Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - HackedComputer

Pages: [1]
1
IDS/IPS / Suricata netmap_transmit error
« on: February 12, 2018, 09:34:30 am »
Hey,


I have been running pfSense+Snort within ESXi without a hiccup an Intel NIC is passed through directly via VT-d. Recently, I decided to give Suricata another go. I cloned the current setup, and deployed it under a different name. I removed Snort and installed Suricata. Spent the next few days configuring it in IPS Inline mode utilising Hyperscan. It has been running flawless for the past few weeks.

My network setup as follows:

Three VLANs:
Management
Secure Line (oVPN)
VM (Unused)

Three Physical:
Untagged LAN
WiFi
WAN

Suricata Listening on:
WAN
LAN
WIFI

The issue I am currently facing is that yesturday, I was unable to obtain a DHCP lease from Management, nor Secure Line. I gave the box a reset and had brief access. However, the console was found to be full of the following errors:



If I set a Static IP on the management vlan, I am able to communicate with the ESXi interface, and other hosts. However, I am unable to communicate with pfSense interface.

So far, I have been able to remotely dial in and access the interface. I found that if I disabled suricata on the LAN interface, things would return back to normal... So at this current time I have suricata only listening to the WAN interface, while the LAN and WiFi interface remain disabled.

Anyone have any pointers as to what has caused these issues to start, and how do I go about rectifying it?

Kindest Regards
HC

2
General Questions / netmap_transmit error
« on: February 09, 2018, 07:52:44 am »
Hey,

Sorry if this is in the wrong section!

I have been running pfSense+Snort within ESXi without a hiccup an Intel NIC is passed through directly via VT-d. Recently, I decided to give Suricata another go. I cloned the current setup, and deployed it under a different name. I removed Snort and installed Suricata. Spent the next few days configuring it in IPS Inline mode utilising Hyperscan.

My network setup as follows:

Three VLANs:
Management
Secure Line (oVPN)
VM (Unused)

Three Physical:
Untagged LAN
WiFi
WAN

The issue I am currently facing is that yesturday, I was unable to obtain a DHCP lease from Management, nor Secure Line. I gave the box a reset and had brief access. However, the console was found to be full of the following errors:



If I set a Static IP on the management vlan, I am able to communicate with the ESXi interface, and other hosts. However, I am unable to communicate with pfSense interface. Doing a soft resart (stops services, and re-runs the boot) I would appear that it would work briefly, and then stop prompting the above console errors.

At this current time, I have tried restarting pfSense fully, fully power cycled the switch and the server itself, to no avail. There has been no software or configuration changes and has been running sweetly, it has really on just started happening. As such, I have reverted back to the pfSense Snort VM which appears to be working fine.

Anyone have any pointers as to what has caused these issues to start, and how do I go about rectifying it?

Kindest Regards
HC

3
OpenVPN / OpenVPN Client Slow DNS Resolution
« on: May 07, 2017, 03:35:39 am »
So, I've had some issues with regards to pfSense acting as a VPN Client across two installations and hardware.

The first piece of hardware was an APU2C4, which has now been decommissioned. I am now on a VMware pfSense with the Intel NICs with DirectIO. Powered by an Xeon.

The issue is when I'm having pfSense act as a VPN client, the DNS resolution seems to be awfully slow and at times time out. The way I have the VPN pass it's address is via NAT. SecureVLAN > OpenVPN Address via the NAT page. I have also tried creating an interface and setting rules to use the VPN gateway etc, same issue.

However, if pfSense acts as a VPN Server, remote clients are working just fine.

I am using Unbound in Forwarding mode.

I have tried various things such as making adjustments to the VPN config, and disabling the AES kernel module to reduce overhead. As OpenVPN and OpenSSL use these by default anyway.

Here's the current VPN client configuration:

persist-tun;persist-key;persist-remote-ip;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA;ns-cert-type server;verify-x509-name gb name-prefix;

Oh, one last thing, I have made sure that I have cleared the states upon making changes to NAT and among other things.

This also happens across multiple providers, I do however have an MTU of 9000 set on LAN and VLANs, but the WAN remains as 1500.

 

Pages: [1]