Sensei on OPNsense - Application based filtering

Started by mb, August 25, 2018, 03:38:14 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 73 74 75 76 77 ... 79
User actions
January 10, 2021, 04:41:32 PM #1110
I use Opnsense with Sensei and have ads blocked for the Lan devices. Works great. Only problem is with the mobile devices connected by 4g-vpn redirect gateway- sensei -> does not block ads on those devices. Everything else is working. This while I have added both interfaces in sensei-configuration.

Anybody else having this issue? Know how to solve?
Deciso DEC850v2
January 11, 2021, 05:43:52 PM #1111
Hi

Can we have a free edition for devices less then 15?
I dont have 50 so spending  $10 a month on home seems a lot when max I have 5 devices.
January 11, 2021, 10:37:54 PM #1112
Hi @Nekromantik,

You can use the free edition for your network. Home and other licenses provide extra features. But if you ask a license type for fewer devices, unfortunately, the basic license is Home 100.
January 11, 2021, 10:40:51 PM #1113
Quote from: sy on January 11, 2021, 10:37:54 PM
Hi @Nekromantik,

You can use the free edition for your network. Home and other licenses provide extra features. But if you ask a license type for fewer devices, unfortunately, the basic license is Home 100.

ok
January 12, 2021, 05:33:15 PM #1114 Last Edit: January 12, 2021, 05:45:55 PM by mb
Hi @RamSense, can you confirm if blocking is working with PCs over vpn ? I want to make sure if this is a mobile problem.
January 13, 2021, 06:56:17 PM #1115
@MB,

That is a good question. I tried with my MacBook outside of my network with vpn connection, and the adds appear, no blocking.
When I am on my MacBook on wifi at home, no vpn, adds are being blocked.
At home iPhone wifi - vpn -> no adds getting blocked.
At home iPhone wifi - no vpn -> adds are being blocked
Deciso DEC850v2
January 16, 2021, 06:33:19 PM #1116
@ramsense, we suspect that this is due to netmap tun support adding null byte ethernet header.

We want to send you a test kernel. Can you reach out to support? Let's take it from there.
January 16, 2021, 09:36:14 PM #1117
Thank you for your reply and help.
I have just submitted a support ticket.

Deciso DEC850v2
January 17, 2021, 09:45:38 AM #1118
Hello all.

I am having an issue with policy rank. It seems that only the default policy works. Any new policy does not work. If set the default to permissive and restrict the new policy, web traffic I expect to be blocked is allowed.


I want to be able to toggle a working policy instead of updating the default each time I need to turn off filtering.

I tried searching the forum however it doesn't seem I can only search this thread?

I have the home licensing.

Side question: would it be possible to automatically upload block lists or upload lists larger than 100? Or is anything larger only available via the API? (I find the ad blocking and ad tracking 70% effective, and there are lists large lists I would like to import.)
January 20, 2021, 02:52:45 PM #1119
Hi @Miheerwa,

The policies work with and condition. Please just be careful about the criteria that you added. For example, if you add an IP and username in the same policy, a session must belong to the IP and username. If one of them doesn't match with the session, Sensei tries to match another policy and if none of them match, the Default policy is applied.

- API support will be added in 1.8
January 23, 2021, 08:36:17 AM #1120
@MB,

Thank you for the help. support has made a test kernel to solve the (opnsense) netmap problem.
In the first tests it looks like the problems being solved and all is working. Have do to some more testing, but feeling very confident that it is working now! great! thank you/sensei

Deciso DEC850v2
January 24, 2021, 08:39:16 PM #1121
@RamSense, a pull request is on the way. This might be a bit late for 21.1, but I guess this has a chance for 21.1.1.

https://github.com/opnsense/src/pull/97
January 24, 2021, 10:02:05 PM #1122
@MB thnx!
Great to hear it is on the list to being implemented / corrected.

In the meantime, I am very happy with this test kernel, and all is working great now!

Deciso DEC850v2
March 20, 2021, 08:39:07 PM #1123
Quote from: Antaris on March 13, 2020, 04:25:38 PM
Quote from: mb on January 27, 2020, 05:10:10 PM
Hi faisal,

Than it must be the cpu score. There is a 300.000 minimum cpu score requirement for Elasticsearch.

Here's  a quick hack:

1. Remove /usr/local/sensei/etc/.configdone
Code Select
rm /usr/local/sensei/etc/.configdone

3. Edit /usr/local/opnsense/scripts/OPNsense/Sensei/check_hardware.sh file and locate these lines:

Code Select
if [ $CPU_SCORE -le 300000 ]; then
       CPU_PROPER="false"
else
       CPU_PROPER="true"
fi


Change 300000 to a lower value, like 200000. 

4. Do a browser refresh on the OPNsense UI, and click on any sensei menu. It'll re-run the config wizard. Now it should select Elasticsearch.

Now I'm thinking: for cpu scores between 200K and 300K and if there is enough memory (>=8GB) I think we should let the user decide on the database backend.

This solution no longer works on fresh install today. And i can't find from where to choose Elastic engine...
Hi Murat,
One year later i have the same headbang :) This time for other reason, but i can't use mongodb on this system and the database have to be internal.
Can i ask for current method to select database engine manually?
Proxmox enthusiast @home, bare metal @work.
March 20, 2021, 09:22:44 PM #1124
Hi @Antaris, this workaround should still work today. Unfortunately, database selection is still based on the cpu score in the UI.
Print
Go Up Pages 1 ... 73 74 75 76 77 ... 79
User actions