Messages

Thanks for the quick answer, Franco.

We do not use the Business Edition, that's why I wrote 24.7 and not 24.10.

In the forum, here the why of my question, they are not differentiated while in reality, by your answer, they are.

Anyway now the situation is clear, thank you very much.

@Franco

I apologize for my dumbness but I've not the thing clear enough.

Let me rephrase the question:

is 25.1 stable enough to be used in a production environment?
is 24.7 secure enough to be used in a production environment till the shipping of 25.4?

Apart from the wording, it'd seem that a EOL (or not?) version can still be used safely.

Thanks in advance

Greetings,

I meant exactly what DEC670airp414user said.

If 24.7 is EOL why is still marked as production on the forum?

Best Wishes

Greetings,

with the release of Community version 25.1 as Production I see the 24.7 is still indicated as Production too.

Is it a typo or ......

Thanks in advance

Hello,

I remotely connected and, since I had no access to the described VM, installed ZenArmor on a working OPNSense install in a slightly less powerful host I had access to:

CPU Model: 12th Gen Intel(R) Core(TM) i7-12700
CPU Score: 1203386
Physical Memory Size: 16.6 GB

On this one, for now, I'm able to apply to ZenArmor free the same customizations I did on the other (no ads, High Control in the Category based tab..........) without any bandwidth limitation side effect.

So, for the moment, I thank you vey much for your help and when I come back to work I'll experiment on settings paying attention to the bandwidth side after every modification.

This way, if the problem arises again, I'll be able to describe which step introduced the problem and provide the logs you asked for.

Thanks you very much again for your support.

Sure,

I'm away from work for a few days for the holidays but I'll post it ASAP.

Thanks for the help

Best Wishes

Hi,

yeah, stopping ZenArmor didn't change the behaviour at all.

Best Regards

Thank you for your post, I was aware of the implication.

For test purpose, I didn't mention production anywhere, should be good.

Is someone able to give some advice in order to the performace problem? Didn't experience it with any other product I tested before.

Best regards

Hello,

I installed the Zenarmor plugin in a well working VM installation of Opnsense.

The host is the following Windows 11 PC:

- Intel Core i7 12700
- 128 GB RAM
- Intel(R) Ethernet Connection (17) I219-LM
- Micron 3400 NVMe 1TB
- ST2000DM008-2UB02 (actually the VM is installed on this HDD)

The OPNSense VM has a static IP and is performing basic functions:

- acts as Internet gateway for internal network
- a few nat port-forwarding
- traffic shaping for some internal IPs

Following the details of the VM:

- last version (7.0.14) of Virtualbox Hypervisor
- 16 GB RAM
- 500 GB HDD space
- one core (tried 4 core but had only stability problems) assigned to the VM
- two Intel PRO/1000 MT desktop network cards in bridge mode, every card has its internal IP

When there is no ZenArmor i can obtain all the 100Mbit up/down bandwidth.
When ZenArmor (free) is installed (doesn't seem netmap mode matters, I tried all the option) I barely reach 20 MBit in both directions.
This behaviour even stopping / bypassyng ZenArmor.

Uninstalling ZenArmor revert the system to full bandwidth.

If someone could give advice on how to proceed it's be greatly appreciated.

Thanks in advance

Hello, I can say that an OpenVPN configured as in the OPNsense manual works (I could connect and RDP into my remote PC without any problem) also in the last version, I used it yesterday too (you can see my last post for details if needed).

So it must be something specific to your configuration and I think a few more details about it will be needed in order to help you.

Best Wishes

Hello,

is the Inter-client communication checkbox when you configure / edit the OpenVPN server

Best Wishes

If someone should have the same problem:

I restarted from scratch and configured the OpenVPN server exactly as in the OpnSense guide:

https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

apart from the OTP part that I left out.

This way I got a working VPN, capable of RDPing, for example, with split tunneling.

When I want all traffic to go through the tunnel I simply add

redirect-gateway def1

in the client configuration and the system works that way too (using OpenVPN client 2.5 rc1).

Best Wishes

Hi,

if there had been a request to "attach the logs" I should surely had done that.

Anyway I posted how the system was configured, it's enough to follow the link in the first post of this thread.

That said, thanks anyway for your time.

Best Wishes

Hi,

I only introduced one allow rule for RDP so it shouldn't be the source of any problem.

BTW: The first few times I tried it with the phone it all worked, my phone was externally seen with the address of Opnsense WAN and could surf, so rules should've been fine and nothing has been changed by me since then.

Best Wishes

Hello, Thanks to you too :D

I only introduced the rules that allowed me to RDP a PC in the LAN from VPN connected clients (and it works now too).

Regarding the tunnel traffic I relied on the automatic rules that are generated by OpnSense when you check "Redirect Gateway".

Regarding the logs..................something I should focus my attention on?

Thanks in advance