Sensei on OPNsense - Application based filtering

[yeraycito]

Other
Fix: Increase netmap buf_num value to accommodate both Suricata and Sensei on high-end servers

compatibility sensei - suricata low-end devices?
CPU Type Intel(R) Celeron(R) CPU J3160 @ 1.60GHz (4 cores)
Memory: 8GB

[mb]

Hi @yeraycito,

dev.netmap.buf_num value was low if both Sensei and Suricata was run on -even- different interfaces. This was due to some high-end network adapters having multiple Rx/Tx queues, and thus requiring more kernel memory.

Work on Suricata+Sensei running on the same interface is underway.

[marcri]

I can't deactivate "US-East" Cloud-Node
Machine Version:    1.2.3
UI Version:    19.12.14
Database Version:    1.2.0

[mb]

Hi @marcri, sensei needs at least two cloud nodes. You should be able to select any other node as the second one. Can you confirm that this is the case? If not let's check it out.

[marcri]

Hi @marcri, sensei needs at least two cloud nodes. You should be able to select any other node as the second one. Can you confirm that this is the case? If not let's check it out.

Hi @mb,  selecting an other second node works.
Thanks

[mb]

@marcri, that's good to hear. A side note: we'll launch another Europe node in the coming year.

[Kruemel]

Hi,

just wondering: I setup sensei to block advertisments. Sometimes I get the page:

#################
The page you are trying to access is restricted by your organization.

Reason:   Advertisements site access
Client IP:   192.168.1.30
Remote IP:   91.215.103.xxx
Application:   Web Browsing
Application Category:   Web Browsing
Web Category:   Advertisements
#################

And sometimes the connection is just reset: ERR_CONNECTION_CLOSED

Why is this?

Thanks and best regards
Marco

[mb]

Hi Marco, many thanks for trying sensei.

This happens if the blocked connection is not speaking HTTP. Sensei displays Landing Page only if it is an HTTP connection.

For HTTPS connections, since TLS comes early and client and server does not yet speak HTTP, we cannot display the landing page (behavior to change with TLS inspection feature, see below)

3. For Application control, we do not display since it might be a connection which does not speak HTTP.

For HTTPS connections, block pages will be available along with TLS inspection feature.

For more FAQ, see: https://help.sunnyvalley.io/hc/en-us/articles/360025100613-FAQ

[opnsenseuser]

@mb

Today i did a opnsense firmware update to 19.7.8

After this update i can´t start monogdb anymore.

I deleted the report data and even reinstalled the sensei package and did a restart of opnsense but had no luck!

What can i do?

See my screenshot!!

thx
regards rené

[opnsenseuser]

@mb

Today i did a opnsense firmware update to 19.7.8

After this update i can´t start monogdb anymore.

I deleted the report data and even reinstalled the sensei package and did a restart of opnsense but had no luck!

What can i do?

See my screenshot!!

thx
regards rené

don´t know where the problem is!

[mayo]

Same for me. Decided to uninstall and not install anymore.

@mb

Today i did a opnsense firmware update to 19.7.8

After this update i can´t start monogdb anymore.

I deleted the report data and even reinstalled the sensei package and did a restart of opnsense but had no luck!

What can i do?

See my screenshot!!

thx
regards rené

don´t know where the problem is!

[Antaris]

Same for me. Decided to uninstall and not install anymore.

@mb

Today i did a opnsense firmware update to 19.7.8

After this update i can´t start monogdb anymore.

I deleted the report data and even reinstalled the sensei package and did a restart of opnsense but had no luck!

What can i do?

See my screenshot!!

thx
regards rené

don´t know where the problem is!

And the relation to the problem of this thred is??
Can you be more specific why you abandone Sensei?

[mayo]

Simple: every Opnsense update Sensei stops working.

Same for me. Decided to uninstall and not install anymore.

@mb

Today i did a opnsense firmware update to 19.7.8

After this update i can´t start monogdb anymore.

I deleted the report data and even reinstalled the sensei package and did a restart of opnsense but had no luck!

What can i do?

See my screenshot!!

thx
regards rené

don´t know where the problem is!

And the relation to the problem of this thred is??
Can you be more specific why you abandone Sensei?

[Antaris]

Simple: every Opnsense update Sensei stops working.

Sensei is relatively new addon to OPNsense. Monogdb in it is even newer. I think we need more patience here...

[mb]

Ok, I think I have an idea about what's going on:

19.7.8 update seems to remove mongodb40 and dependencies.

Code Select Expand

=====
Message from opnsense-19.7.8:

--
Roar!
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 3 packages:

Installed packages to be REMOVED:
boost-libs-1.72.0
icu-65.1,1
snappy-1.1.6_1

Number of packages to be removed: 3


Update: Problems is related to mongodb package. Elasticsearch is fine. We're shipping new mongodb40 packages momentarily. Will update the thread.