Messages

Hi,

I tried to setup OPNsense 20.1.7 to use ProtonVPN. They don't have guide for OPNsense, but they do have for another one you probably know, so i used this as base.

First adding the certificate and the client, no problem so far, client is up.

Then when come the interface settings, i can't do the same cause it say to add an interface for the OpenVPN connection, but it's not possible to use ip settings on tun interface, so when adding the nat outgoing rule to make all the traffic goes throught the OpenVPN interface instead of some "OP1VPN" tun interface i just set OpenVPN as interface.

At first glance i think it was working, since i get internet access, but when checking for ip and dns leak, i saw my real ip.

After some search, i found that if set this :
Don't pull routes: Un-checked
Don't add/remove routes: Un-checked

Everything is good, no more real ip visible, no dns leak.

So my question is what the implication of leaving "Don't add/remove routes" unchecked ? Does it increase security risk  / decrease anonymity ?

I ask this because they told me i have to check "Don't add/remove routes"...

Thanks by advance

Thanks for the response.

I've found the problem, it's because i was using transparent proxy, since jdownloader just use http/https connection, as you said the agressive character of jdownloader just satured my opnsense instance, but without high memory / cpu usage...

But in the end the transparent proxy was not a good idea, because it's was filtering thing coming from APT for example, and that something i don't want. Since i only want  filtering http/https from firefox, settings proxy in firefox is more logical, i've not other user on my network so transparent is useless in this case.

Hi,

I recently assembled a computer to serve as opnsense firewall. Here is the hardware used :
Motherboard> GIGABYTE GA-A320M-S2H
CPU> AMD Athlon 200 GE
RAM> Corsair Vengeance 2400 Mhz
SSD> Curcial BX500
NIC> Intel i350T2V2
Switch> NETGEAR GS108

Someone on another forum tell me (before i buy) that it's completly overpowered for my usage (1 Gb WAN).

So i setup everything, not a lot of rules, basically allowing any LAN->WAN outgoing, blocking any incoming. VPN client connected to a 10 Gb vps server, and all network traffic routed trhought the VPN.

Unbound use DNSSEC trought DNSCrypt, and all dns traffic is redirect to local opnsense port.

When i download with Firefox, i get max output of my line, so that's good. I can do anything beside, no slowdown of any sort

The problem is when i launch JDownloader. Similar to firefox, i get all of my bandwidth used, but i can no more access to any website with firefox...And i don't understand why. When firefox eat all my bandwith i can continue to browse the web.

I tried to sature the bandwidth with anything else (c++ code, python, wget, torrent), i can always browse the web. It seem it appear just with jdownloader.

I tested on a clean install of opnsense, without dnscrypt/vpn (thinking they overload the cpu), the problem is exactly the same. So why, is my hardware too low for handle this ???

If you need log, screenshot etc...just ask and i will post.

Thanks