Messages

Good afternoon,

I have installed a GL.inet Brume 2 / GL-MT2500 router.

According to the manufacturer, in client mode Wireguard can reach speeds of 500mb/s. https://www.gl-inet.com/products/gl-mt2500/


On the other end, I have an Opnsense 23.1.9, installed on a physical server with 128GB Ram, Intel(R) Xeon(R) Silver 4316 CPU @ 2.30GHz (20 cores, 40 threads).

I have managed to configure the wireguard tunnel successfully and there is traffic between the local and remote network.

The main problem is the speed of the tunnel, it barely reaches +-30mb/s over a 1GB/s optical fiber. I have been modifying the MTU's and I can't find the parameter that can increase the speed.

Can you tell me what I can check to optimize the maximum speed?
I need to be able to create tunnels with a minimum speed of 180mb/s approximately.


If you need any extra details, I will be happy to send them to you.


Thank you very much.

[Firewall OpenVPN Log:]

Good evening,

We have tried to set up a vpn road warrior with OpenVPN, following the OPNSENSE guide. https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

It is not the first time we set up the vpn road warrior, in other occasions we have set it up and it worked without problems, but now we have a problem, we can't connect, according to the logs, it seems something related to encryption.

I attach details of the configuration, and logs obtained in the opnsense and openvpn client.



Firewall OpenVPN Log:


2021-10-25T19:58:14   openvpn[71085]   TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175   
2021-10-25T19:58:14   openvpn[71085]   tls-crypt unwrap error: packet too short   
2021-10-25T19:58:06   openvpn[71085]   TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175   
2021-10-25T19:58:06   openvpn[71085]   tls-crypt unwrap error: packet too short   
2021-10-25T19:58:02   openvpn[71085]   TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175   
2021-10-25T19:58:02   openvpn[71085]   tls-crypt unwrap error: packet too short   
2021-10-25T19:57:59   openvpn[71085]   TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175   
2021-10-25T19:57:59   openvpn[71085]   tls-crypt unwrap error: packet too short


OpenVPN log in road warrior computer:

Mon Oct 25 21:57:53 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Mon Oct 25 21:57:53 2021 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mon Oct 25 21:57:53 2021 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 20 2021
Mon Oct 25 21:57:53 2021 Windows version 10.0 (Windows 10 or greater) 64bit
Mon Oct 25 21:57:53 2021 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Mon Oct 25 21:58:00 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:58:00 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 21:58:00 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:59:01 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 21:59:01 2021 TLS Error: TLS handshake failed
Mon Oct 25 21:59:01 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 21:59:06 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:59:06 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 21:59:06 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:00:06 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 22:00:06 2021 TLS Error: TLS handshake failed
Mon Oct 25 22:00:06 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 22:00:11 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:00:11 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 22:00:11 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:01:11 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 22:01:11 2021 TLS Error: TLS handshake failed
Mon Oct 25 22:01:11 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 22:01:16 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:01:16 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 22:01:16 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194


See attachment .

Thanks,

Carles.

Hi, I don't have any answer from the ping.


I tried "no preference" and "disabled" in the opnsense, and the vpn tunnel directly does not connect ....

Opnsense configuration

Hello,

I have created a site2site vpn with my OPNsense (server) and a pfsense as client.

I have already mounted in previous occasions point to point vpn with opensense without problems, but as a pfsense client, I manage to raise successfully the vpn (up), but it doesn't pass traffic (ping, rdp etc.)

I have the feeling that the problem may be in the type of compression that is used.... hep tested several, and still does not work, or even does not connect the VPN .

Can someone tell me which option to use in pfsense and opnsense?


Thank you very much.

Good morning,

I have configured a point-to-point tunnel following this guide:  https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html

The problem is that the vpn tunnel is successfully established, but I have no data traffic between one site (LAN1   192.168.1.x) and the other (LAN 2 192.168.3.X).


Any idea how I can allow traffic?

All Firewall rules (WAN and IPSEC interfaces) are configured on both sides.

I think it's a route problem, but I can't find the solution.


Thanks

The ports needed by the VPN server are only 1194 UDP ?, it is not necessary to open any other port, or range of ports?

Hello,

It is not possible to put the router in bridge mode, since the PBX is currently outside the firewall, and the guest wifi itself leaves the router of the internet service provider

Good afternoon,

On my opnsense device, I have configured a VPN for a user that connects externally. On other occasions, the vpn has worked perfectly for me.

Now I find myself, that I can not connect from outside (It's a new router).

-If I ping the public IP, I get an answer.
-If I realize a telnet to the public ip, with the port 1194, I do not obtain result.

The difference is that this new router has no DMZ, that is, I have to open the ports (NAT) in the router to point to the IP WAN of the opnsense, and the opnsense made a second NAT in the OPNsense device so that can access the local network. If I do it with an RDP protocol, I can connect.

RDP: PUBLIC IP: 9898 ---> (ROUTER) ---> WAN IP OPNSENSE ----> LAN DEVICE - WORKS ---

If I do it with the VPN port, it does not work.

I suspect that the problem lies in the fact that I need to open a port other than 1194.
Can somebody help me?

Thank you.  :D

Good Morning,

Does anyone have any idea how to solve this problem?

Thank you so much

Hello,

I have tried this: VPN: OpenVPN: Client Specific Overrides

When I activate this option, the following error appears in the VPN client (see photos)

Because something that has to be simple complicates me so much ... :(

UPDATE:   if i change 10.10.0.0 (you can see in the photo) -> 255.255.255.252 it does not work either

Good Morning,
I have an OpenVpn server enabled.

I do not need to assign a specific IP to the clients that connect via road warrior VPN (network 10.10.10.X). Is it possible to do a Mac-IP relationship so that the same computer always gets the same ip from the VPN server?

Thanks

Good Morning,

For some time, when I visited the website of the Catalonian education department, the web does not load correctly, it seems as if some of the images do not load correctly. The problem only appears in a specific page of the department: http://educacio.gencat.cat/portal/page/portal/Educacio/PCentrePrivat/PCPInici#contenido

On an earlier occasion the same thing happened to me, I reinstalled Opnsense and the problem seemed solved, but it has happened again.

I have activated the web proxy, and disabled the cache, but the network in which the computer is located has excluded the pass through the web proxy.

Thanks!

to explain further here's my current setup...

Router -> Pfsense -> Client PC

if I use the above configuration, I would be able to send e-mails thru external SMTP.

But if I use this configuration...

Router -> ClientPC

There will be no issues sending e-mails.

Good morning,
I have done a basic installation of Opensense in my office.
I encounter the problem that when I send mails through Outlook, if the mail has an attachment (attachments of less than 2 MB) Outlook will remain loading for 3-4 minutes and finally send the mail.
If the email does not contain attachments, it is sent instantly.
This problem occurs with multiple accounts (Exchange, Imap, and Pop3).

Without opnsense, everything works correctly.

Any idea what it can be?