1
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
18.7 Legacy Series / IPSec Phase 1 IPv4 Phase 2 IPv6
« on: July 24, 2018, 01:05:26 am »
Hi,
I'm trying to do something like this:
ServerZZTop ----- FirewallA [OPNSense] o===(IPSEC)===o FirewallB [OpenBSD] ----- Internet
ServerZZTop have a public IPv4/6
Phase 1 Type: IPv4 IKE v1
Phase 2 Type: ESP IPv4 tunnel
Phase 2 Type: ESP IPv6 tunnel
Yes I got I phase 2 for an IPv4 tunnel AND another one for an IPv6 tunnel, Strongswan is suposed to work like this(https://www.strongswan.org/testing/testresults/ipv6/net2net-ip6-in-ip4-ikev1/).
1st problem is the following message when I try to modify my phase 1: "There is a Phase 2 using IPv6, you cannot use IPv4".
When I mount the tunnel:
I'm stucked to make the IPv6 Phase2 and I don't understand why I have this message from OPNSense (my 1st problem)
Kind regards
I'm trying to do something like this:
ServerZZTop ----- FirewallA [OPNSense] o===(IPSEC)===o FirewallB [OpenBSD] ----- Internet
ServerZZTop have a public IPv4/6
Phase 1 Type: IPv4 IKE v1
Phase 2 Type: ESP IPv4 tunnel
Phase 2 Type: ESP IPv6 tunnel
Yes I got I phase 2 for an IPv4 tunnel AND another one for an IPv6 tunnel, Strongswan is suposed to work like this(https://www.strongswan.org/testing/testresults/ipv6/net2net-ip6-in-ip4-ikev1/).
1st problem is the following message when I try to modify my phase 1: "There is a Phase 2 using IPv6, you cannot use IPv4".
When I mount the tunnel:
- If I ping from FirewallA to ServerZZTop the IPv4 tunnel is working: I can ping from Internet ServerZZTop IPv4
- During 5 second after tunnel mounting I can ping from Internet ServerZZTop IPv6 then the ICMP packet is coming to ServerZZTop but there is only outgoing "ICMP6, neighbor solicitation" on my ServerZZTop Interface
- I have to set mtu 1378 to ServerZZTop's interface to make IPv4 work fine
- In FirewallA IPSec logs, I got: "installing route failed: ::/0 via $(FirewallA Default IPv4 Gateway) src $(FirewallA IPv6 Gateway for ServerZZTop) dev pppoe0"
I'm stucked to make the IPv6 Phase2 and I don't understand why I have this message from OPNSense (my 1st problem)
Kind regards
4
Hardware and Performance / Re: qotom i5-5250U
« on: September 09, 2017, 07:24:47 pm »
Hi,
Let's be clear, for me this is the BEST FANLESS HARDWARE FOR OPENSENSE !!!
some iperf gives: Full 1Gbps bandwidth with filtering & nat with less of 20% of one core.
Some bad points:
Let's be clear, for me this is the BEST FANLESS HARDWARE FOR OPENSENSE !!!
some iperf gives: Full 1Gbps bandwidth with filtering & nat with less of 20% of one core.
Some bad points:
- Wifi is not working fine with OPNSense order it wthout Wifi or ask to Qotom to build with a compatible one.
(I have changed it for an Atheros 9280) - Bios have no ouput on serial port
- Ethernet interfaces are not mapped well: 0-0 1-2 2-3 3-1 (hardware-system)
5
Hardware and Performance / Re: APU2C4 filtering performance + 1Gbps filtering
« on: September 09, 2017, 10:28:06 am »
Hi,
let's follow this topic on "Qotom i5-5250U New".
I've just received it and it's the best fanless hardware for OPNSense I ever had.
Sacha
let's follow this topic on "Qotom i5-5250U New".
I've just received it and it's the best fanless hardware for OPNSense I ever had.
Sacha
6
Hardware and Performance / APU2C4 filtering performance + 1Gbps filtering
« on: September 04, 2017, 05:13:08 pm »
Hi gents,
just for your information I tested with iperf the APU2C4 filtering performances:
test is simple: PC1---(lan)---APU---(wan)---PC2
PC2 with "iperf -s" & PC1 with "iperf -c IP(PC2) -i 1 -t 20"
I obtain a downstream of 427Mbps
I'm still looking for a fanless small device which can filter 1Gbps, any idea ?
Regards,
Sacha.
just for your information I tested with iperf the APU2C4 filtering performances:
test is simple: PC1---(lan)---APU---(wan)---PC2
PC2 with "iperf -s" & PC1 with "iperf -c IP(PC2) -i 1 -t 20"
I obtain a downstream of 427Mbps
I'm still looking for a fanless small device which can filter 1Gbps, any idea ?
Regards,
Sacha.
7
General Discussion / Re: Insight: No Data Available
« on: January 20, 2017, 08:10:33 pm »
thanks I'm posting my issue there.
8
16.7 Legacy Series / Re: Netflow Insight shows No Available Data after Upgrade
« on: January 20, 2017, 08:09:21 pm »
Same problem the downgrade didn't solved the issue, still have no data.
9
General Discussion / Insight: No Data Available
« on: January 20, 2017, 02:18:19 pm »
Hi,
since I added new vlan interfaces, I have no more graph in Insight: No data available !
Restarting services & rebooting didn't correct this bug.
Some ideas around to fix this ?
Regards,
Sacha.
since I added new vlan interfaces, I have no more graph in Insight: No data available !
Restarting services & rebooting didn't correct this bug.
Some ideas around to fix this ?
Regards,
Sacha.
Pages: [1]