Messages

1

Hardware and Performance / Re: WireGuard slow? Or... what should I expect?

« on: July 01, 2020, 08:30:13 am »

I know WireGuard in itself is capable of high speeds, but I would like to know why I'm only getting 100/140 in my setup. Is this a limitation of my hardware, or is something wrong.
I'm quite sure that moderate Xeons are much more capable than the GX-424CC, but I'm using this setup as my home router

2

Hardware and Performance / WireGuard slow? Or... what should I expect?

« on: June 30, 2020, 11:51:01 pm »

Hey all!

Running OPNsense 20.1.7 on a GX-424CC with 8GB RAM and a dual port Intel i350 ethernet adapter.
My connection is 1000/1000 fiber.
In a speedtest I get around 945 up and down.

A while ago I set up a WireGuard server which works great. The only thing that has been bothering me is the speed.
When connected to my WireGuard server I get around 100 down and 140 up. It does not matter if I am connected to WG on my own network, or from an external network.
Since WG is praised for it's speed, I am kinda disappointed to be honest.

Are these speeds what I should expect from this system or should I be able to reach (much) higher speeds?
I hope someone can help me out here.

3

General Discussion / Re: Which one to go with for ad blocking and phishing sites

« on: April 16, 2020, 11:41:07 am »

I did not have to add rules to the firewall to get this working.

4

General Discussion / Re: Which one to go with for ad blocking and phishing sites

« on: April 15, 2020, 09:30:39 pm »

You don't have to setup anything really.
The easiest thing to do is to advertise the PiHole's IP address as DNS server in the DHCP settings of OPNsense (Services: DHCPv4: [LAN]).

If you want to have client hostnames resolved, you have to check the boxes for "Register DHCP leases" and "Register DHCP static mappings" in Services: Unbound DNS: General.
In PiHole's DNS settings I unchecked "Never forward non-FQDNs" and "Never forward reverse lookups for private IP ranges", checked "Use Conditional Forwarding" (fill in IP + local domain name).
I selected Cloudflare as Upstream DNS Servers.

Works like a charm!

Note: I wanted to have PiHole's protection on my mobile devices, connected to my network through WireGuard. Took me a while I had to set PiHole's interface listening behavior to "Listen on all interfaces, permit all origins". If you just select "Listen on all interfaces", it ignores WireGuard clients.

Hope this helps

5

20.1 Legacy Series / Re: please help on wireguard

« on: April 02, 2020, 01:09:58 am »

@hlyi

I had the same problem, but my setup is working now.

OPNsense: 192.168.1.1
WireGuard Local: Tunnel Address 192.168.0.1/24
WireGuard Endpoint1: Allowed IPs 192.168.0.2/32

Firewall > Rules > WAN > Add a rule with protocol UDP, Destination port range 'other' 51820
Firewall > NAT > Outbound > Set to Hybrid > Add a rule: Interface WAN, Source address WireGuard net, Translation / target WAN address
Firewall > Rules > WireGuard > Add a rule: Source = Single host or network > 192.168.0.0/24

I restarted WireGuard service and then it worked.

Hope this helps.

6

20.1 Legacy Series / dhclient: Creating resolv.conf

« on: March 31, 2020, 06:11:40 pm »

Hello all!

A couple of days ago I switched from an Asus AC66u to a Fujitsu S930 thin client running OPNsense 20.1 and it is working perfectly!

I am wondering about something I noticed in the logs.
Under System - Log Files - General I see the following:

Code: [Select]

2020-03-31T16:23:36 dhclient: Creating resolv.conf
2020-03-31T15:53:36 dhclient: Creating resolv.conf
2020-03-31T15:23:36 dhclient: Creating resolv.conf
2020-03-31T14:53:36 dhclient: Creating resolv.conf
2020-03-31T14:23:36 dhclient: Creating resolv.conf
2020-03-31T13:53:35 dhclient: Creating resolv.conf

Every 30 minutes it seems to recreate resolv.conf

resolv.conf contains the following:

Code: [Select]

domain lan
nameserver 127.0.0.1
nameserver 1.1.1.1

Is this normal behaviour or is something wrong?
I never noticed this in the Asus logs.

My connection is a T-Mobile FTTH connection and I use a TP-Link MC220L to convert fiber to ethernet.
In System - Settings - General I have set the DNS to 1.1.1.1
'Allow DNS server list to be overridden by DHCP/PPP on WAN' is unchecked (same result when this option is checked).
All clients use my pi-Hole for DNS resolving.

I'm still a noob, so please be gentle