Configuration as well? Adding IP-Adresses in two places feels redundant.
Logged

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #669 on: December 11, 2019, 05:49:33 pm »
@Quetschwalze, this would be a great feature. Added to the 1.3 workload ;)
Logged

jh

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #670 on: December 12, 2019, 03:17:29 pm »
hi mb,
i'm already using the free version for some time now and thinking about buying the home edition
so i still have some questions about the upper limit of 50 clients for the home edition.
My daily sensei report for the free version shows me an entry "Unique Local Hosts". Is this the value I can orientate myself on for the limit of 50?
How is the number of clients exactly calculated?  IPs in use?
What about clients/ip-addresses that are already blocked in the opnsense firewall and don't generate any traffic through the firewall at all? are they included in the calculation?
Currently I get 29 hosts displayed under Unique Local Hosts. But this is not correct. Only when I additional count my default gateway, coupling networks on the WAN side I get 29 clients.
what exactly happens when the maximum is exceeded?

Thank you
Juergen
Logged

Quetschwalze

  • Newbie
  • *
  • Posts: 29
  • Karma: 3
    • View Profile
Re: Sensei on OPNsense - Application based filtering
« Reply #671 on: December 12, 2019, 06:22:55 pm »
Quote from: mb on December 11, 2019, 05:49:33 pm
@Quetschwalze, this would be a great feature. Added to the 1.3 workload ;)

Awesome, looking forward to that!

I have a question I'm not sure whether its been asked before.
I'm utilizing policies to have different features active for different subnets. However, this only seems to work for me in conjunction with VLANs. If I try to bind a different policy on an untagged / default VLAN (only using the IP / Network Description) its not working. Only the Default Policy shows up in the reports. Is this expected?
Logged

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #672 on: December 12, 2019, 08:07:15 pm »
Hi @jh,

Internal memory buffers are adjusted according to IPv4 hosts. You don't need worry about IPv6 addresses.

Unique Local Hosts include both IPv4 and IPv6 addresses. If you want to see only IPv4 addresses, add a "Transport Proto" filter (Add Filter button on the top of Reports page) as TCP. Then the number of unique hosts value shows your actual device count.

We're updating Conn - Facts information to better show this information. With 1.3, you'll also have "Unique Local Devices" information.

So, for your Home Subscription, we had set it to 50 for providing a peace of mind; so it should be enough for Home use. If in any case, number of devices exceeds this, provided that it's not sustained, it should not cause a problem.
Logged

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #673 on: December 12, 2019, 08:14:15 pm »
Hi @Quetschwalze,

Subnet/IP address based policies should work with or without VLAN. Let me reach out to you, and see what goes on there.
Logged

mb

  • Hero Member
  • *****
  • Posts: 911
  • Karma: 97
    • View Profile
    • Sunny Valley Networks
Re: Sensei on OPNsense - Application based filtering
« Reply #674 on: December 16, 2019, 06:50:07 pm »
Dear Sensei users,

Sensei 1.2.3 maintenance release is out. Below is the Changelog:

Premium
  • Convenience: warning message displayed when allowed number of policies reached for Home Edition
  • Fix: Policy refreshes
Reporting
  • Local Unique Devices information added to Conn - Facts chart in Connections View
  • Autowhite/blacklist Hosts: remember user preference (sending categorization feedback)
Other
  • Fix: Increase netmap buf_num value to accommodate both Suricata and Sensei on high-end servers
  • Other performance and reliability improvements

Enjoy ;)
Sensei Team
Logged

  • Print
Pages: 1 ... 43 44 [45] 46 47 ... 79
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • Sensei on OPNsense - Application based filtering
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2