"
So I followed the instructions at https://tailscale.com/kb/1097/install-opnsense#connect, but I'm having an issue with filtering. When I setup the interface I just have an empty interface with no ip settings. The filter doesn't seem to do anything though. If have no filters or a default deny I can still ping everything from the tailscale client on the other side. Am I missing something?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
21.1 Legacy Series / Re: CoDel/Shaper Maxing Out at 750 Mbps?
July 11, 2021, 02:55:06 PM
Tried messing around with the len. Didn't seem to change anything.
#4
21.1 Legacy Series / Re: CoDel/Shaper Maxing Out at 750 Mbps?
July 10, 2021, 02:20:43 PM
I will say this is somewhat interesting. I played around with disabling and enabling different rules and I got a result that is confusing. With the download rule enabled but the upload disabled my download speedtest goes to 860-900/20..... But with download queue disabled and upload enabled I get 750/20.
I'm not really sure I can explain that. So it seems like the upload rules are causing a problem for the download test?
I simplified the rules to just
1) Sequence=1, Interface=WAN, Proto=IP, Source=Any, Dest=<Private IPS>, Src/Dest Port=ANY, Direction=Both, Target=Downstream Regular
2) Sequence=12, Interface=WAN, Proto=IP, Source=<Private IPS>, Dest=Any, Src/Dest Port=ANY, Direction=Both, Target=Upstream Regular
And it limits. If I disable the rule 2 (e.g. upload) I get the normal speed. If I change my upload pipe to 50 Mbps it seems to resolve. But I don't really understand why. And changing my upload pipe to above my true upload speed seems to defeat the purpose. I'm honestly very confused.
I'm not really sure I can explain that. So it seems like the upload rules are causing a problem for the download test?
I simplified the rules to just
1) Sequence=1, Interface=WAN, Proto=IP, Source=Any, Dest=<Private IPS>, Src/Dest Port=ANY, Direction=Both, Target=Downstream Regular
2) Sequence=12, Interface=WAN, Proto=IP, Source=<Private IPS>, Dest=Any, Src/Dest Port=ANY, Direction=Both, Target=Upstream Regular
And it limits. If I disable the rule 2 (e.g. upload) I get the normal speed. If I change my upload pipe to 50 Mbps it seems to resolve. But I don't really understand why. And changing my upload pipe to above my true upload speed seems to defeat the purpose. I'm honestly very confused.
#5
21.1 Legacy Series / Re: CoDel/Shaper Maxing Out at 750 Mbps?
July 10, 2021, 02:15:32 PM
No real difference. With everything disabled I get 900 to 960/20 which is basically what I get with my laptop directly connected. With enabled I get 750/20. I changed download pipe to 1500 and still get about 750/20.
#6
21.1 Legacy Series / CoDel/Shaper Maxing Out at 750 Mbps?
July 10, 2021, 12:20:43 AM
I have a 1000Mbps/20Mbps cable connection. When I connect directly to the modem I am able to get the full speed, so I know the line works. When I run the speed test with my current codel config I max out download at 750Mbps and I can't seem to figure out why.
I have a Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz w/ 16 GB RAM and the following setup....
Everything not marked below is either blank/unchecked/default etc
Pipes:
1) Speed=1000, Units=Mbps, Scheduler=FlowQueue-CoDel "Downstream Pipe"
2) Speed=20, Units=Mbps, Scheduler=FlowQueue-CoDel "Upstream Pipe"
Queues:
1) Pipe=Downstream Pipe, Weight=100, "Downstream Queue - Regular"
2) Pipe=Upstream Pipe, Weight=1, "Upstream Queue - Regular"
3) Pipe=Upstream Pipe, Weight=10, "Upstream Queue - DNS and ACK"
Rules:
1) Sequence=1, Interface=WAN, Proto=IP, Source=Any, Dest=<Private IPS>, Src/Dest Port=ANY, Direction=Both, Target=Downstream Regular
2) Sequence=10, Interface=WAN, Proto=TCP ACK ONLY, Source=<Private IPs>, Dest=ANY, Src/Dest Port=ANY
Direction=Both, Target=Upstream Queue - DNS and ACK
3) Sequence=11, Interface=WAN, Proto=TCP, Source=<Private IPs>, Dest=ANY, Src Port=Any, Dest Port=53
Direction=Both, Target=Upstream Queue - DNS and ACK
1) Sequence=12, Interface=WAN, Proto=IP, Source=<Private IPS>, Dest=Any, Src/Dest Port=ANY, Direction=Both, Target=Upstream Regular
My goal is to have codel setup to stop buffer bloat issues, and also to prioritize ACK and DNS. But I can't figure out why when these are enabled my connection maxes out at 750
I have a Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz w/ 16 GB RAM and the following setup....
Everything not marked below is either blank/unchecked/default etc
Pipes:
1) Speed=1000, Units=Mbps, Scheduler=FlowQueue-CoDel "Downstream Pipe"
2) Speed=20, Units=Mbps, Scheduler=FlowQueue-CoDel "Upstream Pipe"
Queues:
1) Pipe=Downstream Pipe, Weight=100, "Downstream Queue - Regular"
2) Pipe=Upstream Pipe, Weight=1, "Upstream Queue - Regular"
3) Pipe=Upstream Pipe, Weight=10, "Upstream Queue - DNS and ACK"
Rules:
1) Sequence=1, Interface=WAN, Proto=IP, Source=Any, Dest=<Private IPS>, Src/Dest Port=ANY, Direction=Both, Target=Downstream Regular
2) Sequence=10, Interface=WAN, Proto=TCP ACK ONLY, Source=<Private IPs>, Dest=ANY, Src/Dest Port=ANY
Direction=Both, Target=Upstream Queue - DNS and ACK
3) Sequence=11, Interface=WAN, Proto=TCP, Source=<Private IPs>, Dest=ANY, Src Port=Any, Dest Port=53
Direction=Both, Target=Upstream Queue - DNS and ACK
1) Sequence=12, Interface=WAN, Proto=IP, Source=<Private IPS>, Dest=Any, Src/Dest Port=ANY, Direction=Both, Target=Upstream Regular
My goal is to have codel setup to stop buffer bloat issues, and also to prioritize ACK and DNS. But I can't figure out why when these are enabled my connection maxes out at 750
#7
21.1 Legacy Series / Re: Updates Tab Spinning Endlessly After Update to "OPNsense 21.1.7_1-amd64"
June 21, 2021, 10:37:27 PMCode Select
Fatal error: Uncaught Error: Class 'Phalcon\Session\Manager' not found in /usr/local/opnsense/mvc/app/config/services_api.php:67 Stack trace: #0 [internal function]: Closure->{closure}() #1 [internal function]: Phalcon\Di\Service->resolve(NULL, Object(Phalcon\Di\FactoryDefault)) #2 [internal function]: Phalcon\Di->get('session', NULL) #3 [internal function]: Phalcon\Di->getShared('session') #4 /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php(148): Phalcon\Di\Injectable->__get('session') #5 /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php(204): OPNsense\Base\ControllerRoot->doAuth() #6 [internal function]: OPNsense\Base\ApiControllerBase->beforeExecuteRoute(Object(Phalcon\Mvc\Dispatcher)) #7 [internal function]: Phalcon\Dispatcher->dispatch() #8 /usr/local/opnsense/www/api.php(26): Phalcon\Mvc\Application->handle('/api/core/firmw...') #9 {main} thrown in /usr/local/opnsense/mvc/app/config/services_api.php on line 67
Is the error I see in the browser.
#8
21.1 Legacy Series / Updates Tab Spinning Endlessly After Update to "OPNsense 21.1.7_1-amd64"
June 21, 2021, 10:36:47 PM
Title says it all. Just updated and now when I go to the updates tab under firmware it just spins. JQuery is calling "updatestatus" over and over again, with no response. Thoughts? Did updates from the console and it says all is good.
#9
Web Proxy Filtering and Caching / Re: HAProxy chainloading Lua Scripts
June 12, 2021, 06:34:56 PM
Ever solve this? I am struggling with the LUA file. The http-auth lua uses haproxy-lua-http ... which i can't seem to find.
#10
Intrusion Detection and Prevention / IDS/IPS with Dynamic IP and NAT? Ruleset for Port Scans?
June 09, 2021, 11:40:32 PM
So I have been reading up on how to setup Scuricata on my OpnSense box at my house. From what I have read I need to put my WAN IP into the "Home Networks" section. The issue is that mine is a DHCP given address. I can't put a hostname into the field either. Is there an easy way to automatically keep my WAN ip in that list? Thanks.
Also is there rule set for port scans? I have looked through ET Telemetry, Snort VRT, etc. I can't seem to find a pre-made one to detect port scans? Thanks!
Edit: I found that ET Pro has a "scan" but not ET Telemetry, but there is emerging-telemetry
Also is there rule set for port scans? I have looked through ET Telemetry, Snort VRT, etc. I can't seem to find a pre-made one to detect port scans? Thanks!
Edit: I found that ET Pro has a "scan" but not ET Telemetry, but there is emerging-telemetry
#11
21.1 Legacy Series / Firewall Alias "External (Advanced)"?
April 09, 2021, 10:51:09 PM
Anyone know what they are? They seem to be internal aliases, but I can delete them?
Thoughts?
Thoughts?
#12
Intrusion Detection and Prevention / IDS/IPS for Home Not Working
April 09, 2021, 06:11:34 PM
So I figured I would try to get IDS/IPS setup on my home router for fun. Currently I have NO rule sets setup and my network configuration has a cable modem going to the WAN interface and uses NAT to have a single LAN interface with a VLAN 100 (for guests) and untagged for local traffic. A few questions came up....
I followed (https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/)
1) Do I use LAN or WAN in my interface list? If I use the WAN and NAT do I need to add my WAN IP to the list of IPs? If so how can I automate that on changes.
2) It seems like whenever I enable on any of the interfaces that interface becomes completely unresponsive and won't pass any traffic. Thoughts?
Thanks!
I followed (https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/)
1) Do I use LAN or WAN in my interface list? If I use the WAN and NAT do I need to add my WAN IP to the list of IPs? If so how can I automate that on changes.
2) It seems like whenever I enable on any of the interfaces that interface becomes completely unresponsive and won't pass any traffic. Thoughts?
Thanks!
#13
20.7 Legacy Series / Re: PHP Error phpDynDNS.inc
September 18, 2020, 06:39:44 PM
From my reading of the php it's the same pathway for v6 and non v6. It's a single case. I'm using cloudflare non v6.
#14
20.7 Legacy Series / Re: PHP Error phpDynDNS.inc
September 18, 2020, 02:31:42 PM
Getting the same error myself
#15
20.7 Legacy Series / Re: Help w/ FQ-Codel
September 04, 2020, 07:23:29 PM
Seems to have fixed it now. Thanks!
