I am now running Turris OS 3.10. The upgrade went without problem. I installed Pakon and it works basically fine. I have two issues/questions though.
I have four different networks. Pakon apparently only monitors the traffic of the LAN that is configured via Foris. It does not seem to show any data from the networks I configured via Luci. Is it possible to configure Pakon to monitor all traffic that goes through the Turris Omnia to the Internet? And may be also internally between the networks? All traffic between the networks is going through my Turris Omnia.
For some clients I see the client name but for most just the MAC address. I have not yet figured out why. I am using the Omnia as DHCP server and have static leases for most devices. The DNS server is a pi-hole running in a lxc container on the Omnia. I added some client to the hosts-file but this did not seem to help. Any suggestion what I should change to get names instead of MAC addresses?
Yes, you can change the list of monitored networks in /etc/config/pakon. By default, the list includes lan and guest network.
config monitor 'monitor'
list interface 'br-lan'
list interface 'br-guest_turris'
Just edit the interfaces you want to monitor and restart suricata-pakon and pakon-monitor:
/etc/init.d/suricata-pakon restart
/etc/init.d/pakon-monitor restart
you don’t actually need to define static lease, just fill the name and select MAC address, you can leave the other fields blank - this way, you only assign a name, not a permanent address.
We apologize that these things are not in the official documentation yet, we’ll try to add them there ASAP.
The option to show names instead of MAC addresses is new in 3.10.
This is from my point of view a flaw in design - if a MAC-address is known to the system (e.g. because of a set static lease), the name should be shown without any further interaction.
yeah, that’s what I tried to say - if you define a name for a MAC address in the static lease tab, it will automatically be shown by pakon. But you need to set the name first.
You don’t actually need to set a permanent IP address for that MAC address (static lease), you just need to set a name for the MAC address.
If you mean hostnames announced in DHCP requests by clients - then no. We considered that, but for now, we did not use them for the several reasons.
Some devices (for example android phones) have the announced hostnames almost random (“android-XXXX”). We don’t think these names are much more useful than MAC addresses. Also, there can be devices with the same name in one network, that would make the output really confusing.
There were some implementation issues (dhcp.leases file is temporary, after reboot it’s clean - but the devices might be still using the addresses assigned before reboot - so we would have to backup it before reboot somehow and etc.).
So for now, we support only names manually configured by user.
Sorry for not being clear. I mean hostnames defined in LUCI (under network menu).
In my turris, I can see that this host name is associated with the ip and the MAC address.
Question: This scheme will only work if MAC addresses are actually conserved and unique. I believe there are wifi extenders out in the wild that rewrite the MAC addresses, which will cause issues with pakon then. This is a hairy issue with no full solution at hand, still using MACs seems to be a reasonable compromise…
On my network, at least, the DHCP name given by the client is useful in the vast majority of cases. So much so that I have never found it necessary to assign names to any of the devices - until Pakon. iPhones give a meaningful name almost all the time, so do Windows PCs and Macs. Even my doorbell is using a sensible name, the only real exception is my thermostats.
Of the 30-ish devices on my network, 26 of them have a meaningful name from DHCP and when my teen’s friends visit, their phone also shows up with a meaningful name instead of a mac address. Having to manually assign names is not very useful for a monitoring tool. It should be using all information available to it and allow me to override that when it makes a wrong selection somehow.
With the situation as it is, I will find a new mac address on my network a few days after someone visited and I’ll have no idea who or what that was and no way to find out. If Pakon would store the DHCP hostname when it was available I would at least have something to go on. Perhaps show the DHCP hostname with a question mark if no other name is available (since it’s not certain this name is correct).
@gerco: Solution would be to have longer lease-times for DHCP, that way you can combine information from Pakon and the DHCP-names derived from your guest-clients.
I use it the very same way (2 days lease time) - but in my network all devices get a custom name as I want to control who’s on my network (even the guest one).
I defined static leases for all devices in my network, and I see their names under “Client” column.
I was looking for some traffic between 2 lan devices and the name is only valid on the source, for destination I have to use the IP address.
Is it possible to have the names for “Hostname” as well?
