"
Depending on the NIC, passing it through to the OPNsense VM (less overhead from Proxmox VE) and using Hardware offloading might be faster.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#17
22.1 Legacy Series / Re: wrong negociation on Network speed on vmware
May 26, 2022, 12:26:50 PM
What exactly does OPNsense show you as the interface speed?
I have OPNsense running on Proxmox VE and it shows "10Gbase-T <full duplex>" on all interfaces.
I also have one OPNsense VM running on ESXi 6.7 U3d, but can't access it right now (it also uses VMXNET3 NICs).
If you use the Intel E1000e NICs for your OPNsense VM, they will be limited to 1Gbit/s btw - make shure to use vmxnet3.
I have OPNsense running on Proxmox VE and it shows "10Gbase-T <full duplex>" on all interfaces.
I also have one OPNsense VM running on ESXi 6.7 U3d, but can't access it right now (it also uses VMXNET3 NICs).
If you use the Intel E1000e NICs for your OPNsense VM, they will be limited to 1Gbit/s btw - make shure to use vmxnet3.
#18
22.1 Legacy Series / Re: Since 22.1.6< zerotier eats one cpu fully
May 26, 2022, 12:19:03 PM
Have you tried uninstalling and reinstalling the os-zerotier Plugin?
#19
22.1 Legacy Series / Re: OS-ddclient Plugin Question
May 26, 2022, 12:13:24 PM
AFAIK these are just package messages and can be ignores, since you configure ddclient from the GUI in OPNsense. :)
Other than that, have you got the plugin to work?
Other than that, have you got the plugin to work?
#20
22.1 Legacy Series / Re: Firewall Rules | InterVLAN Traffic
May 26, 2022, 12:10:45 PM
What kind of devices / Hosts are in the LAN and VLAN2 Network?
What Services (Port, Protocol) in the LAN Network are you trying to access from the VLAN2 Network?
Are there multiple Gateways?
...
Some additional information would probably help with solving your Problem :)
What Services (Port, Protocol) in the LAN Network are you trying to access from the VLAN2 Network?
Are there multiple Gateways?
...
Some additional information would probably help with solving your Problem :)
#21
22.1 Legacy Series / Re: IPsec site-to-site VPN loses connection after upgrade to 22.1.8
May 26, 2022, 12:03:28 PM
The fastest way would probably be to revert back to 22.1.7 for the time being.
Do you see any errors in "VPN --> IPSec --> Log File" ?
Do you see any errors in "VPN --> IPSec --> Log File" ?
#22
22.1 Legacy Series / Re: Cannot Access File Shares after upgrading to 22.1.8
May 26, 2022, 11:56:04 AM
In the 22.1.8 Changelog the only things about the Firewall I could find is this:
Can you show how your Firewall Rules Look like? And do you have multiple Gateways?
I haven't used IPSec with OPNsense yet, only with OpenVPN and WireGuard, but from the other recent Posts, it seems like there might be issues with both IPSec and Aliases in 22.1.8.
- firewall: various usability and visibility improvements for aliases
- firewall: performance improvement for large numbers of port type aliases
- firewall: simplify sort and add natural sorting in alias diagnostics
Code Select
[SMB Clients] <-- 172.16.33.x --> [OPNsense 1] <-- IPSec (WAN) --> [OPNsense 2] <-- 10.3.32.x --> [SMB Server]Can you show how your Firewall Rules Look like? And do you have multiple Gateways?
I haven't used IPSec with OPNsense yet, only with OpenVPN and WireGuard, but from the other recent Posts, it seems like there might be issues with both IPSec and Aliases in 22.1.8.
#23
22.1 Legacy Series / Re: [CALL FOR TESTING] FreeBSD 13.1 / 22.7 operating system preview
May 26, 2022, 11:32:47 AM
Same for me, my OPNsense VMs also report being still on 22.1.8, but "freebsd-version -kru" reports 13.1-RELEASE - so I guess the Updates still works
#24
22.1 Legacy Series / Re: Unable to update to 22.1.8
May 26, 2022, 11:21:49 AM
Updating your packages will likely do nothing, since the FreeBSD Base and Kernel are updated via freebsd-update (opnsense-update) instead of pkg.
Can you send the output of "opnsense-version -O" and "freebsd-version -kru" ?
Can you send the output of "opnsense-version -O" and "freebsd-version -kru" ?
#25
22.1 Legacy Series / Re: Very confusing incoming blocked logs
May 26, 2022, 11:07:01 AM
Only thing I can say is that port 16393 udp belongs to Apple FaceTime, maybe DOS, Portscan or misconfigured ISP Routers ...
#26
22.1 Legacy Series / Re: ? "dhcp.c:4131: Failed to send 306 byte long packet over fallback interface." ?
May 26, 2022, 11:01:03 AM
Have you set anything up in "Services --> DHCPv4 --> [Interface Name] --> Failover peer IP" ?
If so, are the IP addresses correct?
If so, are the IP addresses correct?
#27
22.1 Legacy Series / Re: [CALL FOR TESTING] FreeBSD 13.1 / 22.7 operating system preview
May 26, 2022, 10:30:31 AMQuote from: franco on May 25, 2022, 08:53:28 PM# opnsense-update -bkzr 22.7.b
Code Select
Fetching base-22.7b-amd64.txz: ..[fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/sets/base-22.7b-amd64.txz.sig: Not Found] failed, no signature found--- Edit ---
I missed one dot ... I typed
Code Select
opnsense-update -bkzr 22.7b instead of Code Select
opnsense-update -bkzr 22.7.bI updated my two OPNsense VMs (HA Cluster) and they seem to work fine, no errors yet :)
#28
Virtual private networks / Re: OpenVPN on Multi-WAN Environment
October 20, 2021, 08:41:00 PM
I am using this with my dual WAN setup (1x Cable, 1x DSL):
Firewall > NAT > Port Forward
--> Add (+)
- Save
--> Add (+)
- Save
VPN > OpenVPN > Servers
--> Edit
- Save
This will redirect all OpenVPN traffic arriving on the WAN1 and WAN2 interfaces to localhost, where the OpenVPN process is listening for connections.
Firewall > NAT > Port Forward
--> Add (+)
| Option | Value |
| Interface | WAN1 |
| Protocol: | UDP |
| Destination: | WAN1 address |
| Destination port range from: | OpenVPN |
| Destination port range to: | OpenVPN |
| Redirect target IP: | Single Host or Network: (127.0.0.1) |
| NAT reflection: | Use system default |
| Filter rule association: | Add associated filter rule |
- Save
--> Add (+)
| Option | Value |
| Interface | WAN1 |
| Protocol: | UDP |
| Destination: | WAN2 address |
| Destination port range from: | OpenVPN |
| Destination port range to: | OpenVPN |
| Redirect target IP: | Single Host or Network: (127.0.0.1) |
| NAT reflection: | Use system default |
| Filter rule association: | Add associated filter rule |
- Save
VPN > OpenVPN > Servers
--> Edit
| Option | Value |
| Interface: | Localhost |
- Save
This will redirect all OpenVPN traffic arriving on the WAN1 and WAN2 interfaces to localhost, where the OpenVPN process is listening for connections.
#29
Tutorials and FAQs / Re: Tutorial 2021/07: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
July 14, 2021, 01:45:11 PM
Thanks a lot for the write up, I will try this out as soon as I can :)
The only thing that could be added on Part 4.3 is to use an Alias for Port 80 and 443 to only use one Firewall Rule ;)
The only thing that could be added on Part 4.3 is to use an Alias for Port 80 and 443 to only use one Firewall Rule ;)
#30
Documentation and Translation / MaxMind GeoIP’s Setup - "My License Key" is now called "Manage License Keys"
April 17, 2021, 12:10:35 PM
https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html#generate-license-key
Just a minor detail (Generate License Key): Click in the "My License Key" link and generate a key.
The Link is now called "Manage License Keys".
Just a minor detail (Generate License Key): Click in the "My License Key" link and generate a key.
The Link is now called "Manage License Keys".
