1
20.7 Legacy Series / Re: Migrating from APU1c to APU2E4
« on: December 02, 2020, 07:16:32 pm »
I am worried because my Realtek interface name is re and Intel should have different naming igb. So how do I migrate? Please advise.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
20.7 Legacy Series / Re: Migrating from APU1c to APU2E4
« on: December 02, 2020, 08:39:11 am »
Thanks.
I will probably move the SSD and then adjust driver settings.
Can someone confirm that Realtek/Intel network interfaces have the same names ?
I will probably move the SSD and then adjust driver settings.
Can someone confirm that Realtek/Intel network interfaces have the same names ?
3
20.7 Legacy Series / Migrating from APU1c to APU2E4
« on: December 01, 2020, 11:52:25 pm »
Dear friens,
I need to migrate OPNsense from an APU1c (two-core) with realtek nics to the APU2E4 (4-core) with Intel NICs.
Can I simply change the mSATA card from one board to another?
If not, what is needed for migration?
Kind regards,
FrenchFries
I need to migrate OPNsense from an APU1c (two-core) with realtek nics to the APU2E4 (4-core) with Intel NICs.
Can I simply change the mSATA card from one board to another?
If not, what is needed for migration?
Kind regards,
FrenchFries
4
Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable
« on: November 21, 2020, 06:26:01 pm »
OK, I get it. When connecting to the Internet, data is going through WAN on a different network interface. However it is not clear why it is SO much slower than inter-VLAN routing with OPNsense firewall.
5
Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable
« on: November 21, 2020, 06:14:22 pm »
When testing on the same VLAN (so OPNsense does nothing):
This is close to the speed of inter-VLAN routing with OPNsense.
So OPNsense is very efficient in inter-VLAN routing.
And just to confirm, speed with direct link is close to 1Gb/s:
Code: [Select]
iperf3 -R -c 10.90.70.250
Connecting to host 10.90.70.250, port 5201
Reverse mode, remote host 10.90.70.250 is sending
[ 5] local 10.90.70.110 port 42160 connected to 10.90.70.250 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 93.5 MBytes 784 Mbits/sec
[ 5] 1.00-2.00 sec 93.6 MBytes 785 Mbits/sec
[ 5] 2.00-3.00 sec 93.6 MBytes 786 Mbits/sec
[ 5] 3.00-4.00 sec 94.2 MBytes 790 Mbits/sec
[ 5] 4.00-5.00 sec 95.8 MBytes 803 Mbits/sec
[ 5] 5.00-6.00 sec 95.1 MBytes 798 Mbits/sec
[ 5] 6.00-7.00 sec 95.8 MBytes 803 Mbits/sec
[ 5] 7.00-8.00 sec 96.1 MBytes 806 Mbits/sec
[ 5] 8.00-9.00 sec 95.9 MBytes 805 Mbits/sec
[ 5] 9.00-10.00 sec 96.1 MBytes 806 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 950 MBytes 797 Mbits/sec 0 sender
[ 5] 0.00-10.00 sec 950 MBytes 797 Mbits/sec receiverThis is close to the speed of inter-VLAN routing with OPNsense.
So OPNsense is very efficient in inter-VLAN routing.
And just to confirm, speed with direct link is close to 1Gb/s:
Code: [Select]
iperf3 -R -p 5206 -c bouygues.iperf.fr
Connecting to host bouygues.iperf.fr, port 5206
Reverse mode, remote host bouygues.iperf.fr is sending
[ 5] local 192.168.1.158 port 58658 connected to 89.84.1.222 port 5206
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 111 MBytes 930 Mbits/sec
[ 5] 1.00-2.00 sec 112 MBytes 941 Mbits/sec
[ 5] 2.00-3.00 sec 112 MBytes 942 Mbits/sec
[ 5] 3.00-4.00 sec 112 MBytes 941 Mbits/sec
[ 5] 4.00-5.00 sec 112 MBytes 942 Mbits/sec
[ 5] 5.00-6.00 sec 112 MBytes 941 Mbits/sec
[ 5] 6.00-7.00 sec 112 MBytes 942 Mbits/sec
[ 5] 7.00-8.00 sec 112 MBytes 941 Mbits/sec
[ 5] 8.00-9.00 sec 112 MBytes 942 Mbits/sec
[ 5] 9.00-10.00 sec 112 MBytes 941 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 1.10 GBytes 946 Mbits/sec 0 sender
[ 5] 0.00-10.00 sec 1.09 GBytes 940 Mbits/sec receiver
6
Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable
« on: November 21, 2020, 05:49:54 pm »
Any idea why speed is higher with a local iperf3 server on a different subnet.
I tested with IPv6 (no NAT) to make sure no NAT was used, the same difference applies:
Client : Linux laptop
Server : bouygues.iperf.fr
Firewall : APU1c OPNsense 20.7 latest.
WAN connected to Gig fiber.
Same results for IPv4 and IPv6, so NAT is not the issue.
Client : Linux laptop
Server : Another APU1c running Debian Linux on a separate isolated VLAN (firewall is routing).
Firewall : APU1c OPNsense 20.7 latest routing between VLANs.
This is not clear to me why there is such a different.
Why is routing between VLANs wit firewall so much faster than routing with IPv6 and gigabyte fiber?
To confirm: my VLANs are not communicating directly on switch.
I tested with IPv6 (no NAT) to make sure no NAT was used, the same difference applies:
Client : Linux laptop
Server : bouygues.iperf.fr
Firewall : APU1c OPNsense 20.7 latest.
WAN connected to Gig fiber.
Same results for IPv4 and IPv6, so NAT is not the issue.
Quote
iperf3 -6 -R -p 5206 -c bouygues.iperf.fr
Connecting to host bouygues.iperf.fr, port 5206
Reverse mode, remote host bouygues.iperf.fr is sending
[ 5] local 2a01:e0a:2ed:6231:b11b:ac7c:1c41:b3f7 port 53940 connected to 2001:860:deff:1000::2 port 5206
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 54.9 MBytes 461 Mbits/sec
[ 5] 1.00-2.00 sec 59.2 MBytes 497 Mbits/sec
[ 5] 2.00-3.00 sec 55.5 MBytes 466 Mbits/sec
[ 5] 3.00-4.00 sec 53.1 MBytes 446 Mbits/sec
[ 5] 4.00-5.00 sec 52.6 MBytes 442 Mbits/sec
[ 5] 5.00-6.00 sec 55.4 MBytes 465 Mbits/sec
[ 5] 6.00-7.00 sec 53.0 MBytes 445 Mbits/sec
[ 5] 7.00-8.00 sec 51.9 MBytes 435 Mbits/sec
[ 5] 8.00-9.00 sec 49.0 MBytes 411 Mbits/sec
[ 5] 9.00-10.00 sec 58.2 MBytes 488 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 549 MBytes 460 Mbits/sec 40855 sender
[ 5] 0.00-10.00 sec 543 MBytes 455 Mbits/sec receiver
Client : Linux laptop
Server : Another APU1c running Debian Linux on a separate isolated VLAN (firewall is routing).
Firewall : APU1c OPNsense 20.7 latest routing between VLANs.
Code: [Select]
iperf3 -R -c 10.90.70.250
Connecting to host 10.90.70.250, port 5201
Reverse mode, remote host 10.90.70.250 is sending
[ 5] local 10.90.20.1 port 56430 connected to 10.90.70.250 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 87.1 MBytes 731 Mbits/sec
[ 5] 1.00-2.00 sec 87.9 MBytes 737 Mbits/sec
[ 5] 2.00-3.00 sec 82.2 MBytes 689 Mbits/sec
[ 5] 3.00-4.00 sec 83.5 MBytes 701 Mbits/sec
[ 5] 4.00-5.00 sec 88.2 MBytes 740 Mbits/sec
[ 5] 5.00-6.00 sec 87.2 MBytes 731 Mbits/sec
[ 5] 6.00-7.00 sec 87.7 MBytes 736 Mbits/sec
[ 5] 7.00-8.00 sec 82.8 MBytes 695 Mbits/sec
[ 5] 8.00-9.00 sec 88.4 MBytes 741 Mbits/sec
[ 5] 9.00-10.00 sec 90.4 MBytes 758 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.01 sec 869 MBytes 728 Mbits/sec 577 sender
[ 5] 0.00-10.00 sec 865 MBytes 726 Mbits/sec receiverThis is not clear to me why there is such a different.
Why is routing between VLANs wit firewall so much faster than routing with IPv6 and gigabyte fiber?
To confirm: my VLANs are not communicating directly on switch.
7
Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable
« on: November 18, 2020, 11:15:52 am »
Here is a more accurate downloading speedtest with iperf3 and one thread.
I used -P option to test downloading speed, not uploading :
However, with two threads, I have the same results :
I also testing on local server (connected on different VLAN with different subnets, so OPNsense is acting as NAT):
Here I can achieve 722 Mbits, which is pretty good for an older APU1c platform.
Same results with 2 threads.
Two remarks:
1) I cannot explain why iperf3 is so much faster on a local iperf3 server with NAT.
2) OPNsense does not seem to support multiple core routing, as speed is not higher with two treads.
I even tested with two clients and there is roughly the same speed.
Do I miss something in my OPNsense settings?
I would expect speed to be higher with two iperf3 threads.
Or is pf single threaded on OPNsense?
I used -P option to test downloading speed, not uploading :
Code: [Select]
iperf3 -R -P 1 -c bouygues.iperf.fr
Connecting to host bouygues.iperf.fr, port 5201
Reverse mode, remote host bouygues.iperf.fr is sending
[ 5] local 10.90.20.1 port 39286 connected to 89.84.1.222 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 53.7 MBytes 450 Mbits/sec
[ 5] 1.00-2.00 sec 52.8 MBytes 443 Mbits/sec
[ 5] 2.00-3.00 sec 55.3 MBytes 464 Mbits/sec
[ 5] 3.00-4.00 sec 61.4 MBytes 515 Mbits/sec
[ 5] 4.00-5.00 sec 54.3 MBytes 456 Mbits/sec
[ 5] 5.00-6.00 sec 53.0 MBytes 445 Mbits/sec
[ 5] 6.00-7.00 sec 53.8 MBytes 451 Mbits/sec
[ 5] 7.00-8.00 sec 48.3 MBytes 405 Mbits/sec
[ 5] 8.00-9.00 sec 54.6 MBytes 458 Mbits/sec
[ 5] 9.00-10.00 sec 54.4 MBytes 457 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.01 sec 550 MBytes 461 Mbits/sec 31826 sender
[ 5] 0.00-10.00 sec 542 MBytes 455 Mbits/sec receiver
However, with two threads, I have the same results :
Quote
iperf3 -R -P 2 -c bouygues.iperf.fr
Connecting to host bouygues.iperf.fr, port 5201
Reverse mode, remote host bouygues.iperf.fr is sending
[ 5] local 10.90.20.1 port 40064 connected to 89.84.1.222 port 5201
[ 7] local 10.90.20.1 port 40066 connected to 89.84.1.222 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 28.8 MBytes 241 Mbits/sec
[ 7] 0.00-1.00 sec 25.7 MBytes 216 Mbits/sec
[SUM] 0.00-1.00 sec 54.5 MBytes 457 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 1.00-2.00 sec 27.5 MBytes 231 Mbits/sec
[ 7] 1.00-2.00 sec 27.6 MBytes 232 Mbits/sec
[SUM] 1.00-2.00 sec 55.1 MBytes 462 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 2.00-3.00 sec 23.6 MBytes 198 Mbits/sec
[ 7] 2.00-3.00 sec 29.4 MBytes 246 Mbits/sec
[SUM] 2.00-3.00 sec 53.0 MBytes 444 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 3.00-4.00 sec 23.8 MBytes 200 Mbits/sec
[ 7] 3.00-4.00 sec 26.9 MBytes 226 Mbits/sec
[SUM] 3.00-4.00 sec 50.7 MBytes 426 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 4.00-5.00 sec 27.3 MBytes 229 Mbits/sec
[ 7] 4.00-5.00 sec 23.7 MBytes 199 Mbits/sec
[SUM] 4.00-5.00 sec 51.0 MBytes 428 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 5.00-6.00 sec 19.8 MBytes 166 Mbits/sec
[ 7] 5.00-6.00 sec 30.2 MBytes 253 Mbits/sec
[SUM] 5.00-6.00 sec 50.0 MBytes 419 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 6.00-7.00 sec 16.9 MBytes 142 Mbits/sec
[ 7] 6.00-7.00 sec 34.6 MBytes 290 Mbits/sec
[SUM] 6.00-7.00 sec 51.5 MBytes 432 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 7.00-8.00 sec 16.9 MBytes 142 Mbits/sec
[ 7] 7.00-8.00 sec 34.0 MBytes 285 Mbits/sec
[SUM] 7.00-8.00 sec 50.8 MBytes 426 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 8.00-9.00 sec 15.8 MBytes 133 Mbits/sec
[ 7] 8.00-9.00 sec 38.1 MBytes 320 Mbits/sec
[SUM] 8.00-9.00 sec 53.9 MBytes 452 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 9.00-10.00 sec 14.2 MBytes 119 Mbits/sec
[ 7] 9.00-10.00 sec 40.1 MBytes 336 Mbits/sec
[SUM] 9.00-10.00 sec 54.3 MBytes 455 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.01 sec 219 MBytes 183 Mbits/sec 21640 sender
[ 5] 0.00-10.00 sec 215 MBytes 180 Mbits/sec receiver
[ 7] 0.00-10.01 sec 315 MBytes 264 Mbits/sec 29816 sender
[ 7] 0.00-10.00 sec 310 MBytes 260 Mbits/sec receiver
[SUM] 0.00-10.01 sec 534 MBytes 447 Mbits/sec 51456 sender
[SUM] 0.00-10.00 sec 525 MBytes 440 Mbits/sec receiver
I also testing on local server (connected on different VLAN with different subnets, so OPNsense is acting as NAT):
Quote
iperf3 -R -c 10.90.70.250
Connecting to host 10.90.70.250, port 5201
Reverse mode, remote host 10.90.70.250 is sending
[ 5] local 10.90.20.1 port 54348 connected to 10.90.70.250 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 85.7 MBytes 719 Mbits/sec
[ 5] 1.00-2.00 sec 86.8 MBytes 728 Mbits/sec
[ 5] 2.00-3.00 sec 86.3 MBytes 724 Mbits/sec
[ 5] 3.00-4.00 sec 85.8 MBytes 720 Mbits/sec
[ 5] 4.00-5.00 sec 84.9 MBytes 712 Mbits/sec
[ 5] 5.00-6.00 sec 81.9 MBytes 687 Mbits/sec
[ 5] 6.00-7.00 sec 88.6 MBytes 744 Mbits/sec
[ 5] 7.00-8.00 sec 87.6 MBytes 735 Mbits/sec
[ 5] 8.00-9.00 sec 85.7 MBytes 719 Mbits/sec
[ 5] 9.00-10.00 sec 87.3 MBytes 732 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 864 MBytes 724 Mbits/sec 19 sender
[ 5] 0.00-10.00 sec 861 MBytes 722 Mbits/sec receiver
Here I can achieve 722 Mbits, which is pretty good for an older APU1c platform.
Same results with 2 threads.
Two remarks:
1) I cannot explain why iperf3 is so much faster on a local iperf3 server with NAT.
2) OPNsense does not seem to support multiple core routing, as speed is not higher with two treads.
I even tested with two clients and there is roughly the same speed.
Do I miss something in my OPNsense settings?
I would expect speed to be higher with two iperf3 threads.
Or is pf single threaded on OPNsense?
8
Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable
« on: November 18, 2020, 10:46:48 am »
I am using an older APU1C model with only two cores.
I understand only one core is being used for routing.
Just a remark, testing network bandwidth with Ikoula Speedtest is not the right methodology, as it is very unaccurate.
Using Ikoula speedtest, my result was 440 Mbits/s downstream.
But the accurate speed measured with iperf3 is 571 Mbits/s
So I can confirm that the APU1 with older core and older NIC can achieve 571 Mbits downstream.
This is OPNsense latest version 20.7.
I am connecting from a GNU/Linux laptop using an RJ-45 wire and IPv4.
OPNsense is connected to the fiber router with and RJ-45 wire and IPv4 with NAT.
iperf3 also has an option to using multiple connection streams, which is -P 2 for two cores :
IMHO, you should make a test using iperf3 for accurate results.
iperf3 should be running on client, not directly on OPNsense of course.
Edit : iperf3 should be used with -R option to ask the server to send information, otherwize you are testing upload speed. My upload speed is around 600Mbits/s, so I need to retest downloading with -R option.
I understand only one core is being used for routing.
Just a remark, testing network bandwidth with Ikoula Speedtest is not the right methodology, as it is very unaccurate.
Using Ikoula speedtest, my result was 440 Mbits/s downstream.
But the accurate speed measured with iperf3 is 571 Mbits/s
Code: [Select]
iperf3 -p 9222 -c bouygues.iperf.fr
Connecting to host bouygues.iperf.fr, port 9222
[ 5] local 10.90.20.1 port 60560 connected to 89.84.1.222 port 9222
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 69.1 MBytes 579 Mbits/sec 268 462 KBytes
[ 5] 1.00-2.00 sec 68.8 MBytes 577 Mbits/sec 0 567 KBytes
[ 5] 2.00-3.00 sec 67.5 MBytes 566 Mbits/sec 2 461 KBytes
[ 5] 3.00-4.00 sec 68.8 MBytes 577 Mbits/sec 0 563 KBytes
[ 5] 4.00-5.00 sec 67.5 MBytes 566 Mbits/sec 0 648 KBytes
[ 5] 5.00-6.00 sec 67.5 MBytes 566 Mbits/sec 2 544 KBytes
[ 5] 6.00-7.00 sec 70.0 MBytes 587 Mbits/sec 0 632 KBytes
[ 5] 7.00-8.00 sec 67.5 MBytes 566 Mbits/sec 2 533 KBytes
[ 5] 8.00-9.00 sec 67.5 MBytes 566 Mbits/sec 0 621 KBytes
[ 5] 9.00-10.00 sec 68.8 MBytes 577 Mbits/sec 2 510 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 683 MBytes 573 Mbits/sec 276 sender
[ 5] 0.00-10.00 sec 680 MBytes 571 Mbits/sec receiverSo I can confirm that the APU1 with older core and older NIC can achieve 571 Mbits downstream.
This is OPNsense latest version 20.7.
I am connecting from a GNU/Linux laptop using an RJ-45 wire and IPv4.
OPNsense is connected to the fiber router with and RJ-45 wire and IPv4 with NAT.
iperf3 also has an option to using multiple connection streams, which is -P 2 for two cores :
Code: [Select]
iperf3 -P 2 -p 9222 -c bouygues.iperf.fr
Connecting to host bouygues.iperf.fr, port 9222
[ 5] local 10.90.20.1 port 38612 connected to 89.84.1.222 port 9222
[ 7] local 10.90.20.1 port 38614 connected to 89.84.1.222 port 9222
^[[A[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 25.4 MBytes 213 Mbits/sec 12 229 KBytes
[ 7] 0.00-1.00 sec 46.0 MBytes 386 Mbits/sec 64 318 KBytes
[SUM] 0.00-1.00 sec 71.3 MBytes 598 Mbits/sec 76
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 1.00-2.00 sec 31.0 MBytes 260 Mbits/sec 0 314 KBytes
[ 7] 1.00-2.00 sec 37.2 MBytes 312 Mbits/sec 2 279 KBytes
[SUM] 1.00-2.00 sec 68.2 MBytes 572 Mbits/sec 2
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 2.00-3.00 sec 37.0 MBytes 311 Mbits/sec 1 290 KBytes
[ 7] 2.00-3.00 sec 32.3 MBytes 271 Mbits/sec 1 263 KBytes
[SUM] 2.00-3.00 sec 69.3 MBytes 582 Mbits/sec 2
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 3.00-4.00 sec 34.8 MBytes 292 Mbits/sec 1 263 KBytes
[ 7] 3.00-4.00 sec 31.9 MBytes 268 Mbits/sec 1 245 KBytes
[SUM] 3.00-4.00 sec 66.7 MBytes 560 Mbits/sec 2
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 4.00-5.00 sec 34.2 MBytes 287 Mbits/sec 0 348 KBytes
[ 7] 4.00-5.00 sec 33.4 MBytes 280 Mbits/sec 1 239 KBytes
[SUM] 4.00-5.00 sec 67.6 MBytes 567 Mbits/sec 1
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 5.00-6.00 sec 39.6 MBytes 333 Mbits/sec 1 307 KBytes
[ 7] 5.00-6.00 sec 28.5 MBytes 239 Mbits/sec 2 226 KBytes
[SUM] 5.00-6.00 sec 68.1 MBytes 571 Mbits/sec 3
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 6.00-7.00 sec 39.3 MBytes 330 Mbits/sec 0 389 KBytes
[ 7] 6.00-7.00 sec 30.0 MBytes 251 Mbits/sec 0 311 KBytes
[SUM] 6.00-7.00 sec 69.3 MBytes 581 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 7.00-8.00 sec 36.5 MBytes 306 Mbits/sec 1 355 KBytes
[ 7] 7.00-8.00 sec 30.9 MBytes 259 Mbits/sec 1 305 KBytes
[SUM] 7.00-8.00 sec 67.4 MBytes 565 Mbits/sec 2
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 8.00-9.00 sec 36.7 MBytes 308 Mbits/sec 1 329 KBytes
[ 7] 8.00-9.00 sec 32.0 MBytes 268 Mbits/sec 1 293 KBytes
[SUM] 8.00-9.00 sec 68.7 MBytes 577 Mbits/sec 2
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 9.00-10.00 sec 35.2 MBytes 295 Mbits/sec 1 305 KBytes
[ 7] 9.00-10.00 sec 31.9 MBytes 268 Mbits/sec 1 279 KBytes
[SUM] 9.00-10.00 sec 67.1 MBytes 563 Mbits/sec 2
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 350 MBytes 293 Mbits/sec 18 sender
[ 5] 0.00-10.01 sec 348 MBytes 292 Mbits/sec receiver
[ 7] 0.00-10.00 sec 334 MBytes 280 Mbits/sec 74 sender
[ 7] 0.00-10.01 sec 331 MBytes 278 Mbits/sec receiver
[SUM] 0.00-10.00 sec 684 MBytes 574 Mbits/sec 92 sender
[SUM] 0.00-10.01 sec 679 MBytes 569 Mbits/sec receiver
But this gave me the same results (probably a limitation of my hardware NICs ?).IMHO, you should make a test using iperf3 for accurate results.
iperf3 should be running on client, not directly on OPNsense of course.
Edit : iperf3 should be used with -R option to ask the server to send information, otherwize you are testing upload speed. My upload speed is around 600Mbits/s, so I need to retest downloading with -R option.
9
20.7 Legacy Series / Wireguard IPv6 support
« on: August 23, 2020, 11:27:09 pm »
Dear all,
Does OPNSense wireguard support IPv6? The default documentation does tell about IPv6 in Wireguard, only IPv4.
I am planning to use a Roadwarrior scenario. If the client has a public IPv6 assigned by ISP, IPv6 routing may take precedence over IPv4 routing if Wireguard only offers IPv4. Therefore, Wireguard needs to support IPv6.
Do I miss something or IPv6 is needed in Wireguard?
How to configure IPv6 in Wireguard? Can I choose any /64 within my delegated /48 subnet?
Kind regards,
Does OPNSense wireguard support IPv6? The default documentation does tell about IPv6 in Wireguard, only IPv4.
I am planning to use a Roadwarrior scenario. If the client has a public IPv6 assigned by ISP, IPv6 routing may take precedence over IPv4 routing if Wireguard only offers IPv4. Therefore, Wireguard needs to support IPv6.
Do I miss something or IPv6 is needed in Wireguard?
How to configure IPv6 in Wireguard? Can I choose any /64 within my delegated /48 subnet?
Kind regards,
10
19.1 Legacy Series / Re: How to disable "Enable HTTP Strict Transport Security" ?
« on: June 30, 2019, 09:26:36 pm »
It is a fact that I could bypass this "security feature" using another web browser in two minutes. 
Therefore, it cannot qualify as "one of the best security enhancements for websites out there."
It is crap.
The only working solution is X509 client certificate authentication with SSL downgrade protection.
Therefore, it cannot qualify as "one of the best security enhancements for websites out there."
It is crap.
The only working solution is X509 client certificate authentication with SSL downgrade protection.
11
19.1 Legacy Series / Re: How to disable "Enable HTTP Strict Transport Security" ?
« on: June 30, 2019, 07:16:57 pm »
I could connect to the GUI using epiphany-browser in Debian, which does not enforce strict mode.
HTTP strict transport security is not really a security feature, IMHO.
Then I disabled HSTS completely.
Why use something that is unecessary?
HTTP strict transport security is not really a security feature, IMHO.
Then I disabled HSTS completely.
Why use something that is unecessary?
12
19.1 Legacy Series / How to disable "Enable HTTP Strict Transport Security" ? [Fixed]
« on: June 30, 2019, 06:25:15 pm »
Dear friends,
My OPNsense firewall is stuck because I enabled HSTS (HTTP Strict Transport Security) from the GUI without a valid certificate. This is a nice security feature, and I tried to modify Chromium and Firefox settings to bypass HSTS, without success. Therefore I no longer have access to the administration GUI of OPNsense.
I still have SSH access to the firewall. How can disable HSTS from the command line? Is there a way to reload the firewall on port 80? Any solution would suit me. Is there a way to use configd to reset this setting?
Kind regards,
French Fries
My OPNsense firewall is stuck because I enabled HSTS (HTTP Strict Transport Security) from the GUI without a valid certificate. This is a nice security feature, and I tried to modify Chromium and Firefox settings to bypass HSTS, without success. Therefore I no longer have access to the administration GUI of OPNsense.
I still have SSH access to the firewall. How can disable HSTS from the command line? Is there a way to reload the firewall on port 80? Any solution would suit me. Is there a way to use configd to reset this setting?
Kind regards,
French Fries
13
General Discussion / Disabling OPNsense web GUI and configd daemons
« on: May 26, 2019, 03:53:44 pm »
Hello,
I am currently using OpenBSD as a firewall, as the attack surface is really small. I am considering moving to OPNsense ...
After configuring OPNsense, I would like to disable the web interface and config daemons from SSH console (preferably using the text prompt). When I need to modify the configuration, I only need to logon the serial/ssh console and enable web GUI and configd again. How can I do that ?
On modern switches with a UI, you only use the UI during configuration, then you disable it.
Does it sound like a reasonable feature to add on the To-do list?
Kind regards,
French Fries
I am currently using OpenBSD as a firewall, as the attack surface is really small. I am considering moving to OPNsense ...
After configuring OPNsense, I would like to disable the web interface and config daemons from SSH console (preferably using the text prompt). When I need to modify the configuration, I only need to logon the serial/ssh console and enable web GUI and configd again. How can I do that ?
On modern switches with a UI, you only use the UI during configuration, then you disable it.
Does it sound like a reasonable feature to add on the To-do list?
Kind regards,
French Fries
Pages: [1]