Messages

1

19.1 Legacy Series / Re: WAN speed issue - 19.1 on XCP 7.5

« on: February 13, 2019, 12:52:20 am »

Issue with latest firmware and DMZ+ (Fake Pass-through). Friend of mine just had this issue. Took us a while to come across this issue as we just did a new unifi AP deployment and thought it was related to that.

https://forums.att.com/t5/AT-T-Fiber-Equipment/PACE-11-1-0-531418-DMZ-Issue/m-p/5745153#M7940

2

19.1 Legacy Series / Re: 19.1 VPN speeds capped at 100Mbs?

« on: February 10, 2019, 05:47:34 am »

Is there other detail that I should provide?

3

19.1 Legacy Series / 19.1 VPN speeds capped at 100Mbs?

« on: February 08, 2019, 04:57:26 pm »

It appears that recent upgrades have VPN speeds capped around 100Mbs. I have tried building OpenVPN and IPSEC tunnels to test. I used to get over 100 on 18.7 versions.

I've tested with 3 sites
Two are VMs and One Bare Metal
All use Intel Nics
One is using vmxnet3 other is e1000
All support AES-NI Core counts are 8@4ghz, 6@2.8ghz, and 4@3.2ghz
Deleted all Traffic shaping that was applied to one FW
Rebooted everything
Main site that is involeved in all testing is on 19.1.1
Secondary sites are 18.7.x and 19.1.1

Main has 400/20
two sites have 1G/1G

OpenVPN
Tried AES-128-CBC and GCM
SHA 256
DH 2048 and 4096
fast-io;
push "fast-io"; (also set on the other end as I'm not sure if push works)
sndbuf 524288;
rcvbuf 524288;
push "sndbuf 524288";
push "rcvbuf 524288"

IPSec
Tried AES128CBC and GCM
SHA1 and SHA 256
Tried no encryption on Phase2

4

18.7 Legacy Series / Re: Renew WAN interface via CMD or API

« on: January 09, 2019, 10:55:56 pm »

This makes sense and should work for this solution. I think I'll just the to modify the script slightly to do an external dyndns check. Thanks!

I have AT&T gig fiber. Their "awesome" modem doesn't support direct passthrough. So you have to configure IP passthrough to get the public IP on the WAN interface. If we loose power the OPNsense box reboots quicker than the ONT and I don't get a public IP until I reboot OPNsense again. This is an issue for things like remote access VPN. Is there an easy way to force a renew or reboot with the API or over SSH so I can build a reboot or renew script.

forgot to add..


you can just take the interface down and back up using



 ifconfig igb0 down

 ifconfig igb0 up


Of course you need to make sure that the interface id is correct.. in my case it is igb0.

5

18.7 Legacy Series / Renew WAN interface via CMD or API

« on: January 08, 2019, 10:52:25 pm »

I have AT&T gig fiber. Their "awesome" modem doesn't support direct passthrough. So you have to configure IP passthrough to get the public IP on the WAN interface. If we loose power the OPNsense box reboots quicker than the ONT and I don't get a public IP until I reboot OPNsense again. This is an issue for things like remote access VPN. Is there an easy way to force a renew or reboot with the API or over SSH so I can build a reboot or renew script.

6

18.7 Legacy Series / Re: Alias URL Table limits

« on: January 05, 2019, 10:47:24 pm »

Hi,

Firewall -> Settings -> Advanced -> Firewall Maximum Table Entries

br

I think this worked, set it to 2M for now.

7

18.7 Legacy Series / [SOLVED] Alias URL Table limits

« on: January 05, 2019, 09:15:32 pm »

It appears that a Alias using "URL Table (IPs)" has a limit of 13000 lines. Is there anyway to increase this?

I am trying to import a custom block list of IPs that hit/scan my honey pot. My list has grown to roughly 70k IPs and when I looked at my list under Firewall>Diagnostics>pfTables it was empty. After some troubleshooting I found if I only had 13k IPs in the list it would work.

8

18.7 Legacy Series / Re: Backup to Google Drive

« on: December 18, 2018, 08:50:16 pm »

Do you have a screenshot of settings? Obfuscate as need.

9

18.7 Legacy Series / Re: Backup to Google Drive

« on: December 18, 2018, 02:05:53 am »

Could someone please update the doc on how to configure to backup to Google Drive ?

The steps/screens on the Google end seems to be changed...

Thanks

I just set this up a few days ago, what part are you having issues with?

10

18.7 Legacy Series / Re: OpenVPN problem deleting temp file

« on: December 18, 2018, 01:55:43 am »

I would say "issue" is the wrong word, as things continue to work as expected. We thought it was an issue as the user couldn't connect, but was resolved by reloading their config on their iPhone. Now I'm more interested where the error shown. I don't think this is ZFS. I don't remember options selected, but it was all default from a fresh ISO.

11

18.7 Legacy Series / Seeing a lot of gateway traffic on port 0 for one VLAN

« on: December 18, 2018, 01:51:25 am »

Can anyone help me out and explain?

Images
QRadar Log Data:
https://drive.google.com/open?id=1QvTP_Kl9DaV1NQsq_GHhgFMN-_Nvpn4d
Rules for DMZ Net:
https://drive.google.com/open?id=13HjGT7RhXGK6Bjb9WRuWhDMNJiAaZjbN

12

Documentation and Translation / Re: cron log

« on: December 15, 2018, 09:16:26 pm »

I'm interested in the location of this log as well.

13

18.7 Legacy Series / Re: OpenVPN problem deleting temp file

« on: December 03, 2018, 05:20:23 pm »

Has anyone seen this issue?

Code: [Select]

openvpn[79319]: iPhone/166.x.x.x:2349 MULTI: problem deleting temporary file: /tmp/openvpn_cc_78c8c78b55e511e75462b4354891a65d2e.tmp
OPNsense 18.7.8-amd64
FreeBSD 11.1-RELEASE-p15
LibreSSL 2.7.4

Is there other information that would assist? Nobody else seeing this in their OVPN logs?

14

18.7 Legacy Series / Re: [18.7.8] GeoIP alias not working

« on: December 03, 2018, 05:18:52 pm »

under Firewall: Diagnostics: pfTables the table is also empty - look like it gets not loaded

I also have this issue. I am using US IPv4 as my constraint and the table is empty in pfTables.

15

18.7 Legacy Series / OpenVPN problem deleting temp file

« on: November 30, 2018, 05:39:25 pm »

Has anyone seen this issue?

Code: [Select]

openvpn[79319]: iPhone/166.x.x.x:2349 MULTI: problem deleting temporary file: /tmp/openvpn_cc_78c8c78b55e511e75462b4354891a65d2e.tmp
OPNsense 18.7.8-amd64
FreeBSD 11.1-RELEASE-p15
LibreSSL 2.7.4