Messages

I have been trying to play with IPsec server on an AWS. I have setup an IPsec server, and I am able to configure my desktop PC (win 10) or synology NAS to connect to it without any issues. However, I would like to connect my opnsense box to it so all local devices go through the same tunnel without having to configure them individually. I want my opnsense box work the same way as it does as an openVPN client. Can I accomplish this, configuring the opnsense as an Ipsec client?

I have the following info available and nothing more:
Server IP:
IPsec PSK:
Username:
Password:

Here is the link I followed to setup the IPsec server on a ubuntu server
https://github.com/hwdsl2/setup-ipsec-vpn

Not a bug.  On those boards if you do not have the dedicated IPMI interface plugged in it piggybacks the second 1g port.

I think you can disable that functionality in the BIOS but I have not actually tried in the one I have as I use the dedicated port.

Well, it is convenient to have this "feature" , I am not completely sure I understand how this could happen with only Opensense. As I mentioned in the post, if, as you mentioned this is controlled in the BIOS, I should observe the same phenomenon with pfsense as well.

With opnsense, the IPMI port is connected to the LAN network, treated as a LAN client, and being assigned a LAN IP address. This is not right for sure. It is supposed be only accessible to administrator through IPMI port, now every LAN client can access it and manage it.

I have a supermicro A1SRi-2758F motherboard
http://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2758F.cfm

It has 4 gigabit ports and 1 dedicated IMPI ports. My setup is as follows:

ethernet port 0 = WAN
LAN = bridge 0 =ethernet port 1 + 2
ethernet port 3 = un-used

IPMI port = unused

However, if I log into the opnsense GUI interface through LAN ports,  under /status/DHCP leases, I can see the IPMI port has an IP address. This IP is accessible through the bridge 0, I have full access to IPMI management interface WITHOUT pluggin into IPMI port. This is not the case with pfsense. My understanding is you have to have ethernet cable plugged into the IPMI port to access IPMI management.

I wonder whether this has been fixed in the newer release. I use opendns filtering service, and the dynamic dns service it uses, dns-o-matic, is broken in this 16.1 release. I don't know whether it has been fixed in the later updates

I have tried nO-ip as well. It seemed to work.

I like opnsense, and looking forward to comeback.

Thanks

I have been unable to get dns-o-matic work work properly. It always shows an error message on my dns-o-matic account, and email notification of the error. It seems the "username" was not properly submitted.

OpenDNS details:
Errors requiring your attention

!yours
History

however I can't get it to set the routing correctly.

What do you mean by this? be specific.

I use PIA as well. I have no problem routing and connect. My problem is the variable speed.

PIA=Private internet access, a VPN service provider, offering openvpn.

Unfortunately, I have not been lucky. I have a 100M cable, mostly 130M in real life. Openvpn downs it to 20-30M with my 8-core C2758 Rangely supermicro board and 8G of RAM.

Any trick to share?

I have tried difference things:

1. BF-128-cBC versus AES-128-cbc
2, with or without powerD
3, with or without BSD hardware acceleration

What else can I try?

The CPU usage is 13% MAX, RAM usage is also low. Throughput is as expected when openvpn is off.

I was trying pfense. I found this version is best with openvpn throughput.

The equivalent pfsense version is 2.1.5, 32 bit.

Thanks

Thanks. It is the same board.

Did the factory reset. Problem solved,

Do you use VPN service? What is your performance on openvpn?

I am with PIA, There is a lot of variability. I dont know why. Still tweaking.

Thanks

Thanks for the reply.

I have tried different connection. It was plugged into modem's gigabit Lan port, it was also plugged into a switch which is connected to another gigabit router.

If I plug the computer to the switch, it was fast.

I have supermicro C2758 mini itx board with 8G RAM, 4 ethernet ports.

I just install the 16.1 version. The WAN was set to autodetection by default. However, it is limited to 100M-base interface only. I have changed WAN to a different ethernet port, it is still the same. I have also tried to force it to 1000M-based, it doesn't change.

Any idea?
Thanks