Messages

Hello,

I remotely connected and, since I had no access to the described VM, installed ZenArmor on a working OPNSense install in a slightly less powerful host I had access to:

CPU Model: 12th Gen Intel(R) Core(TM) i7-12700
CPU Score: 1203386
Physical Memory Size: 16.6 GB

On this one, for now, I'm able to apply to ZenArmor free the same customizations I did on the other (no ads, High Control in the Category based tab..........) without any bandwidth limitation side effect.

So, for the moment, I thank you vey much for your help and when I come back to work I'll experiment on settings paying attention to the bandwidth side after every modification.

This way, if the problem arises again, I'll be able to describe which step introduced the problem and provide the logs you asked for.

Thanks you very much again for your support.

Sure,

I'm away from work for a few days for the holidays but I'll post it ASAP.

Thanks for the help

Best Wishes

Hi,

yeah, stopping ZenArmor didn't change the behaviour at all.

Best Regards

Thank you for your post, I was aware of the implication.

For test purpose, I didn't mention production anywhere, should be good.

Is someone able to give some advice in order to the performace problem? Didn't experience it with any other product I tested before.

Best regards

Hello,

I installed the Zenarmor plugin in a well working VM installation of Opnsense.

The host is the following Windows 11 PC:

- Intel Core i7 12700
- 128 GB RAM
- Intel(R) Ethernet Connection (17) I219-LM
- Micron 3400 NVMe 1TB
- ST2000DM008-2UB02 (actually the VM is installed on this HDD)

The OPNSense VM has a static IP and is performing basic functions:

- acts as Internet gateway for internal network
- a few nat port-forwarding
- traffic shaping for some internal IPs

Following the details of the VM:

- last version (7.0.14) of Virtualbox Hypervisor
- 16 GB RAM
- 500 GB HDD space
- one core (tried 4 core but had only stability problems) assigned to the VM
- two Intel PRO/1000 MT desktop network cards in bridge mode, every card has its internal IP

When there is no ZenArmor i can obtain all the 100Mbit up/down bandwidth.
When ZenArmor (free) is installed (doesn't seem netmap mode matters, I tried all the option) I barely reach 20 MBit in both directions.
This behaviour even stopping / bypassyng ZenArmor.

Uninstalling ZenArmor revert the system to full bandwidth.

If someone could give advice on how to proceed it's be greatly appreciated.

Thanks in advance

Hello, I can say that an OpenVPN configured as in the OPNsense manual works (I could connect and RDP into my remote PC without any problem) also in the last version, I used it yesterday too (you can see my last post for details if needed).

So it must be something specific to your configuration and I think a few more details about it will be needed in order to help you.

Best Wishes

Hello,

is the Inter-client communication checkbox when you configure / edit the OpenVPN server

Best Wishes

If someone should have the same problem:

I restarted from scratch and configured the OpenVPN server exactly as in the OpnSense guide:

https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

apart from the OTP part that I left out.

This way I got a working VPN, capable of RDPing, for example, with split tunneling.

When I want all traffic to go through the tunnel I simply add

redirect-gateway def1

in the client configuration and the system works that way too (using OpenVPN client 2.5 rc1).

Best Wishes

Hi,

if there had been a request to "attach the logs" I should surely had done that.

Anyway I posted how the system was configured, it's enough to follow the link in the first post of this thread.

That said, thanks anyway for your time.

Best Wishes

Hi,

I only introduced one allow rule for RDP so it shouldn't be the source of any problem.

BTW: The first few times I tried it with the phone it all worked, my phone was externally seen with the address of Opnsense WAN and could surf, so rules should've been fine and nothing has been changed by me since then.

Best Wishes

Hello, Thanks to you too :D

I only introduced the rules that allowed me to RDP a PC in the LAN from VPN connected clients (and it works now too).

Regarding the tunnel traffic I relied on the automatic rules that are generated by OpnSense when you check "Redirect Gateway".

Regarding the logs..................something I should focus my attention on?

Thanks in advance

Hi, thanks for your reply.

I tried already last day but this didn't work.

And also connecting my phone alone doesn't work anymore (it connect, can access internal network through VPN according to the rules I wrote but can't surf if I tunnel all traffic through VPN).

The thing that makes me mad is why did it work on my phone at first and not anymore since nothing changed?

Best wishes

Hello, sorry to bump the thread but saw a few reads bout no answers and realized that perhaps I wrote too much (or too little, LOL).

In short: is there any reason for which full tunneling should behave erratically (since on the phone worked at first and then stopped without any change in both server and client side).

And what could I do in order to trace the problem?

Thanks in advance

Hello,

using OpnSense 20.7.2.

I followed exactly the procedure reported at this link (different port and Description names but same flgs / procedure):

hxxps://homenetworkguy.com/how-to/configure-openvpn-opnsense/

in order to achieve a VPN that could allow me to reach some of my LAN resources (I added a rule in order to protect RDP to one PC on the LAN and it worked like a charm) and could also allow the client(s) to surf the net like all traffic came from the OPNSense Box.

I exported the client file for my android phone and for my home PC like descripted in the above link.

Then, since I had my android phone with me, I got the android OpenVpn client and imported the connection file and all worked like a charm when connected to the VPN: from the phone I could RDP the LAN address of my PC and I could surf the Internet having the IP address of the OPNsense WAN Gateway.

When at home I installed the OpenVPN client on my PC (HP laptop, Win 10 2004, 8 GB RAM), imported the file for PC created together with the one for my phone and................When connected to the VPN I couldn't have internet access at all. DNS where solved (I tried a ping -a from command prompt) but it all ended there.
Furthermore, the same happen from my phone.
It couldn't surf the Internet anymore when connected to the VPN and nothing had changed in OPNsense since when it all worked and nothing had changed in the phone.

I'm a little lost here...............If someone could help me share some light...............

I'm available if further info are required.

Thanks in advance

Hello,

I see there have been lot of reads but no answer.

Perhaps I made a stupid question or made it in no clear way for which I apologize.

Let's try this way:

if I reset netflow data do these big files disappear (or is it safe to delete them after the reset?)

Thanks in advance to whoever can help me and Best wishes