1
23.1 Legacy Series / Re: Routing between Interfaces from Remote LAN
« on: February 14, 2023, 03:52:25 am »
thanks.. that worked
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
23.1 Legacy Series / Re: Routing between Interfaces from Remote LAN
« on: February 13, 2023, 12:18:22 pm »
Bump!! Anyone please
3
23.1 Legacy Series / Routing between Interfaces from Remote LAN
« on: January 27, 2023, 08:40:08 am »
I have 2 FWs at 2 sites A & B that are connected over a Site to Site Wireguard Tunnel
Site A has 2 networks 192.168.11.1/24 (Primary LAN) and I also have another LAN NET 192.168.1.1/24
I have WAN on igb0 (interface name WAN)
LAN 1 192.168.11.1/24 on igb1 (interface name LAN)
LAN 2 192.168.1.1/24 on igb2 (interface name LABMACHINES)
All independent physical interfaces
I'm able to ping/access between 11.1/24 & 1.1/24 without any issues
I'm also able ping/access between 11.1/24 & 2.1/24 both ways
Site B has 1 network 192.168.2.2/24
How do i access 192.168.2.2/24 from Site A LAN NET 192.168.1.1/24 & 192.168.1.1/24 from Site B?
What Rules do I need to make this happen, please?
Site A has 2 networks 192.168.11.1/24 (Primary LAN) and I also have another LAN NET 192.168.1.1/24
I have WAN on igb0 (interface name WAN)
LAN 1 192.168.11.1/24 on igb1 (interface name LAN)
LAN 2 192.168.1.1/24 on igb2 (interface name LABMACHINES)
All independent physical interfaces
I'm able to ping/access between 11.1/24 & 1.1/24 without any issues
I'm also able ping/access between 11.1/24 & 2.1/24 both ways
Site B has 1 network 192.168.2.2/24
How do i access 192.168.2.2/24 from Site A LAN NET 192.168.1.1/24 & 192.168.1.1/24 from Site B?
What Rules do I need to make this happen, please?
4
23.1 Legacy Series / Re: High CPU Usage - OPNsense 23.1.r_20
« on: January 26, 2023, 04:04:41 am »
UPDATE:
I disabled "Unbound DNS reporting" & this seems to have somewhat addressed the issue, but the issue still persists
I disabled "Unbound DNS reporting" & this seems to have somewhat addressed the issue, but the issue still persists
5
23.1 Legacy Series / High CPU Usage - OPNsense 23.1.r_20
« on: January 26, 2023, 02:53:25 am »
Just updated to OPNsense 23.1.r_20 but now seeing some spikes in CPU usage mainly caused by python3.9 & it hits 100% usage sometimes
please see attached animated GIF of top output
any idea why this is happening, as i havent seen this before
My FW
Intel(R) Celeron(R) CPU 3865U @ 1.80GHz
4GB RAM
ZFS
please see attached animated GIF of top output
any idea why this is happening, as i havent seen this before
My FW
Intel(R) Celeron(R) CPU 3865U @ 1.80GHz
4GB RAM
ZFS
6
22.1 Legacy Series / Wireguard Speed Issue
« on: March 21, 2022, 04:59:58 pm »
after i upgraded to 22.1.3, i'm having a weird wireguard S2S issue
1. Both use 22.1.3 with WG kmod
2. When i do an iperf test, SITE A to SITE B gives me an avg. of 14 Mbps (which is normal)
3. When i do an iperf test, SITE B to SITE A gives me an avg. of 322 Kbits/sec -
The pings from either side are pretty much the same.
From SITE A TO SITE B
iperf3 -c 192.168.3.1 (SITE B)
Connecting to host 192.168.3.1, port 5201
[ 5] local 10.17.0.1 port 20525 connected to 192.168.3.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 213 KBytes 1.74 Mbits/sec 0 96.2 KBytes
[ 5] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec 0 490 KBytes
[ 5] 2.00-3.01 sec 3.31 MBytes 27.6 Mbits/sec 113 208 KBytes
[ 5] 3.01-4.00 sec 3.22 MBytes 27.1 Mbits/sec 236 442 KBytes
[ 5] 4.00-5.00 sec 1.64 MBytes 13.8 Mbits/sec 0 448 KBytes
[ 5] 5.00-6.00 sec 1.56 MBytes 13.1 Mbits/sec 0 452 KBytes
[ 5] 6.00-7.00 sec 1.62 MBytes 13.6 Mbits/sec 0 457 KBytes
[ 5] 7.00-8.00 sec 1.07 MBytes 9.00 Mbits/sec 1 232 KBytes
[ 5] 8.00-9.00 sec 832 KBytes 6.82 Mbits/sec 0 238 KBytes
[ 5] 9.00-10.00 sec 870 KBytes 7.12 Mbits/sec 0 242 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 15.5 MBytes 13.0 Mbits/sec 350 sender
[ 5] 0.00-10.27 sec 13.8 MBytes 11.2 Mbits/sec receiver
PING STATS
ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1): 56 data bytes
64 bytes from 192.168.3.1: icmp_seq=0 ttl=64 time=268.734 ms
64 bytes from 192.168.3.1: icmp_seq=1 ttl=64 time=268.170 ms
64 bytes from 192.168.3.1: icmp_seq=2 ttl=64 time=267.838 ms
64 bytes from 192.168.3.1: icmp_seq=3 ttl=64 time=268.463 ms
64 bytes from 192.168.3.1: icmp_seq=4 ttl=64 time=268.048 ms
64 bytes from 192.168.3.1: icmp_seq=5 ttl=64 time=267.684 ms
64 bytes from 192.168.3.1: icmp_seq=6 ttl=64 time=267.763 ms
^C
--- 192.168.3.1 ping statistics ---
7 packets transmitted, 7 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 267.684/268.100/268.734/0.358 ms
From SITE B TO SITE A
iperf3 -c 192.168.11.1 -p 5201
Connecting to host 192.168.11.1, port 5201
[ 5] local 10.17.0.2 port 34521 connected to 192.168.11.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.01 sec 118 KBytes 955 Kbits/sec 1 22.7 KBytes
[ 5] 1.01-2.00 sec 114 KBytes 940 Kbits/sec 1 14.7 KBytes
[ 5] 2.00-3.00 sec 40.1 KBytes 329 Kbits/sec 2 9.38 KBytes
[ 5] 3.00-4.00 sec 14.7 KBytes 120 Kbits/sec 2 5.37 KBytes
[ 5] 4.00-5.00 sec 26.7 KBytes 218 Kbits/sec 0 10.8 KBytes
[ 5] 5.00-6.00 sec 30.7 KBytes 252 Kbits/sec 1 9.40 KBytes
[ 5] 6.00-7.00 sec 32.1 KBytes 263 Kbits/sec 0 13.4 KBytes
[ 5] 7.00-8.01 sec 37.4 KBytes 304 Kbits/sec 1 10.7 KBytes
[ 5] 8.01-9.00 sec 44.1 KBytes 363 Kbits/sec 1 8.04 KBytes
[ 5] 9.00-10.01 sec 21.4 KBytes 173 Kbits/sec 1 5.37 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.01 sec 479 KBytes 392 Kbits/sec 10 sender
[ 5] 0.00-10.29 sec 405 KBytes 322 Kbits/sec receiver
PING STATS
ping 192.168.11.1
PING 192.168.11.1 (192.168.11.1): 56 data bytes
64 bytes from 192.168.11.1: icmp_seq=0 ttl=64 time=267.604 ms
64 bytes from 192.168.11.1: icmp_seq=1 ttl=64 time=268.597 ms
64 bytes from 192.168.11.1: icmp_seq=2 ttl=64 time=268.139 ms
64 bytes from 192.168.11.1: icmp_seq=3 ttl=64 time=269.240 ms
64 bytes from 192.168.11.1: icmp_seq=4 ttl=64 time=268.669 ms
64 bytes from 192.168.11.1: icmp_seq=5 ttl=64 time=270.352 ms
64 bytes from 192.168.11.1: icmp_seq=6 ttl=64 time=270.733 ms
64 bytes from 192.168.11.1: icmp_seq=7 ttl=64 time=269.979 ms
64 bytes from 192.168.11.1: icmp_seq=8 ttl=64 time=267.509 ms
^C
--- 192.168.11.1 ping statistics ---
9 packets transmitted, 9 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 267.509/268.980/270.733/1.107 ms
There was no change in config from the previous version. I tried setting the MTU to 1420 but still no luck
Any help will be greatly appreciated.
PS: Tried it with a wireguard client from SITE A TO SITE B, same issue
1. Both use 22.1.3 with WG kmod
2. When i do an iperf test, SITE A to SITE B gives me an avg. of 14 Mbps (which is normal)
3. When i do an iperf test, SITE B to SITE A gives me an avg. of 322 Kbits/sec -
The pings from either side are pretty much the same.
From SITE A TO SITE B
iperf3 -c 192.168.3.1 (SITE B)
Connecting to host 192.168.3.1, port 5201
[ 5] local 10.17.0.1 port 20525 connected to 192.168.3.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 213 KBytes 1.74 Mbits/sec 0 96.2 KBytes
[ 5] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec 0 490 KBytes
[ 5] 2.00-3.01 sec 3.31 MBytes 27.6 Mbits/sec 113 208 KBytes
[ 5] 3.01-4.00 sec 3.22 MBytes 27.1 Mbits/sec 236 442 KBytes
[ 5] 4.00-5.00 sec 1.64 MBytes 13.8 Mbits/sec 0 448 KBytes
[ 5] 5.00-6.00 sec 1.56 MBytes 13.1 Mbits/sec 0 452 KBytes
[ 5] 6.00-7.00 sec 1.62 MBytes 13.6 Mbits/sec 0 457 KBytes
[ 5] 7.00-8.00 sec 1.07 MBytes 9.00 Mbits/sec 1 232 KBytes
[ 5] 8.00-9.00 sec 832 KBytes 6.82 Mbits/sec 0 238 KBytes
[ 5] 9.00-10.00 sec 870 KBytes 7.12 Mbits/sec 0 242 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 15.5 MBytes 13.0 Mbits/sec 350 sender
[ 5] 0.00-10.27 sec 13.8 MBytes 11.2 Mbits/sec receiver
PING STATS
ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1): 56 data bytes
64 bytes from 192.168.3.1: icmp_seq=0 ttl=64 time=268.734 ms
64 bytes from 192.168.3.1: icmp_seq=1 ttl=64 time=268.170 ms
64 bytes from 192.168.3.1: icmp_seq=2 ttl=64 time=267.838 ms
64 bytes from 192.168.3.1: icmp_seq=3 ttl=64 time=268.463 ms
64 bytes from 192.168.3.1: icmp_seq=4 ttl=64 time=268.048 ms
64 bytes from 192.168.3.1: icmp_seq=5 ttl=64 time=267.684 ms
64 bytes from 192.168.3.1: icmp_seq=6 ttl=64 time=267.763 ms
^C
--- 192.168.3.1 ping statistics ---
7 packets transmitted, 7 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 267.684/268.100/268.734/0.358 ms
From SITE B TO SITE A
iperf3 -c 192.168.11.1 -p 5201
Connecting to host 192.168.11.1, port 5201
[ 5] local 10.17.0.2 port 34521 connected to 192.168.11.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.01 sec 118 KBytes 955 Kbits/sec 1 22.7 KBytes
[ 5] 1.01-2.00 sec 114 KBytes 940 Kbits/sec 1 14.7 KBytes
[ 5] 2.00-3.00 sec 40.1 KBytes 329 Kbits/sec 2 9.38 KBytes
[ 5] 3.00-4.00 sec 14.7 KBytes 120 Kbits/sec 2 5.37 KBytes
[ 5] 4.00-5.00 sec 26.7 KBytes 218 Kbits/sec 0 10.8 KBytes
[ 5] 5.00-6.00 sec 30.7 KBytes 252 Kbits/sec 1 9.40 KBytes
[ 5] 6.00-7.00 sec 32.1 KBytes 263 Kbits/sec 0 13.4 KBytes
[ 5] 7.00-8.01 sec 37.4 KBytes 304 Kbits/sec 1 10.7 KBytes
[ 5] 8.01-9.00 sec 44.1 KBytes 363 Kbits/sec 1 8.04 KBytes
[ 5] 9.00-10.01 sec 21.4 KBytes 173 Kbits/sec 1 5.37 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.01 sec 479 KBytes 392 Kbits/sec 10 sender
[ 5] 0.00-10.29 sec 405 KBytes 322 Kbits/sec receiver
PING STATS
ping 192.168.11.1
PING 192.168.11.1 (192.168.11.1): 56 data bytes
64 bytes from 192.168.11.1: icmp_seq=0 ttl=64 time=267.604 ms
64 bytes from 192.168.11.1: icmp_seq=1 ttl=64 time=268.597 ms
64 bytes from 192.168.11.1: icmp_seq=2 ttl=64 time=268.139 ms
64 bytes from 192.168.11.1: icmp_seq=3 ttl=64 time=269.240 ms
64 bytes from 192.168.11.1: icmp_seq=4 ttl=64 time=268.669 ms
64 bytes from 192.168.11.1: icmp_seq=5 ttl=64 time=270.352 ms
64 bytes from 192.168.11.1: icmp_seq=6 ttl=64 time=270.733 ms
64 bytes from 192.168.11.1: icmp_seq=7 ttl=64 time=269.979 ms
64 bytes from 192.168.11.1: icmp_seq=8 ttl=64 time=267.509 ms
^C
--- 192.168.11.1 ping statistics ---
9 packets transmitted, 9 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 267.509/268.980/270.733/1.107 ms
There was no change in config from the previous version. I tried setting the MTU to 1420 but still no luck
Any help will be greatly appreciated.
PS: Tried it with a wireguard client from SITE A TO SITE B, same issue
7
21.7 Legacy Series / Re: Boot delay after "Invoking start script newwanip"
« on: October 02, 2021, 02:04:48 am »
I too have this issue..
8
21.1 Legacy Series / Re: Unbound DNS - Unable to resolve Host Overrides
« on: July 25, 2021, 12:59:15 am »
thank you for your suggestions
I finally figured it out.
I had adguard home & had to move these to lines to the top in the Bootstrap DNS Servers under DNS Settings for this to work.
192.168.11.1:5353 (My firewall IP)
127.0.0.1:5353
They were the 1st 2 in the Upstream DNS Servers box, but i guess it needs to be on the top in both places.
I finally figured it out.
I had adguard home & had to move these to lines to the top in the Bootstrap DNS Servers under DNS Settings for this to work.
192.168.11.1:5353 (My firewall IP)
127.0.0.1:5353
They were the 1st 2 in the Upstream DNS Servers box, but i guess it needs to be on the top in both places.
9
21.1 Legacy Series / Re: Unbound DNS - Unable to resolve Host Overrides
« on: July 22, 2021, 12:10:43 am »
BUMP!!!
Anyone please help
Anyone please help
10
21.1 Legacy Series / Unbound DNS - Unable to resolve Host Overrides [SOLVED]
« on: June 17, 2021, 04:57:07 pm »
I recently migrated from pfsense
I've configured the host overrides to map internal IPs to hosts. But i cant ping them OR connect to them. These hosts are also defined in my cloudflare DNS server. instead of resolving the internal IP it returns the external IP of the firewall.
Any ideas as to why this happens?
for e.g. my bitwarden.domain.com is mapped to an internal IP 192.168.15.4 in UNBound Host Overrides
when i ping bitwarden.domain.com it returns the external IP
this used to work for me in pfsense where it returned the internal IP. I have flushed the cache etc. I had raised this issue in the legacy 20.1 too but had no solution. Yes, all these IP/hosts are configured on cloudflare with ACME
ANy ideas how to get this to resolve the internal IP?
I've configured the host overrides to map internal IPs to hosts. But i cant ping them OR connect to them. These hosts are also defined in my cloudflare DNS server. instead of resolving the internal IP it returns the external IP of the firewall.
Any ideas as to why this happens?
for e.g. my bitwarden.domain.com is mapped to an internal IP 192.168.15.4 in UNBound Host Overrides
when i ping bitwarden.domain.com it returns the external IP
this used to work for me in pfsense where it returned the internal IP. I have flushed the cache etc. I had raised this issue in the legacy 20.1 too but had no solution. Yes, all these IP/hosts are configured on cloudflare with ACME
ANy ideas how to get this to resolve the internal IP?
11
21.1 Legacy Series / Reboot stuck in 2 processes
« on: June 17, 2021, 01:51:58 pm »
Whenever i reboot my opnsense box the reboot pauses for a long time in these 2 steps. Any idea whats causing it?
1. "Configuring DNS Clients"
2. >>Invoking start script "newwanip"
Reconfiguring IPV4 on eth0
the process is kinda stuck for 2 minutes at each instance.
any idea whats causing this delay?
1. "Configuring DNS Clients"
2. >>Invoking start script "newwanip"
Reconfiguring IPV4 on eth0
the process is kinda stuck for 2 minutes at each instance.
any idea whats causing this delay?
12
Documentation and Translation / Re: AdGuard Home setup guide
« on: May 12, 2021, 02:42:34 pm »2) Now, if I change the following, I get the reverse behaviour. Inside AdGuards Top Clients, I can see only IPs (no host names), but upstream DNS is now showing up as 108.162.218.241 (Cloudflare).
Adguard/DNS Settings:
127.0.0.1:5353
1.1.1.1
1.0.0.1
I've also experiments with a few things to no avail, like:
[/168.192.in-addr.arpa/]127.0.0.1:5353
[/168.192.in-addr.arpa/]127.0.0.1
[/168.192.in-addr.arpa/]192.168.0.1:5353
[/168.192.in-addr.arpa/]192.168.0.1
Do you have any suggestions what I might be doing wrong?
Hi, were you able to solve this? All I see are IP Addresses. I have way too many devices/clients to enter them manually
13
Documentation and Translation / Re: AdGuard Home setup guide
« on: May 05, 2021, 03:13:32 pm »
- Follow the tutorial explained above for Adguard.
Do we need both? Can one not configure just NextDNS without AdGurad?
14
21.1 Legacy Series / Re: IPsec tunnel unstable after change of hardware - solved, but why?
« on: April 28, 2021, 10:29:53 pm »
technically AES/NI is supported on select Intel & AMD. Maybe your proc doesnt support the instruction set
can you please run "kldstat" and see if you can see the aesni module is loaded or not?
something like this
15 1 0xffffffff82bed000 8d50 aesni.ko
can you please run "kldstat" and see if you can see the aesni module is loaded or not?
something like this
15 1 0xffffffff82bed000 8d50 aesni.ko
15
21.1 Legacy Series / Re: AdGuardHome Plug In Misconfiguration
« on: April 28, 2021, 03:26:43 am »
I'm having the same issue, but it seem to work fine. ads are being blocked, so not sure what part is misconfigured
Pages: [1] 2