Messages

I know WireGuard in itself is capable of high speeds, but I would like to know why I'm only getting 100/140 in my setup. Is this a limitation of my hardware, or is something wrong.
I'm quite sure that moderate Xeons are much more capable than the GX-424CC, but I'm using this setup as my home router :)

Hey all!

Running OPNsense 20.1.7 on a GX-424CC with 8GB RAM and a dual port Intel i350 ethernet adapter.
My connection is 1000/1000 fiber.
In a speedtest I get around 945 up and down.

A while ago I set up a WireGuard server which works great. The only thing that has been bothering me is the speed.
When connected to my WireGuard server I get around 100 down and 140 up. It does not matter if I am connected to WG on my own network, or from an external network.
Since WG is praised for it's speed, I am kinda disappointed to be honest.

Are these speeds what I should expect from this system or should I be able to reach (much) higher speeds?
I hope someone can help me out here.

I did not have to add rules to the firewall to get this working.

You don't have to setup anything really.
The easiest thing to do is to advertise the PiHole's IP address as DNS server in the DHCP settings of OPNsense (Services: DHCPv4: [LAN]).

If you want to have client hostnames resolved, you have to check the boxes for "Register DHCP leases" and "Register DHCP static mappings" in Services: Unbound DNS: General.
In PiHole's DNS settings I unchecked "Never forward non-FQDNs" and "Never forward reverse lookups for private IP ranges", checked "Use Conditional Forwarding" (fill in IP + local domain name).
I selected Cloudflare as Upstream DNS Servers.

Works like a charm!

Note: I wanted to have PiHole's protection on my mobile devices, connected to my network through WireGuard. Took me a while I had to set PiHole's interface listening behavior to "Listen on all interfaces, permit all origins". If you just select "Listen on all interfaces", it ignores WireGuard clients.

Hope this helps :)

@hlyi

I had the same problem, but my setup is working now.

OPNsense: 192.168.1.1
WireGuard Local: Tunnel Address 192.168.0.1/24
WireGuard Endpoint1: Allowed IPs 192.168.0.2/32

Firewall > Rules > WAN > Add a rule with protocol UDP, Destination port range 'other' 51820
Firewall > NAT > Outbound > Set to Hybrid > Add a rule: Interface WAN, Source address WireGuard net, Translation / target WAN address
Firewall > Rules > WireGuard > Add a rule: Source = Single host or network > 192.168.0.0/24

I restarted WireGuard service and then it worked.

Hope this helps.

Hello all!

A couple of days ago I switched from an Asus AC66u to a Fujitsu S930 thin client running OPNsense 20.1 and it is working perfectly!

I am wondering about something I noticed in the logs.
Under System - Log Files - General I see the following:

Code Select Expand


2020-03-31T16:23:36 dhclient: Creating resolv.conf
2020-03-31T15:53:36 dhclient: Creating resolv.conf
2020-03-31T15:23:36 dhclient: Creating resolv.conf
2020-03-31T14:53:36 dhclient: Creating resolv.conf
2020-03-31T14:23:36 dhclient: Creating resolv.conf
2020-03-31T13:53:35 dhclient: Creating resolv.conf


Every 30 minutes it seems to recreate resolv.conf

resolv.conf contains the following:

Code Select Expand


domain lan
nameserver 127.0.0.1
nameserver 1.1.1.1


Is this normal behaviour or is something wrong?
I never noticed this in the Asus logs.

My connection is a T-Mobile FTTH connection and I use a TP-Link MC220L to convert fiber to ethernet.
In System - Settings - General I have set the DNS to 1.1.1.1
'Allow DNS server list to be overridden by DHCP/PPP on WAN' is unchecked (same result when this option is checked).
All clients use my pi-Hole for DNS resolving.

I'm still a noob, so please be gentle :)