Sensei on OPNsense - Application based filtering

[mb]

Dear Sensei users,

I'm pleased to announce that Sensei 1.3 is out with the following new features / fixes:

SOHO Subscription goes live

• Sensei SOHO Subscription goes live
• In-App purchase option for all subscription options. You can now purchase all Sensei Subscriptions easily through Sensei User Interface

Filtering

• New Premium feature: Pause/Resume internet for a policy with a single click
• User defined lists: handle subdomain matching more intutively. If you add domain.com, sensei will match all subdomains under this domain

Reporting

• New Premium feature: Export PDF: You can export the charts or live session reports as PDF files
• New Premium feature: Activity Report: A more condensed and brief version of live connection activity report
• New Premium feature: Fully Customizable Views. You can now add new fully configurable views
• Security Reports renamed as "Block Reports
• Optimized time based charts (Mongodb backend)
• Fixed policy name in Security Reports

Other

• Contact Sensei Team: improved to share more relevant information during bug-reports
• Version history now shows feature history for all previous releases
• API security tokens: ability to remove existing keys
• Scheduled e-mails: fixed timing bug sometimes causing scheduled emails to fail
• Wizard: initial configuration wizard now checks if your OPNsense is current and up to date
• Dropped support for OPNsense 19.1.x and prior releases
• Other performance and reliability improvements

We'll have another post about planned upcoming developments regarding netmap project, better OPNsense integration and new features that are to be shipping in 2020.

Enjoy :)
Your Sensei Team

[malac]

i updated to version 1.3 and lost my premium subscription and security configuration.
After installing premium key and doing configuration manually, it seems to work o.k. again

[Darkopnsense]

Hi,
After the SENSEI 1.3 update, on three machines the widget no longer works. Even after uninstalling and reinstalling the SENSEI plugin.
cordially

[Darkopnsense]

Hi,
Version 1.3_1 did not reinstate the widget bug.
But after an hour, the widget displays again ???

[malac]

after updating 1.3 to 1.3_1 i lost again my premium subscription and security configuration.
After installing premium key and doing configuration manually, it seems to work o.k. again

will that happen on every update now?

[mb]

Hi @Darkopnsense,

We couldn't reproduce the widget issue. Can you create a problem report via "Contact Sensei Team" menu located on the upper right hand corner? Make sure you check all three options. We'll take it from there.

Hi @malac,

Sorry for the invonvenience, 1.3 had a url translation bug which leaded to the license issue. 1.3_1 is a hotfix for this. You've upgraded to 1.3_1 but since the currently running code was still 1.3 you still had the problem. Looking forward you should be safe.

Security settings issue is related to the above problem. You should be safe now.

[opnip]

Have regularly messsages like this (1.3_1) (newest is top)

Code Select Expand


Jan 25 08:05:00 kernel: -> pid: 47971 ppid: 25978 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
Jan 25 08:05:00 kernel: [HBSD SEGVGUARD] [/usr/local/sensei//bin//eastpect (47971)] Suspension expired.
Jan 25 08:01:08 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.20.1) (interface: Guest[opt2]) (real interface: igb0_vlan20).
Jan 25 08:01:08 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'igb0_vlan20'
Jan 25 08:01:08 opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for Guest(opt2) but ignoring since interface is configured with static IP (192.168.20.1 ::)
Jan 25 08:01:08 opnsense: plugins_configure hosts ()
Jan 25 08:01:08 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.8.1) (interface: LAN[lan]) (real interface: igb0).
Jan 25 08:01:08 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'igb0'
Jan 25 08:01:08 opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.8.1 ::)
Jan 25 08:01:08 kernel: igb0_vlan30: link state changed to UP
Jan 25 08:01:08 kernel: igb0_vlan40: link state changed to UP
Jan 25 08:01:08 kernel: igb0_vlan20: link state changed to UP
Jan 25 08:01:08 kernel: igb0: link state changed to UP
Jan 25 08:01:04 opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for NoT(opt3) but ignoring since interface is configured with static IP (192.168.30.1 ::)
Jan 25 08:01:04 opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for IoT(opt5) but ignoring since interface is configured with static IP (192.168.40.1 ::)
Jan 25 08:01:04 opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for Guest(opt2) but ignoring since interface is configured with static IP (192.168.20.1 ::)
Jan 25 08:01:03 opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.8.1 ::)
Jan 25 08:01:03 sshlockout[69152]: sshlockout/webConfigurator v3.0 starting up
Jan 25 08:01:03 kernel: igb0_vlan30: link state changed to DOWN
Jan 25 08:01:03 kernel: igb0_vlan40: link state changed to DOWN
Jan 25 08:01:03 kernel: igb0_vlan20: link state changed to DOWN
Jan 25 08:01:03 kernel: igb0: link state changed to DOWN
Jan 25 08:01:03 kernel: pid 6147 (eastpect), uid 0: exited on signal 11

[yeraycito]

Sensei: Good idea
Sensei integration with opnsense: Very bad
Sensei integration with Suricata: Very bad
Sensei's performance in general: Very bad
The funny thing is that they want us to pay for unfinished software that doesn't work.

[mb]

Hi @opnip, Looks like a bug. I'll be PM'in you for a debug session.

[mb]

Hi @yeraycito,

Many thanks for trying Sensei and sharing your feedback.

Glad to hear that you find Sensei idea interesting.

As of today, there are around 1000 global Sensei deployments spread over 70+ countries. Eacch deployment protect a wide range: from 5 devices to thousands of devices. A proportion of these deployments are Premium Subscribers.

Like any other software in the world, Sensei will work for some people now, for some in the near future.

Eventually, Sensei team will complete every single item in their roadmap to make it work for everybody.

We're committed to accomplish this goal.

The best way to see if it's working for you now is to try the Free Edition, and consider the Premium Edition afterwards if you see it fit for your use cases.

The best way to help improve Sensei is reaching out to us through "Contact Sensei Team" menu option in the Sensei User Interface. You can create bug reports and even suggest ideas for us to consider.

We may not get back to you the second you send a report, however be assured that these reports are evaluated at the highest level in the company.

We've worked hard to be able to provide Sensei to the OPNsense community. We'll work ever harder to make it a perfect solution in the world.

[Antaris]

From the last update (1.3_1) my widget won't show info:

[the-mk]

mine is a bit messed up too...

[mb]

@the-mk, got your PR.

@Antaris, any chances you can send a PR (Contact Sensei Team menu located in the upper right hand corner of the UI).

[Antaris]

@mb,

Sent for this one and replied for the one from 24-th...

[mb]

@Antaris, got it, thanks.