Messages

1

Virtual private networks / Change default OpenVPN gateway ip

« on: June 02, 2021, 03:21:13 pm »

Hi,

When I add a OpenVPN client a gateway is created by default. This gateway always have the IP 10.128.0.1.

If I add a second client connections the second gateway gets the same IP as the first. How can I prevent this so I can use both connections?

br,

molotch

2

20.1 Legacy Series / Re: Wireguard Gateway Priority shown as "defunct"

« on: July 18, 2020, 10:27:47 pm »

Thanks, worked like a charm.

This is the thread if someone reads this later on.

https://forum.opnsense.org/index.php?topic=15105.0

3

20.1 Legacy Series / Wireguard Gateway Priority shown as "defunct"

« on: July 17, 2020, 02:07:06 pm »

Hi,

I've setup a wireguard vpn to my provider. Works fine, but I am unable to define a working gateway on the interface. The Gateway shows up as "disabled" with Priority "defunct" and status "Online". I have no idea what that means or how I can fix it?

Using the default routes the connection works fine, but I can't use policy based routing without a working gateway.

4

20.7 Legacy Series / Traffic shaping targeting on OpenVPN link

« on: April 19, 2020, 10:04:52 am »

Hi, I'm trying to prioritize traffic on a limited Open VPN uplink.

It seems as if all traffic terminates on the firewall, both upstream and downstream. I.e. traffic from my computer is sourced at 10.0.0.0/24 and terminates at 0.0.0.0/0 and downstream is Any to 0.0.0.0/0. This makes it impossible to distinguish between downstream traffic on destination since everything seems to be headed to the firewall.

Is it possible to separate downstream traffic between which host it is going to be routed to eventually?

5

19.7 Legacy Series / Re: Wireguard VPN server ping returns are lost

« on: November 18, 2019, 09:12:28 pm »

Thanks, I'll try to look into it asap, probably tomorrow or the day after.

6

19.7 Legacy Series / Wireguard VPN server ping returns are lost

« on: November 17, 2019, 07:43:23 pm »

Hi,

I'm having trouble getting WG to work as intended.

My setup is quite plain. I installed the WG-plugin and configured the server and the client as follows. The client is running on Ubuntu 19.10.

Server setup (from the List Configuration window)

Code: [Select]

interface: wg0
  public key: <key1>
  private key: (hidden)
  listening port: 51820

peer: <key2>
  endpoint: (hidden):22729
  allowed ips: 10.10.0.10/32
  transfer: 5.64 KiB received, 3.50 KiB sent

The server is using 10.10.0.1/24 as Tunnel Address and I have opened port 51820/UDP to all source addresses and ports on my WAN interface.

Client setup

Code: [Select]

[Interface]
ListenPort = 53460
PrivateKey = (hidden)

[Peer]
PublicKey = <key1>
AllowsIPs = 10.10.0.0/24
Endpoint = (hidden):51820
PersistentKeepalive = 25

wg0 on the client is configured with the IP-address 10.10.0.10/32

If I run ping 10.10.0.1 from the client the packet hits the WAN-address on port 51820, so far everything seems fine. As you see above the WG-server also shows it has both received and sent traffic to the client (transfer: 5.64 KiB received, 3.50 KiB sent). None of the traffic makes it back to the client though. Ping shows 100& packet loss.

Any pointers on how to understand this behaviour? Any help is appreciated.

7

Hardware and Performance / PC Engines APU2 OpenVPN performance

« on: April 28, 2019, 10:59:44 am »

I recently bought an APU2 board hoping I could reach OpenVPN speeds close to 100 Mbps (using AES-GCM cipher) since that seems to be achievable with pfSense according to this article.

https://teklager.se/en/knowledge-base/apu2-vpn-performance/

Anyone here using the APU2 board that managed to get close to 100 Mbit in performance with OpenVPN or have any hints on what I could try to get closer? I am using an AES-GCM cipher and have tried increasing the send and receive buffers. No luck, I max out at about 60 Mbps up and 50 Mbps down.

Seems strange that pfSense should be that much faster. If I connect to the provider using OpenVPN on my computer I max out my connection of 150 Mbps both up and down. I test performance with the homepage www.bredbandskollen.se.