Messages

So, the free servers go up to #158 for NL.

I was able to find a stable server for about 12 hours...so, that gave me a good chance to test and correct. The "stable" server has now gone to 100% packet loss overnight. Was at 0% packet loss yesterday. Anyway...

DNS resolution was causing an issue yesterday for a bit... I tried a couple of firewall rules...but couldn't get that working. So, as long, I manually insert a DNS server (1.1.1.1 or 9.9.9.9 or 10.2.0.1) on the workstation, then resolution is fine. If I add a DNS server (incluing 10.2.0.1) to the static DHCP lease... then it also works.

If leave it defaulted to the router's IP for DNS resolution...then it fails.

Couldn't spend anymore time yesterday to figure it out...but I am sure, I am just missing a small something in the firewall rules.

Getting about a 50% - 80% packet loss on the NL server I picked. No packet loss to any other gateway. Leaning towards the free server being the issue.

@Chrome, I did the proton vpn setup like @koala outlined and it works fine since Proton made the WG configurations available. The only problem that I have (since switching from Proton OpenVPN to WG) is that the OPNsense system updates and bogon ip updates time out. When I stop WG, the updates go through smoothly.

@ckishappy Thanks for the tip. I'll keep that in mind for the next update.

@koloa  WOW! That's a great walk though... the best I've seen for Proton and their WG. My issue was more with the creating of the keys and doing that via the CLI. Once I did that properly, WG connected nicely. The routing part seems to be working just fine, now that I switched to the NL servers.
The CLI command: wg pubkey < private > pub 

was "KEY" for me. :-)

I am having issues more with the server (US ones mainly)...the Netherlands ones seem to work better for me. Having said that, I am on the free account... using the free servers...so, fairly certain that might have something to do with it. Looking to switch over to the paid version.

Thanks so much for the write up... I hope many others can benefit from it.

My 2 issues was creating the keys correctly...and didn't seem to have much luck getting a working connection to a FREE US server... it works MUCH better to a FREE NL server. Haven't tested a JP one yet.

@Koloa Thanks for the direction.

I think I've got the connection with Proton going. I can see the handshake and the status in the WG section of the VPN category. About 5MB received and 10MB sent over the last day or so.

The part I don't think I've got straight is the IPs for the gateway. and the "gotchas" you mentioned in your post.

I do have PIA working with a small subnet of machines being routed via the WG gateway. So, I do have a working example to pull from.

Back to Proton, I've set the gateway IP to 10.2.0.1 in the Gateway -> Single. Was this incorrect? I've tried 10.2.0.2 and 10.2.0.250...none of them seem to work.

When I use 10.2.0.1 the gateway is UP.

Any ideas?

Just wondering if any members have been successful in getting connected to Proton's VPN service using Wireguard with their OPNsense boxes?

They have support currently for PFsense...but make no mention of OPNsense. Surely, OPNsense's userbase would be big enough for them to warrant support?

What's everyone thoughts?

To be honest, the bug is a statistics bug -- not more and not less. This does not affect operation of the card as far as I can tell...

I decided to make a patch and will put it up for review if you can confirm the errors are no longer reported.

https://github.com/opnsense/src/commit/4a788be44e0395

You can try the kernel as follows:

# opnsense-update -zkr 22.7.5-ixgbe
# opnsense-shell reboot


Cheers,
Franco

@Franco - That worked!! Thank you! Here's a snippet:



I agree, its a statistics bug ... nothing more than that. I don't believe it affects performance of the card in anyway.

Thanks Franco.

I believe my issue and the bug you linked to Freebsd are totally related.

I added my comment to the Freebsd link for a cross reference.

I review the DPDK you mentioned... the fix seems to be there.

Hopefully, its included in the next release.

I am using the Mellanox Connectx-3 for now... may switch to the Intel card when this bug gets fixed.

Those settings stayed as default... but here's what they look like:

Booted with FreeBSD 13.1 DVD here's the output of netstat -i log:

Here's the output of a netstat -i log from OPNsense:




Here's the output of a netstat -i log form Ubuntu (enp2s0f0):

The x520 card is supported under the IX driver.

The em0 and igbe NICs (both onboard) work well, with no errors.

I have loaded Windows and Ubuntu on the same setup...and the card seems to work (as it does in OPNsense), granted I don't know how to check if there are "ERRORS IN" on those two OSes...but my poking around didn't turn up anything negative.

So, I am wondering if there is an incompatibility between the X520 chipset, Freebsd and my Aruba S2500 (don't have another switch to check it against).

Or

Just between FreeBSD and the card.... but the card is a popular one for Freebsders, and seem well supported/documented.

Hi there,

Need some help determining what exactly the cause problem is and the solution.

The issue is, when I use a 10G SFP+ connection to my Aurba S2500 for my LAN connection, I get an ever increasing amount of ERRORS IN:




Environment:
Fresh OPNsense install and update to version 22.7.6 (was happening with 22.7.5)
Motherboard - Supermicro X10SLL-F
Tried two different NICs - Genuine Intel X520-DA2 (brand new) and Supermicro AOC-STGN-I2S Rev.2 (X520-DA2 variant), both produce the "ERRORS IN".


I have tried different SFP+s, mixed brands, same result. I have not tried a different cable, only one available now, waiting for a delivery with 2 more.


When I change the card to a Mellanox ConnectX-3 (same SFPs, same cable, same switch) - NO ERRORs


I am using the onboard em0 for the WAN connection (no errors).


Not sure what else is left to try?

Thank you for the explanation on the code changes!

@axsdenied and @franco Thank you both for you help.

Output of:

ifctl -i em0
208.67.222.222
208.67.220.220

and

cat /var/db/dhclient.leases.em0

Also mentions:
208.67.222.222
208.67.220.220

I guess my ISP is issuing OPENDNS servers to my router...doesn't make sense, and didn't happen on my laptop I plugged into my modem...