Sensei on OPNsense - Application based filtering

[yeraycito]

Uninstalled and reinstalled from opnsense-firmware-plugins: 1.5.2 missing

[mb]

@yeraycito, give it one more try. 1.5.2 is there now.

[yeraycito]

That's it. Installed from the console.

[GreenMatter]

@GreenMatter, this is caused by a bug in earlier versions. Though it is fixed in 1.5.2, since the erroneous entry is still in the database you still experience the problem.

I'll share a simple command which will get it sorted out.

For the cloud query, you can only specify a single domain name there, since it was meant to whitelist local network. However, domains ending in  ".local", ".localdomain", ".lan", ".intra", ".intranet",  ".bind", ".home", ".mshome", ".corp", ".mail",  ".group", ".workgroup" are considered local and they do not get queried from the Cloud.

Thanks @mb!
I've just received a prompt reply from support and running following command:

Code: [Select]

echo -n "delete from user_configuration where id = 2;" |sqlite3 /usr/local/sensei/userdefined/config/settings.dbhas fixed an issue...
And thanks for updating Sensei plans!

[yeraycito]

If you need to update it from the console.....Sensei:Status - Engine versión - check updates ?
                                                                      os-sensei-updater 

[GreenMatter]

If I have multiple policies, does their order make any difference?
For example, I have 2 almost identical policies: #1 is the main, set as vlan13, #2 is a copy with additionally blocked app, set as vlan13 subnet (I couldn't choose same vlan13) and with active schedule (on & off).
So now policies order is as follow:
Default
#2
#1


If it is like that:
Default
#1
#2
would it change anything?

[yeraycito]

After installing version 1.5.2 I tried to install wireguard but it didn't work. I have uninstalled wireguard and restarted opnsense and mongodb does not start.

[mb]

Hi @GreenMatter,

Yes, policy order does matter. Suppose that you have:

Default
Policy 1
Policy 2

Engine tries to match in this order:
Policy 1
Policy 2
if none matches assigns Default policy.

With 1.6, we've changed the display order so it will be just as it is evaluated:
Policy 1,
Policy 2,
Default

PS: in case you did not notice: you can re-order policies in the policy list view which is displayed when you click on the Policies from the left menu.

[mb]

After installing version 1.5.2 I tried to install wireguard but it didn't work. I have uninstalled wireguard and restarted opnsense and mongodb does not start.

Hi @yeraycito,

Might be that wireguard has a clashing dependency. Let's have a look here.

Anyhow, to re-install just do:

pkg remove mongodb40
pkg install mongodb40

[yeraycito]

After installing version 1.5.2 I tried to install wireguard but it didn't work. I have uninstalled wireguard and restarted opnsense and mongodb does not start.

Hi @yeraycito,

Might be that wireguard has a clashing dependency. Let's have a look here.

Anyhow, to re-install just do:

pkg remove mongodb40
pkg install mongodb40

It worked, thanks.

[actionhenkt]

I have a few questions about sensei,

1 I have a home subscription, is TLS/SSL inspection available for home users (if so how do I set it up?) ?
2. Is it possible to view blocks in a table format so I can easily see which website has been blocked ?
3. There is a template blockpage set up to show up when a website is being blocked, I almost never see this page when a site is blocked, is it possible to show this block page on ssl connections (its a little confusing now because now i see an error page that says dns_probe_finished or connection_closed so I dont know if this was sensei blocking the page, or if my DNS has some issues. to check I have to go through reports on sensei so thats my reason for question2) ?

Thanks!

[mb]

Hi @actionhenkt,

1. TLS/SSL inspection will be on the premium (will be renamed to enterprise soon) tier.
2. Sure, you have it already. Go to Reports -> Blocks -> Live Blocked Sessions Explorer. This shows in realtime which connections are blocked and for what.
3. Yes, please see this FAQ entry:
https://help.sunnyvalley.io/hc/en-us/articles/360025100613-FAQ#h_3fc561e1-efd2-4e19-8cc7-accb5b2ebaac

[mb]

Dear Sensei users,

As this is a very much requested feature, I feel like I should let you know now:

Beginning with release 1.6, Sensei will have two more dns enrichment sources

1. Engine will do an active real-time reverse PTR query in case it cannot detect an immediate dns enrichment data from previous attempts  (available in home & higher subscription tiers)

2. Also, it'll utilize and prioritize OPNsense alias definitions if you have created a Host alias. (will be available in all tiers)

We hope to ship 1.6 later this month.

Stay safe & healthy,
Sensei team

[Rickytr]

After the latest update I cannot see sessions in reports blocks anymore so I cannot add exception for single destinations.
Any suggestion?

[evergreek]

During high network utilization I see..

0% /usr/local/sensei/output/active/temp [ufs]

go above 100% - is that normal?