Messages

Not doing PPPoE fortunately :)

I just dropped the APU1 for now and search for new HW. As I have read in the roadmap the next OPNsense version should be based on FreeBSD12. This does also mean newer WiFi cards are supported using AC standard.
So I am now thinking of waiting for that and then buying HW which can act as a full router/FW/Access Point.

Thanks all for your replies!

Hmm.. You are right it seems it is indeed the HW.
The only weird thing is that the CPU doesn´t show a high load while doing a speedtest...
I might order a newer box then for testing.

Thanks for your support!

Hi guys,

just upgraded my ISP connection to 1Gbit, finally :)
Unfortunately I just get between 200 and 300Mbit via speedtest.net. If I connect directly to my ISP's Fritzbox I get the full 940Mbit.
For testing I´m currently directly connected with my PC to the OPNsense box. HW should not be an issue, using this APU Board: https://www.apu-board.de/produkte/apu1d4.html
CPU is an AMD G-T40E and also during speedtests it seems to be bored using "top".
No Intrusion Detection is enabled. MTU is on default which should be good I think.

Any ideas? I did some research already but was not able to find anything helpful...

I use Pi-Hole in my LAN which is pointing to opnsense wherefrom unboundDNS should forward DNS requests to my ISPs DNS servers. This setup works totally fine without the mentioned website...
I don´t really get where the problem could be? Wouldn´t I get SSL warnings for all websites then?

But you are right - there is the difference between my LAN und Guest net as Guest clients just get my ISPs DNS servers via DHCP and not the Pi-Hole.

UPDATE: When I manually set my notebook's DNS to my ISP's servers it works fine but running through Pi-Hole --> OPNsense --> ISP DNS it returns the wrong certificate. I just don´t get why this only happens for this specific site?
I also found out that I only have the issue with the subdomain https://registry.npmjs.org/
https://npmjs.org works fine!

Hi all,

I have an iobroker instance running on a raspberry behind my opnsense. Unfortunately I am not able to update my adapters as I always get the following error:

Code Select Expand

ERR! code ERR_TLS_CERT_ALTNAME_INVALIDnpm ERR! errno ERR_TLS_CERT_ALTNAME_INVALID
npm
ERR! request to https://registry.npmjs.org/iobroker.hm-rega failed, reason: Hostname/IP does not match certificate's altnames: Host: registry.npmjs.org. is not in the cert's altnames: DNS:a.sni.fastly.net, DNS:a.sni.global-ssl.fastly.net

When I access https://registry.npmjs.org/iobroker.hm-rega from my usual LAN network via my notebook I get an SSL warning as well.
When I switch to my guest WiFi (also running through OPNsense in a dedicated VLAN) I get the correct SSL certificate and no warning when accessing the website.

I use a TP-Link router flashed with openwrt as an access point and LAN Switch!

What could be issue here? Any ideas?

Keine Ahnung warum, aber jetzt funktionierts plötzlich ^^
Danke für die Hilfe!

Ui das ging flott!
Ich hatte tatsächlich noch keine NAT Regel erstellt, sieht jetzt so aus:
Interface       Source                Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port   
OPT2      192.168.10.0/24          *                     *                      *                  OPT2 address       *             NO

Funktioniert nur leider immer noch nicht ^^

Hallo zusammen,

ich bin gestern von pfSense auf OPNsense umgestiegen und ich hab irgendwie ein Brett vorm Kopf glaube ich..
Bitte helft mir es wieder loszuwerden :)

Ich habe folgenden Aufbau:

Server 1                             Internet                        Server 2
Client -> OPNsense <===OpenVPN Tunnel===> Ubuntu OpenVPN Server

Ich habe eine Connection laut Logfile und der Connection status anzeige.
Ich habe ein neues Interface zugewiesen und aktiviert und danach eine Firewall Regel für das neue Interface mit allow any erstellt. Zuletzt eine weitere Regel im LAN Interface mit der Client IP als Source und das neue Gateway welches automatisch erstellt worden ist für die VPN Strecke.
Dennoch wird kein Traffic durch den Tunnel geleitet sondern alles lokal ins Internet!

Ich komme einfach nicht darauf was ich vergessen haben könnte  ???