Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - nqtuanqtuan

Pages1
#1
General Discussion / Log/graph for bandwidth per rule
June 25, 2024, 11:51:30 AM
Hi folks,

Is there any feature/plugin that allow me to log or create graphs per-rule data usage?

The requirement is that, I have different rules for multiple clients connecting to the Internet. Each client has two rules, one for domestic destinations and the other for international, e.g.
- Client-A to Domestic, how many MB?
- Client-A to International, how many MB?
- Client-B to Domestic, how many MB?
- Client-B to International, how many MB?
- etc.

I don't think the built-in netflow nor ntopng can do it (since they are too detailed into each flow and I can't kind of aggregate the collected data), but I might have missed some feature on them that are yet explored.

Thanks
#2
21.7 Legacy Series / Acme DNS-01 challenge validation fails
December 18, 2021, 09:30:27 AM
Hi folks,

Got a weird issue when renewing LE cert with Acme client 3.4 on OPNsense 21.7.6

I have configured 3 certs as following, all using DNS-01 challenge with CloudFlare API:

    wildcard.example.com (EC-384, SAN *.example.com, example.com)

    wildcard.example.com (RSA-2048, SAN *.example.com, example.com)

    adfs.example.com (RSA-2048, SAN adfs.example.com, certauth.adfs.example.com)

All three certs have been renewed at least once previously, before 21.7.6 upgrade. When that upgrade hit, I had some issue with Acme 3.5 and reverted to 3.4

Today, when I rolled out the new NAS, I want to test out the automation as the cert renewed (I already manually ran automation successfully and this issue is not related). When I pressed renew cert, only the first wildcard worked.

Both the second wildcard cert, and the adfs cert had this log, where Acme could create the TXT record for _acme-challenge successfully the first time. But then, it tried the second time which failed, and concluded the validation failed.

The DNS-01 configuration already had the timeout of 120 seconds - I believe this is the default.

Has anyone encountered the same issue?
#3
Virtual private networks / How many OpenVPN concurrent sessions allowed?
December 01, 2021, 11:03:43 AM
Hi folks,

I have a customer asking how many concurrent OpenVPN sessions the community version of OPNsense would support? If the OPNsense firewalls (HA) are dedicated VPN server.

Is there a reference or calculation based on the specs? For example how many users for 1vCPU virtual OPNsense? 2vCPU? etc.
Pages1