Sensei on OPNsense - Application based filtering

[mb]

You're welcome. Here's a quick hack to bypass the check:

Open /usr/local/opnsense/mvc/app/controllers/OPNsense/Sensei/Api/ToolsController.php with your favorite editor and comment below lines:

Code: [Select]

if ((substr($interface, 0, 5) == 'vtnet') && (floatval($netmapVersion) < 13 or floatval($opnsenseInfo['product_version']) >= 20.7)) {
            $filterflag = true;
}

[actionhenkt]

Thanks! This allowed me to configure sensei. I see the packetengine is detecting traffic. However I seem to be having the same issue I had when I first upgraded to latest opnsense, the reports no longer work and dont see any live sessions.

[mb]

Hi @actionhenkt, that's good to hear, thanks for the update. For the reporting, send a PR and team will have a look.

[nines]

Even if I uninstall sensei via the uninstall button and then upgrade to 20.7 the system keeps crashing as if there is still something sensei related remaining.

Any hints?

[mb]

Hi @nines, if you've uninstalled Sensei, it's very unlikely that it'll interfere with the system.

Having said that, you can also issue the following commands:

pkg remove os-sensei
pkg remove elasticsearch5|mongodb40 (choose your database here)
pkg remove os-sunnyvalley
pkg autoremove -y
rm -rf /usr/local/sensei


Are there any errors reported? If you have any error reports or screenshots, feel free to send a PR and we'll have a look.

[nines]

//EDIT: my issues seems not to have something to do with sensei but with the problem described here:
https://forum.opnsense.org/index.php?topic=18552.msg84503#msg84503

@mb: are you able to help anyway by having a look into the dmesg log?

did that, no errors, seems like the gui installs button is doing the same.
would love to share a crash log but the whole vm crashes instantly after finished booting which makes it difficult (with just a vmware console) to copy logs etc.

strange at least ...

Code: [Select]

root@OPNsense:/home/shelladmin # pkg remove os-sensei
No packages matched for pattern 'os-sensei'

Checking integrity... done (0 conflicting)
1 packages requested for removal: 0 locked, 1 missing
root@OPNsense:/home/shelladmin # pkg remove mongodb40
No packages matched for pattern 'mongodb40'

Checking integrity... done (0 conflicting)
1 packages requested for removal: 0 locked, 1 missing
root@OPNsense:/home/shelladmin # pkg remove os-sunnyvalley
No packages matched for pattern 'os-sunnyvalley'

Checking integrity... done (0 conflicting)
1 packages requested for removal: 0 locked, 1 missing
root@OPNsense:/home/shelladmin # pkg autoremove -y
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages:

Installed packages to be REMOVED:
        ubench-0.32

Number of packages to be removed: 1
[1/1] Deinstalling ubench-0.32...
[1/1] Deleting files for ubench-0.32: 100%
root@OPNsense:/home/shelladmin # rm -rf /usr/local/sensei


[mb]

Hi @nines, disable Suricata IPS mode, and you should be fine.

We're working with netmap maintainers to fix the problem. Crash is resolved for now, but it'll take a bit more to get it fully functional (vmware vmx + netmap).

[robvanhooren]

anyone running 20.7 and sensei with chelsio 10gig (cxgbe) nics? good? bad?
thanks,
R.

[mb]

Hi @robvanhooren,

We don't have any feedback on cxgbe+netmap duo. If you have a test system and give it a try, it'd be much appreciated:

https://docs.google.com/spreadsheets/d/1RVj8K3XOzWi-Bkjq6hUxWudu7Cxd8FFTqjLiBMzZWEM/edit#gid=0

[nikkon]

hi all,

after a fresh install under Sensi-> Reports -> Bloks section is absolutely empty. After 2 weeks is still not populated considering the app control is enabled and under security, everything is checked.
any ideas?

[myzar495]

I'm getting an issue with Sensei telling me to disable Suricata when enabling Bridge mode. The thing is, it isn't enabled. All Hardware interfaces are off as well. Bit of a strange thing this is.

Thanks

[mb]

Hi @nikkon, can you do a re-install and see if this helps? I guess a post-install check did not get through for you.

Below command will do the trick:

pkg install -f -y os-sensei

If not, send a PR and team will have a closer look.

[mb]

Hi @myzar495, Sensei will complain if you configured Suricata on one of its interfaces (even if Suricata is not running yet).

Reason is, later on users might start Suricata with the saved configuration forgetting that Sensei is running on the same interface.

[myzar495]

Hi @myzar495, Sensei will complain if you configured Suricata on one of its interfaces (even if Suricata is not running yet).

Reason is, later on users might start Suricata with the saved configuration forgetting that Sensei is running on the same interface.

I don't remember ever even using it on this particular OPNSense setup. It's off now. I can't really uncheck WAN as it doesn't let me save without an interface assigned.

Is there a workaround? Can I assign it to another interface? Can I remove the config file?

[nikkon]

Thanks for the tip! Reinstall worked just fine