Sensei on OPNsense - Application based filtering

Started by mb, August 25, 2018, 03:38:14 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 61 62 63 64 65 ... 79
User actions
June 27, 2020, 03:33:08 AM #930
Hi @Koldnitz,

Thank you very much for your feedback. We're happy to hear that you like Sensei so far.

We are curious about the lagg interface problem. Yes, as you put it, Sensei protects member interfaces. It's normal if they go down/up during Sensei start/stop because enabling netmap mode forces an interface down/up event.

But I guess this is different, and if you can create a problem report from the Sensei UI - Report Bug - on the UI right hand corner , that would be very much helpful.

For the Cloud Portal account, if you do additional password reset requests previous links become invalid and you need to use the latest activation code. If you can PM your email address to me, I can have it inspected.
June 27, 2020, 06:29:30 AM #931
Since you have not heard about this, I will provide a slightly better description.

Generally, what seems to happen is that after I start Sensei (within 10 to 20 minutes) something happens with my interfaces and it says in the logs shown on Dashboard / Lobby screen a hot plug event and then shortly thereafter I get a line saying possible flapping and one of the Lagg ports goes down (light on router port stops blinking / goes solid, and status tab in Sensei shows one interface doing everything whole other interface is all 0s or bytes.

In the System Diagnostics Activity tab the 1 of the 2 Eastspec processes (my processor is a 2 core 4 (hyper)threads but it looks like 4 CPUs to Opnsense) goes nuts.  On Netdata the temperature chart gets weird, showing 2 cores 20+ celsius hotter than the 2.  Also in Netdata one of the CPUs (threads) goes crazy compared to the other 3.

I never had this problem until I set up the Lagg interface (I ran Sensei for maybe 2 to 4 weeks before I set it up), and once Sensei is shut down(I do it from the status tab) it disappears because whenever Sensei is started / shutdown all interfaces reinitialize up and down.

This leads me to be 99% certain it has to do with Sensei interacting with the Lagg interface. Furthermore, I have not seen it happen without Sensei running, and I have had to restart Sensei 2 to 3 times at times to get it to start correctly.

I will definitely create report and send you all the logging information available to the report next time it happens.

P.S.  I did all the tweaks I could find to eliminate flapping on this forum and over at pfsense forum but it still happens.
June 29, 2020, 06:49:54 PM #932
Hi @Koldnitz, thanks for the additional information and for the report.

It looks like we have your problem report. Team will be following up with you.
June 29, 2020, 07:51:51 PM #933
Quote from: mb on June 19, 2020, 11:09:08 PM
(...)
On the other hand, it is quite challenging to create a home tier that can satisfy all our home users also at the same time to differentiate our business users.

Having said that, we're on it and we want to make sure we are up to the expectations of our unique beloved users :)


So, have you reached conclusion when it comes to number of devices (>50) for home users?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 29, 2020, 10:37:10 PM #934
Quote from: GreenMatter on June 29, 2020, 07:51:51 PM
So, have you reached conclusion when it comes to number of devices (>50) for home users?

Hi @GreenMatter, yes. Hopefully we'll have an announcement this week.

June 29, 2020, 10:38:19 PM #935
Dear Sensei users,

As some of you might have noticed, Sensei 1.5.2 is out.

This is a maintenance release for 1.5. For the full Release Notes:

https://www.sunnyvalley.io/post/sensei-1-5-2-for-opnsense-is-out/

June 30, 2020, 09:32:15 AM #936
Hello,

Gave Sensei a go over the past 5 days or so. Linked up with AWS ElasticSearch and pushed on. My initial impressions were good but at the end of that test some strange things began to happen.

Serving FW would drop LAN randomly around every 5 minutes or so. Checked logs tried turning every added feature off even re-configuring anew. Finally turned off and uninstalled Sensei completely and now everything is fine. Not sure exactly what was causing the issue due hasty resolve but definitely not stable.

Paid for a license too early it would seem.

Also, the UI is buggy. Around 60% of the time the status and reporting graphs would shake around a little in their designated cells. This behavior would continue until I logged out and back in but not always.

Promising and indeed grateful to have this for an open project but needs more work before prime-time in a serious/critical environment IMHO.


Specs:

Manufacturer: Supermicro
Product Name: Super Server
Processor: Intel(R) Pentium(R) CPU N3710 @ 1.60GHz
Core: 4
RAM: 8GB
June 30, 2020, 09:58:36 AM #937
Quote from: mb on June 29, 2020, 10:38:19 PM
Dear Sensei users,

As some of you might have noticed, Sensei 1.5.2 is out.

This is a maintenance release for 1.5. For the full Release Notes:

https://www.sunnyvalley.io/post/sensei-1-5-2-for-opnsense-is-out/


Yes, I have updated to 1.5.2 and have noticed that Live Blocked Sessions Explorer displays empty page. See attachment.
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 30, 2020, 10:42:13 AM #938
If I want to exclude more than one domain from cloud queries (Cloud & Thread Intel tab in configuration):
Local Domain Name To Exclude From Cloud Queries:
Shall I separate them by space or coma or something else...?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 30, 2020, 06:17:38 PM #939
Quote from: mb on June 29, 2020, 10:37:10 PM
Quote from: GreenMatter on June 29, 2020, 07:51:51 PM
So, have you reached conclusion when it comes to number of devices (>50) for home users?

Hi @GreenMatter, yes. Hopefully we'll have an announcement this week.




https://www.sunnyvalley.io/plans/
Quote
Up to 100 Devices

Kewl thx ;)
June 30, 2020, 06:49:54 PM #940
@STX, you can always request a cancellation through the Cloud Portal. We'll be happy to help.

Having said that, chances are high that the thing with the interface going down/up might be related to netmap(4).

Let us have a closer look.  You can send a problem report through the user interface. Just click on "Report Bug" menu located on the upper right hand corner. Make sure you share the relevant logs and team will take it from there.
June 30, 2020, 06:55:48 PM #941
@GreenMatter, this is caused by a bug in earlier versions. Though it is fixed in 1.5.2, since the erroneous entry is still in the database you still experience the problem.

I'll share a simple command which will get it sorted out.

For the cloud query, you can only specify a single domain name there, since it was meant to whitelist local network. However, domains ending in  ".local", ".localdomain", ".lan", ".intra", ".intranet",  ".bind", ".home", ".mshome", ".corp", ".mail",  ".group", ".workgroup" are considered local and they do not get queried from the Cloud.
June 30, 2020, 06:58:20 PM #942
Quote from: binaryanomaly on June 30, 2020, 06:17:38 PM

https://www.sunnyvalley.io/plans/
Quote
Up to 100 Devices

Kewl thx ;)

Yes, and all welcome :) Still a few minor things left to get it right technically. Official announcement to follow shortly.
June 30, 2020, 07:35:13 PM #943
System: OPNsense 20.7.b_181-amd64
FreeBSD 12.1-RELEASE-p5-HBSD
OpenSSL 1.1.1g 21 Apr 2020

Sensei 1.5.2 missing:
June 30, 2020, 07:40:14 PM #944
Hi @yeraycito, You are on OPnsense 20.7 beta and it looks like you've somehow installed FreeBSD11 package. Can you try:

pkg remove os-sunnyvalley-devel
pkg install os-sunnyvalley-devel
pkg install -f os-sensei

Print
Go Up Pages 1 ... 61 62 63 64 65 ... 79
User actions