16
General Discussion / Re: Openconnect throughput
« on: August 01, 2018, 01:16:48 pm »
I was hoping you were connecting to an ocserv server. I'll redownload openconnect as a package and see whether is still behaves the same.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
If you find a config option to disable I can integrate it
You have to create a gateway with the P2P IP (mark as far gateway) and then set this gateway in firewall rule
I.E host 192.168.200.1 => next hop => send traffic to VPN_int_1
host 192.168.200.2 => Next hop => sent traffic to VPN_int_2
--no-deflate
LZS decompression failed: File too large
. Now I am able to browse the web. The speed of the tunnel has taken quite a large hit because compression is now completely disabled.X-DTLS-CipherSuite: PSK-NEGOTIATE
X-CSTP-Base-MTU: 1406
X-CSTP-MTU: 1340
DTLS option X-DTLS-DPD : 90
DTLS option X-DTLS-Port : 22
DTLS option X-DTLS-Rekey-Time : 172838
DTLS option X-DTLS-Rekey-Method : ssl
DTLS MTU reduced to 1322
Established DTLS connection (using OpenSSL). Ciphersuite PSK-AES256-CBC-SHA.
Initiating IPv4 MTU detection (min=661, max=1322)
No change in MTU after detection (was 1322)
Transparent Proxy?
ocvpn0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1322
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1322
It has the same MTU. When the ICMP goes payload goes beyond 1294 bytes (+ 8 for ICMP + 20 for IP header makes 1322) I get this messageLZS decompression failed: File too large
LZS decompression failed: File too large
Qotom WAN (igb0 DHCP client) ---BRIDGED_---> Mikrotik routerboard WAN ---> cable modem
Qotom LAN (igb1 192.168.200.250/24) ------> Netgear switch ----> LAN clients
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 10.65.X.X UGS ocvpn0
10.65.0.0/16 10.65.X.X UGS ocvpn0
10.65.X.X link#9 UH ocvpn0
- Outbond NAT rule to masquerade traffic to the VPN interface ocvpn0 has been made and is hitroot@OPNsense:~ # pfctl -v -s nat
No ALTQ support in kernel
ALTQ related functions disabled
nat log on ocvpn inet from 192.168.200.0/24 to any -> (ocvpn:0) port 1024:65535 round-robin
[ Evaluations: 468 Packets: 709 Bytes: 106489 States: 0 ]
[ Inserted: uid 0 pid 2448 State Creations: 62 ]