Messages

1

General Discussion / How much "scanning" is normal?

« on: April 23, 2024, 01:59:21 am »

Hi guys,

I observe on my firewall log that I am seing permanently random addresses trying to connect to suspicious ports, for instance 22, 23, 2222, 2323, 3389 etc. At some points I get 25 such requests in about 10 minutes of time.

As I believe to have been recently hacked (got an account hijacked), I got rather suspicious.

I am aware that it's normal that we're all exposed over the WAN. But how much is "normal" or acceptabe?

In the meantime I've had my IP changed (my operator left me with the same for about a year now,...), same with the new IP. Also I implemented Geo-Blocking, which works great, at least from what I see in the firewall log.

Trying to run a tight ship now... but wondering whether this is a normal experience or if you'd say nono, you should not see more than 5 a day,... :-)

Thanks.

2

Hardware and Performance / WAN faster than LAN...

« on: September 03, 2021, 12:49:16 pm »

I do have a weird behavior with my Opnsense installation. Here´s the environment:

SW:  OPNsense 21.7.1-amd64
        FreeBSD 12.1-RELEASE-p19-HBSD
        OpenSSL 1.1.1k 25 Mar 2021

HW:  APU4D4 (4xIntel I211AT), 4GB RAM,  AMD Embedded G series GX-412TC, 1 GHz quad Jaguar
        core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB
        L2 cache.

NET:  1gbps Cable WAN connection on IGB1, 1gbps LAN interface on IGB0.

When I connect directly to the modem from the PC, I get close to the 1gbps WAN throughput.

Now the weird thing I do not really understand:

-  PC-Opnsense IPerf3 with 4 parallel streams (best restults) I get around 500mbps max.
-  PC-WAN (Oakla) I get about 650mbps

Not only is of course the WAN performance way below expectation, but the LAN side is even more surprising. How can I get 500mbps on the LAN and 650mbps on WAN, considering I have to go though the same LAN to get to these 650mbps?

BTW, I also tried UDP on the LAN, no chance, rarely above 500mbps (various combinations of parallel streams, reverse testing and bandwidth tested).

Any hints on how I can improve the LAN performance, or maybe even getting the WAN speed up?

Thanks.

3

20.1 Legacy Series / Re: Limit connection by duration

« on: May 12, 2020, 11:03:21 pm »

This was my first attempt too... set this up last week for a few days. Did have issues with redirects that didn´t always work, with SSL, every device (Apple, Android, OSX, Windows) behaved a little different. Also I somehow managed to get the "parents" devices not to go through the captive portal. But I´d assume there must be an easier way. I can restrict times with the schedule and a firewall rule. Is there no way to simply say that each connected client belonging to Alias "Kids" disconnects after 60 Minutes and cannot reconnect until 09:00 the next day?

4

20.1 Legacy Series / Limit connection by duration

« on: May 12, 2020, 08:13:43 pm »

Good day,

I am desperately seeking a possibility to limit the connection by duration. For instance, I´d like to create an alias for all devices of my kids, and limit their usage to xx Minutes per day per device. Or even better, to create users, force them to login and get them a per account daily limit.

Is this something that can be done?

Thanks.

KR, Bruno
#

5

20.7 Legacy Series / Performance Issues LAN

« on: May 02, 2020, 11:24:11 am »

Good day,

am not sure if this is related to the 20.7 Dev Build. I apologize if I´m in the wrong topic.

I have just recently started using Opensense. Got myself a APU4 board from PCEngines. It all runs quite smooth, am certainly not unhappy. Managed to get the firewall and everything to my liking, still battling VPN client issues (OpenVPN to Server). But that´s a different topic ;-)

An issue I am having is with LAN performance. If I do IPERF vs. the router, I get approx. 450mbps for TCP, but I do get 1gbps when using UDP. Have tried both with 5 parallel streams. When I look at the processor load on TCP, I get core 0 running pretty much idle, while 2,3 & 4 are maxed out. Overall Netdata shows me 100% usage.

For WAN I do have 300/30mbps connection, which I do get to the client without problems.

Everything is wired btw.

Any suggestions on how I can improve TCP throughput in the LAN? I specially don´t like slow speeds between NAS and clients...

Thanks.

6

General Discussion / Re: Route one IP over VPN?

« on: April 30, 2020, 01:26:05 am »

This guide was of big help to me, thanks.

One point though:

Step 10, the "floating" rule:

When I put it in like this, all WAN access was blocked. The VPN couldn´t reach its server any more. Then I started to "think" on my own (which can be dangerous, I admit ;-)) and figured that I need to set the source to the Alias of the VPN clients. Then it all worked flawlessly.

Thanks for the big hand !

7

Tutorials and FAQs / Re: HOW TO OpenVPN OPNsense CLIENT DEAD SIMPLE

« on: April 27, 2020, 09:51:16 am »

Good day,

being a "noob" on the subject, and also to OpenSense (I have acquired a APU4 to build a little home firewall, without much knowledge though), I am struggling with this. Though I agree, the process is dead simple :-)

I plan to use the device with static DHCP, blocking for schedule for my kids (check, works), Remote VPN Access with OpenVPN (check, works), FTP Proxy (check, works) and the most complicated thing so far, which I am badly failing at, is OpenVPN client to a provider named "SurfShark". I will need to route 1 or 2 devices through this connection, not the whole network.

Surfshark has a guide for PFSense, which I have tried to follow. Now with yours. And here´s where i get stuck:

Connection is up, but no traffic going over VPN. It even blocks internet traffic at some point when I create the FW rules.

I also tried with the 4 FW rules described in the other guide, but I do not see these 4 auto generated rules...

I have tried things with adding interfaces for OpenVPN, Gateways, etc etc... all no luck.

Any tips would be welcome!

Thanks.