1
22.1 Legacy Series / Re: ddclient invalid reply talking to Namecheap
« on: August 24, 2022, 09:53:10 pm »
Just had to add my domain (not including the subdomain into the username field - than updates are working).
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tutorials and FAQs / Re: LetsEncrypt - Whitelist
« on: July 01, 2022, 05:29:18 pm »
There are still some IPs missing:
3.143.204.187
34.222.98.48
3.143.204.187
34.222.98.48
3
21.7 Legacy Series / Re: Apple Facetime quality more than bad
« on: June 24, 2022, 10:13:17 pm »Firewall: Settings: Advanced: Firewall Optimization: "conservative" option?
Already activated :-/
4
21.7 Legacy Series / Apple Facetime quality more than bad
« on: June 18, 2022, 09:43:53 pm »
Hey!
Ever since I switched to opnsense I can't make Apple Facetime work like it should be. The quality is so bad that people turn of their local wifi and use their slower mobile connections to get at least a steady connection.
Correct me if I'm wrong but Facetime uses STUN to connect the peers 1:1 without the detour to the apple servers. So I tried capture packages between a Macbook and an iPhone to see if this is working and in my opinion it's not?!
Can someone give me some hints how to solve this problem? The tcpdump looks like this:
10.20.10.25 is the IP of the macbook (inside vlan10, connected to a tp-link eap 660)
178.117.134.62 is the IP of an iPhone 12 which is connected to mobile internet
Perhaps someone else got this problem. There shouldn't be a bandwith related problem since the connection is 300/50 and is operating normal.
Thank you!
Edit:
Also when the connection is established logs are getting flooded which you can see in the attached screenshot.
Ever since I switched to opnsense I can't make Apple Facetime work like it should be. The quality is so bad that people turn of their local wifi and use their slower mobile connections to get at least a steady connection.
Correct me if I'm wrong but Facetime uses STUN to connect the peers 1:1 without the detour to the apple servers. So I tried capture packages between a Macbook and an iPhone to see if this is working and in my opinion it's not?!
Can someone give me some hints how to solve this problem? The tcpdump looks like this:
10.20.10.25 is the IP of the macbook (inside vlan10, connected to a tp-link eap 660)
178.117.134.62 is the IP of an iPhone 12 which is connected to mobile internet
Code: [Select]
ohne@MBA-OH ~ % tcpdump -i en0 -v -n host 178.117.134.62
tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:28:24.728435 IP (tos 0x0, ttl 64, id 9369, offset 0, flags [none], proto UDP (17), length 100)
10.20.10.25.16395 > 178.117.134.62.16394: UDP, length 72
21:28:24.949980 IP (tos 0x0, ttl 54, id 57326, offset 0, flags [none], proto UDP (17), length 100)
178.117.134.62.16394 > 10.20.10.25.16395: UDP, length 72
21:28:24.949985 IP (tos 0x0, ttl 54, id 42989, offset 0, flags [none], proto UDP (17), length 80)
178.117.134.62.16394 > 10.20.10.25.16395: UDP, length 52
21:28:24.950696 IP (tos 0x0, ttl 64, id 28038, offset 0, flags [none], proto UDP (17), length 104)
10.20.10.25.16395 > 178.117.134.62.16394: UDP, length 76
21:28:24.951390 IP (tos 0x0, ttl 64, id 29369, offset 0, flags [none], proto UDP (17), length 112)
10.20.10.25.16395 > 178.117.134.62.16394: UDP, length 84
21:28:25.009445 IP (tos 0x0, ttl 54, id 56258, offset 0, flags [none], proto UDP (17), length 112)
178.117.134.62.16394 > 10.20.10.25.16395: UDP, length 84
21:28:25.111834 IP (tos 0x0, ttl 54, id 15825, offset 0, flags [none], proto UDP (17), length 247)
178.117.134.62.16394 > 10.20.10.25.16395: UDP, length 219
21:28:25.201225 IP (tos 0x0, ttl 54, id 49286, offset 0, flags [none], proto UDP (17), length 225)
178.117.134.62.16394 > 10.20.10.25.16395: UDP, length 197
21:28:25.265685 IP (tos 0x0, ttl 54, id 4153, offset 0, flags [none], proto UDP (17), length 282)
178.117.134.62.16394 > 10.20.10.25.16395: UDP, length 254
21:28:25.274087 IP (tos 0x0, ttl 54, id 53481, offset 0, flags [none], proto UDP (17), length 487)
178.117.134.62.16394 > 10.20.10.25.16395: UDP, length 459
Perhaps someone else got this problem. There shouldn't be a bandwith related problem since the connection is 300/50 and is operating normal.
Thank you!
Edit:
Also when the connection is established logs are getting flooded which you can see in the attached screenshot.
5
Hardware and Performance / ESXI/vSphere: Slow iPerf3 performance with more than 1 core
« on: January 18, 2022, 04:17:31 pm »
Can anybody give me a hint why on ESXI, but also on Proxmox, iPerf3 speeds are getting more than halved, when using more than one core. Everybody who is facing slow VM(opnSense) - VM/Host performance should give it a try and use only one core for the opnSense VM. This nearly doubles the performance.
Is there a reason?
Host is a i7-8700 with 32GB RAM and around 10 VMs.
opnSense VM got, well 1 core and 2GB RAM
NIC: 1x e1000
ZFS
Tunables + loader.conf.local:
vm.pmap.pti="0"
hw.ibrs_disable="1"
net.inet.tcp.tso="0"
Results with 1 core: 5,88 Gbit's
Results with 4 cores: 1,78 Gbit's
Is there a reason?
Host is a i7-8700 with 32GB RAM and around 10 VMs.
opnSense VM got, well 1 core and 2GB RAM
NIC: 1x e1000
ZFS
Tunables + loader.conf.local:
vm.pmap.pti="0"
hw.ibrs_disable="1"
net.inet.tcp.tso="0"
Results with 1 core: 5,88 Gbit's
Results with 4 cores: 1,78 Gbit's
6
General Discussion / Skype video call drops after 10 seconds
« on: January 03, 2022, 11:44:34 am »
Hey!
Since Skype is quite popular, I can't imagine that this is a common problem so it seems that I have a configuration problem...
Problem:
User 1: Skype on Amazon Echo Show and consumer router/access point
User 2: Skype on iOS/macOS and opnSense (Proxmox KVM) + piHole (LXC) + Ubiquiti AP
Skype video calls can connect just fine, but after 10 seconds the picture freezes and 10-15 seconds skype drops the connection. The error can be reproduced on mac and iOS official skype apps. When User 2 changes the connection to mobile data on the iPhone, calls are working fine and there is no freeze.
Setup:
Opnsense is virtualized on promox.
There is one WAN and one LAN port, WAN is connected to a cable modem which is in bridge mode.
Opnsense gets a public IPv4.
Rules:
Private + bogon blocked on WAN (disabled both - no success)
GeoIP blocked countries on WAN (were disabled - no success)
SPAMhouse Drop + eDrop on WAN (were disabled - no success)
Refelections for NAT: on
Reflections 1:1: off (tried to enable - no success)
Automatic outbound NAT reflection: on
All Skype domains are whitelisted on pihole. (Also Pihole got disabled - no success)
Log:
During the first 10 seconds of the Skype call there are a lot of incoming connections from the IP of User1 which are blocked by the general deny rule.
I installed the UPNP plugin, but it doesn't help ether.
Is there something else I can look into? Video calls via Amazon Alexa App from User 2 to User 1 are working fine. It's only Skype...
Since Skype is quite popular, I can't imagine that this is a common problem so it seems that I have a configuration problem...
Problem:
User 1: Skype on Amazon Echo Show and consumer router/access point
User 2: Skype on iOS/macOS and opnSense (Proxmox KVM) + piHole (LXC) + Ubiquiti AP
Skype video calls can connect just fine, but after 10 seconds the picture freezes and 10-15 seconds skype drops the connection. The error can be reproduced on mac and iOS official skype apps. When User 2 changes the connection to mobile data on the iPhone, calls are working fine and there is no freeze.
Setup:
Opnsense is virtualized on promox.
There is one WAN and one LAN port, WAN is connected to a cable modem which is in bridge mode.
Opnsense gets a public IPv4.
Rules:
Private + bogon blocked on WAN (disabled both - no success)
GeoIP blocked countries on WAN (were disabled - no success)
SPAMhouse Drop + eDrop on WAN (were disabled - no success)
Refelections for NAT: on
Reflections 1:1: off (tried to enable - no success)
Automatic outbound NAT reflection: on
All Skype domains are whitelisted on pihole. (Also Pihole got disabled - no success)
Log:
During the first 10 seconds of the Skype call there are a lot of incoming connections from the IP of User1 which are blocked by the general deny rule.
I installed the UPNP plugin, but it doesn't help ether.
Is there something else I can look into? Video calls via Amazon Alexa App from User 2 to User 1 are working fine. It's only Skype...
Pages: [1]