Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - buggy09

Pages1
#1
General Discussion / Outbound NAT from VPN clients
March 17, 2020, 11:02:18 PM
I have configured site-to-site IPSec from my LAN to specific remote IP on the other end of IPSec tunnel.
From LAN network everything works fine.

I also have OpenVPN clients (road warrior setup) on separate subnet. That OpenVPN subnet (tunnel network) can not access remote IP on the IPSec directly. I can't change IPSec configuration on the other end of the tunnel.

My idea was to try to configure Outbound NAT somehow in order to access remote IP from OpenVPN clients.

I add FW rule in OpenVPN "interface" to allow traffic from OpenVPN subnet to remote IP.
I also add remote IP in OpenVPN server config as "IPv4 Local Network" (/32).

I also add Outbound NAT rule (manual generation) with following parameters:


  • Interface : LAN (also tried OpenVPN and IPSec interfaces
  • Source address : OpenVPN subnet (tunnel network)
  • Destination address : Remote IP address
  • Translation/target : LAN address (also tried Interface address)

... but I can't find setup that works. I would like to try to "cheat" IPSec tunnel to allow OpenVPN clients subnet to have access to remote IP, without changing IPSec configuration (I can't change other side of IPSec).

Looking in Firewall log, all attempts to access remote IP from OpenVPN subnet goes to WAN interface.

Any idea ? Is it possible at all ?
#2
General Discussion / Re: Using OpnSense Freeradius for external WAP
May 17, 2019, 09:56:22 PM
Thanks for reply :).

So, I don't need to add server in System/Access/Servers in this case ?
I just need to add freeradius plugin and configure it in Services/FreeRADIUS (including users and clients-WAPs) ?


  • Any firewall rules needed ?
  • What IP address to put on my clients ? Is OpnSense listening for radius messages on all its interfaces ?


#3
General Discussion / Using OpnSense Freeradius for external WAP
May 17, 2019, 10:55:55 AM
Is it possible to use OpnSense Freeradius plugin for external Wireless Access Points WPA Enterprise authentication ?
#4
Hardware and Performance / High WCPU for [intr{swi4: clock (0)}]
April 16, 2019, 08:48:18 PM
OpnSense is installed on SuperMicro SuperServer 5018D-FN8T with Xeon D-1518 CPU.
Everything works fine, but even in idle, [intr{swi4: clock (0)}] shows WCPU abt 10.0% all the time.

Code Select

PID USERNAME PRI NICE SIZE  RES    STATE   C    TIME      WCPU     COMMAND
11   root    155 ki31 0   128K   CPU0    0 330.2H    100.00%  [idle{idle: cpu0}]
12   root    -60  - 0   1328K  WAIT    5 35.3H      10.57%  [intr{swi4: clock (0)}]


Same config on chinese Mini PC based on Celeron J1900 shows WCPU for same process less then 1%.

Is it normal ? Load average showing on Dashboard is about 0.5 (8 cores CPU).
Pages1