Messages

How do you enable DCO in OPNsense? I do not see any options in the OpenVPN server setup to use DCO.

I'm new to the Opnsense world and I've been able to work my way through setting up Wireguard and Openvpn road warrior setups. I'd like to try and setup an Ipsec connection using ikev2 mschap. I know this is much more complicated. Are there any good guides a newbie can use to set this up?

Thank you

Someone suggested creating a failover LAGG with IX0 as primary and IGC0 as secondary. Will this work with an unmanaged switch? Good idea? Don't both interfaces have to be free to set this up?

I want to change my LAN interface from IGC0 to IX0. How can I do this without losing access to web interface? I have both ports connected to the same switch. If I just change the assignment in SSH shell and then disconnect the IGC0 connection will that work? Really worried about losing web access to interface.

Thank you

Just changed over to a Qotom box with a C3758R processor with QAT. I checked the Hardware accelerator box in OPNSense and rebooted. I don't see any difference in OpenVPN speeds. How can I tell if everything is working correcty? I used the command below if this helps. Thanks in advance


sysctl -a | grep qat
qat0: <Intel c3xxx QuickAssist> mem 0xdf340000-0xdf37ffff,0xdf300000-0xdf33ffff irq 16 at device 0.0 on pci1
qat0: qat_dev0 started 6 acceleration engines
qat0: FW version: 4.18.0
qat0: Excessive clock measure delay
qat_ocf0: <QAT engine>
qat0: <Intel c3xxx QuickAssist> mem 0xdf340000-0xdf37ffff,0xdf300000-0xdf33ffff irq 16 at device 0.0 on pci1
qat0: qat_dev0 started 6 acceleration engines
qat0: FW version: 4.18.0
qat0: Excessive clock measure delay
qat_ocf0: <QAT engine>
irq120: qat0:b0:247 @cpu0(domain0): 0
irq121: qat0:b1:249 @cpu0(domain0): 0
irq122: qat0:b2:251 @cpu0(domain0): 0
irq123: qat0:b3:253 @cpu0(domain0): 0
irq124: qat0:b4:255 @cpu0(domain0): 0
irq125: qat0:b5:257 @cpu0(domain0): 0
irq126: qat0:b6:259 @cpu0(domain0): 0
irq127: qat0:b7:261 @cpu0(domain0): 0
irq128: qat0:b8:263 @cpu0(domain0): 0
irq129: qat0:b9:265 @cpu0(domain0): 0
irq130: qat0:b10:267 @cpu0(domain0): 0
irq131: qat0:b11:269 @cpu0(domain0): 0
irq132: qat0:b12:271 @cpu0(domain0): 0
irq133: qat0:b13:273 @cpu0(domain0): 0
irq134: qat0:b14:275 @cpu0(domain0): 0
irq135: qat0:b15:277 @cpu0(domain0): 0
irq136: qat0:ae:279 @cpu0(domain0): 0
dev.qat_ocf.0.enable: 1
dev.qat_ocf.0.%parent: nexus0
dev.qat_ocf.0.%pnpinfo:
dev.qat_ocf.0.%location:
dev.qat_ocf.0.%driver: qat_ocf
dev.qat_ocf.0.%desc: QAT engine
dev.qat_ocf.%parent:
dev.qat.0.frequency: 685000000
dev.qat.0.cnv_error:
dev.qat.0.fw_counters:
dev.qat.0.mmp_version: 6.0.0
dev.qat.0.hw_version: 17
dev.qat.0.fw_version: 4.18.0
dev.qat.0.heartbeat: 1
dev.qat.0.heartbeat_failed: 0
dev.qat.0.heartbeat_sent: 8
dev.qat.0.dev_cfg: [GENERAL]
dev.qat.0.num_user_processes: 0
dev.qat.0.cfg_mode: ks
dev.qat.0.cfg_services: sym;dc
dev.qat.0.state: up
dev.qat.0.%parent: pci1
dev.qat.0.%pnpinfo: vendor=0x8086 device=0x19e2 subvendor=0x8086 subdevice=0x0000 class=0x0b4000
dev.qat.0.%location: slot=0 function=0 dbsf=pci0:1:0:0
dev.qat.0.%driver: qat
dev.qat.0.%desc: Intel c3xxx QuickAssist
dev.qat.%parent:

Currently running OPNSense on a I7-12650H mini pc. I use a lot of VPN both Wireguard and OpenVPN. I have an opportunity to get a C3758R Qotom system and I'm also upgrading from Centurylink 1 GB service to Google 2/5/8 service. I know the C3758R has QAT 1.7 that supports OpenVPN but not Wireguard.

Is it worth the change to the Qotom system to get the QAT tech? Will OpenVPN with QAT beat Wireguard without QAT?

Thank you