After six months of ongoing effort & field testing, it’s our pleasure to announce that Sensei 0.8 is released.
In comparison to 0.7, this version brings quite a loaded set of features:
It is great to see worldwide IPv6 adoption rate is increasing day by day. Utilization rates rose up to 35% in North America, Australia, Canada, India and it is even higher like 40% in majority of the European countries.
As promised, now, Sensei has IPv6 support.
Support for 4GB Memory
In an effort to be able to provide Sensei for people who have less than 8GB memory, we have enabled Sensei to run for deployments with 4B of RAM.
Please note that if you have 4GB memory, maximum number of users will be 25.
Support for Large Settings (>1000 users)
Thanks to the newly introduced L2 Transparent Bridge Mode, Sensei can be used for thousands of users. This also helps you to keep your existing firewall and still enjoy the functionality offered by OPNsense Sensei as an additional layer of defense e.g. like a Web Secure Gateway
Practically, what this means is that, if you deploy Sensei on an 8-core server with a –say 64GB of memory, you can serve 8000 users behind this configuration.
Blease be advised that this deployment mode is still being tested on select deployments, and is not advised for general use at the moment. If you would like to test this, please reach out to us via sensei – at – sunnyvalley.io
VLAN & Wireless interfaces support
Starting with OPNsense 19.1 and Sensei 0.8, you can now run Sensei on VLAN (tagged/untagged) and wireless interfaces.
- IPv6 reporting
- More applications identified
- Customizable live session explorers. You can now customize which columns to be displayed and re-organize columns. Just drag a column and drop it on its new place.
- New report: Ethernet interface reports. You can now see which ethernet interfaces carry the most bandwidth and drill down to per-interface detailed reports.
- New report: VLAN reports. You can filter out a VLAN and drill down as deep as session details.
- New report: User reports. When the OPNsense captive integration is finished, you will be able to view user-based reports.
- All live session reports now have VLAN, Interface, Username columns.
- All live session reports now have auto-refresh / refresh interval options
- Ability to resolve local IP addresses to MDNS supplied hostnames
- Introduced Elasticsearch Index Health Checker, where you can check and do a fix-up on an index basis
- Introduced an option to be able to reset all Elasticsearch Indexes.
- Elasticsearch shards are now single. Not requiring a replica. All indexes can be seen green now.
- Source Hostname is now the default instead of IP address in Session Reports (IP is still available via a tooltip
- Ability to specify start and end times for Session Explorer Reports
- Ability to refresh Session Explorer Reports without having to close/re-open the report
- Elasticsearch dependency libXdmcp upgraded to release 1.1.3.
- To update, please use OPNsense update manager
- Default report retention time has been adjusted to be 7 days. You can set this to as high as 90 days
- You can now check and fix broken Elasticserach indices from user interface
- Fixed a bug where charts were refreshed randomly causing excessive page loads
- Fixed a bug where setting Elasticsearch not to start at boot causing reporting to cease.
- Fixed a bug in Elasticsearch data retiring module, which -in some cases- would result in more disk space consumption
- Mobile devices UI improvements
Better Cloud & Update Servers Availability
Better Cloud and Updates Server Infrastructure to serve the growing number of Sensei users.
- More application signatures
- Fixed a bug where auto-whitelisting a host does not immediately take effect / requiring a restart of engine.
- Whitelisting a web category from Live Blocked Sessions Explorer now works
- Faster installs and updates: number of Elasticsearch dependencies decreased by 1/3
- You will now get reported via an informative message in the UI if Sensei health check automatically stops Sensei service due to a HW resource shortage. Up until now, Sensei was doing this quite silently 😉
- Sensei installation / upgrade progress bar now reports the status more correctly
- Fixed a bug in which you could not set the deployment sizes larger than 100 users
- Engine logs older than two weeks are automatically purged now
- You can now temporarily bypass Sensei engine at runtime. This allows you to disable packet processing without completely stopping Sensei
- Per-process health monitoring. Sensei engine now checks heartbeats from its packet processors and taking the corrective action in case of trouble.
- Enable support for Hardware-assisted bypass functionality (For experimental L2-Bridge mode deployments). Currently Silicom Bypass adapters are supported.
- More intelligent health checks
How to Update
To update your installation, simply navigate to Sensei -> Status and you should see 0.8.0 update being reported and an option to install it. If you do not see the update notification, just click “Check for updates” and you’ll be guided through the update process.
A quick note: Although this is marked “release”, Sensei is still under BETA development. We strongly advise to test the software on one of your test-beds to see if it fits your requirements.
We are releasing Sensei 1.0 next month, in July 2019, which will also cease the BETA program and the software will be publicly available for all users.
Through Sensei 1.0, we’ll be sharing more details regarding the Premium Subscription; the feature set, planned development and details about the pricing.
If you find any issues or you want to reach out for comments and feedback, please do not hesitate to contact us through sensei -at- sunnyvalley.io or through OPNsense forum: https://forum.opnsense.org/index.php?topic=9521.new;topicseen#new