Messages

Dear friends,

Just want to find out if it is possible to do a site to site tunnel using XTP proto for internal network?
Distance can be very far and would prefer this type of protocol to improve performance on live connections.


Thank you all! What a great experience I have had on OpnSense and a big shout-out to @Gauss23 who been so helpful to the community!

https://en.wikipedia.org/wiki/Xpress_Transport_Protocol

Sorry Gauss I sent you a PM

And good morning to you Gauss

Thats why I was so interested to use L2TP as for my experience it has performed the fastest for me, when set up with a cloud VPC compared to WireGuard.

But I appreciate the WireGuiard security and if this can work it would still do the job.

Sorry my fault i just didnt save it over the file name https://ibb.co/zSqNcV9


I enabled log on wireguard firewall rules

64 bytes from 1.1.1.1: seq=9 ttl=60 time=1.572 ms
^C
--- 1.1.1.1 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 0.921/1.527/2.436 ms
root@OpenWrt:~# ping 10.0.7.1
PING 10.0.7.1 (10.0.7.1): 56 data bytes
^C
--- 10.0.7.1 ping statistics ---
60 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping 10.0.7.20
PING 10.0.7.20 (10.0.7.20): 56 data bytes
64 bytes from 10.0.7.20: seq=0 ttl=64 time=0.079 ms
64 bytes from 10.0.7.20: seq=1 ttl=64 time=0.069 ms
64 bytes from 10.0.7.20: seq=2 ttl=64 time=0.077 ms
64 bytes from 10.0.7.20: seq=3 ttl=64 time=0.064 ms
64 bytes from 10.0.7.20: seq=4 ttl=64 time=0.067 ms
^C
--- 10.0.7.20 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.064/0.071/0.079 ms
root@OpenWrt:~# ping 10.0.7.1
PING 10.0.7.1 (10.0.7.1): 56 data bytes
^C
--- 10.0.7.1 ping statistics ---
37 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~#

I had to then try and ping form my phone as I wouldnt be able to get live log on opnsense and again failed. and this is what cam up on OPNsense
Interface      Time   Source   Destination   Proto   Label   
wan      Oct 22 06:34:09   200.57.249.15:13089   103.145.2.81:445   tcp   Default deny rule   
wan      Oct 22 06:34:02   45.141.58.74:50334   103.145.2.81:37810   udp   Default deny rule   
lan      Oct 22 06:33:53   103.145.2.13:138   103.145.2.127:138   udp   Default deny rule   
wan      Oct 22 06:33:53   103.145.2.13:138   103.145.2.127:138   udp   Default deny rule   
lan      Oct 22 06:33:53   103.145.2.13:138   103.145.2.127:138   udp   Default deny rule   
wan      Oct 22 06:33:53   103.145.2.13:138   103.145.2.127:138   udp   Default deny rule   
lan      Oct 22 06:33:53   10.1.54.65:138   10.1.54.95:138   udp   Default deny rule   
wan      Oct 22 06:33:53   10.1.54.65:138   10.1.54.95:138   udp   Default deny rule   
lan      Oct 22 06:33:53   10.1.54.65:138   10.1.54.95:138   udp   Default deny rule   
wan      Oct 22 06:33:53   10.1.54.65:138   10.1.54.95:138   udp   Default deny rule   
wan      Oct 22 06:33:47   115.75.217.167:62348   103.145.2.81:445   tcp   Default deny rule   
HCM_SG      Oct 22 06:33:44   172.16.29.2:123   162.159.200.1:123   udp   let out anything from firewall host itself   
wan      Oct 22 06:33:44   143.110.154.112:49765   103.145.2.81:8088   tcp   Default deny rule   
wan      Oct 22 06:33:32   103.145.2.81:40519   1.1.1.1:53   udp   let out anything from firewall host itself (force gw)   
wan      Oct 22 06:33:32   103.145.2.81:16786   1.1.1.1:53   udp   let out anything from firewall host itself (force gw)   
wan      Oct 22 06:33:32   103.145.2.81:64351   1.1.1.1:53   udp   let out anything from firewall host itself (force gw)   
HCM_SG      Oct 22 06:33:31   172.16.29.2:123   194.0.5.123:123   udp   let out anything from firewall host itself   
wan      Oct 22 06:33:25   14.102.94.122:60068   103.145.2.81:445   tcp   Default deny rule   
wan      Oct 22 06:33:22   103.151.47.209:53403   103.145.2.81:445   tcp   Default deny rule





Yes i am trying to connect the PS4 via openwrt to a WG server which then has a tunnel to site B  to access the internet. It is essential that UPnP works as I would not know all UPnP port for all games that I have and sometimes the gaming companies dont actually tell you all the ports used.

and this is the nat port forwarding
https://ibb.co/km02pm9

also one area which is dubious in my setup is the Interface, some say you dont need it but some say you do. I have tried both and no luck.

Thanks for looking at the post

I took the a few hours ago. they are the latest

Any chance of manually installing it?

Hi Gauss22, so this is my first attempt to make a network plan for reference. I hope it helps solve the WG issue I am having.

https://ibb.co/ZLx8Hv8
https://ibb.co/x8Ssg1h
https://ibb.co/cvH01Yt

I am not sure under which label i need to check for ICMP in live view, if you could advise I can double check. But for reference the interface on OPNsense shows my home IP which is dynamic and is correct so dont know how it can figure that out if there is not connection at all.

Thanks again.

Thanks for the link, I'll get it done in the morning night time here now.

I had no idea that's what you wanted lol

No worries, were all living in troubled times.

Thanks again maybe worth filling it out and see what happens.

and here is a quick sketch on the network plan

your tone is a bit harsh mate!

If you search you see sooooo many poeple having issues with Wireguard, the implementation could have been much better. I am sure many people would agree, its such a shame because the GUI of opnsense is great! I never had issues with ubuntu and guess what its native on linux maybe thats why its easier, im not going to go down a rabbit hole with it because I have to move on and see what works. My engineer had no idea why WG wasn't working even though we checked everything a million times. But I am a practical man and I cant waste time...

I have managed to get further with softether, now don't know why you are being an ass about it. Forums are a place to help, not to judge...

THE ONLY THING I DIDNT DO COMPLETE before was the log, and to be honest I couldn't figure out how to copy the log for you when the live log kept changing, there is no log download or anything like that.  But you are still judging me for just not posting a log. 


anyway ... bless you, I carry no hard feelings.

Albiet there not being much response I do know there must ba many people wondering how well Softether will work on OPNsense.

OK so now the plan has changed slightly, I am only in bridge mode to OPNsense and not using SE vertual NAT.

I have activated the DHCPv4 on my server. I connect from home WRT - AND I GOT VERY EXCITED

However the traffic is not going through the VPN server in Site 1. I cant load any pages or anything apart that I can see there is a connection.

Am I missing something? in DHCP server I can only add the internal LAN as the gateway but essentially I want it to go through the openVPN connection to SITE B


If anyone has any ideas on this please share. THanks

Hi guys, so my fairy-tale continues....

i have successfully installed and setup softether on OPNsense and I am running an L2TP only server.

My home WRT connects to it fin and manages very good speed obvously as there is no encryption however it doesn't not seems to happily open and close ports for my device to work correctly.

I am using a playstation connected to WRT running a L2TP client on a private network which connects and actually has great speed but my NAT type is 3.
I am running a virtual NAT on SofEther and also have upnp installed on my baremetal server but the ps4 remains strict NAT type 3.

I have done the same setup with ubuntu running softether and it has worked in the past. I think my issue now is a firewall one and as upnp doesnt seem to like softether I am tempted to disable the firewall but too afraid to do that.

I would like to know if I disable FreeBSD firewall stop IPFW would that be the same as disabling OPNsense. I am rather new to this system and moved here as I have heard how robust it is so just some advice would do me well. Is there a way to get UPNP working with softEther (@Franco) as you seem so knowledgeable about upnp and your email is on it too.


Thanks again.