"
so, I'm trying start iperf with udp, (iperf3 -c server.behind.tunnel -u -b 120M) and get 120Mbit\s (of course with losses, its UDP). But I don't understand yet, where do I need to set MSS? In the firewall settings (normalization) or on the gates with GRE? or both (OPNsense with GRE, OPNsense with NAT GRE and Cisco with GRE)?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
24.7, 24.10 Series / Re: GRE over NAT
August 25, 2024, 11:35:30 AM
Good idea. But, it is globally, right? On GRE sites (cisco\opnsense mtu set to 1476)
From here, I have next question - where natting GRE, we decrement MTU?
From here, I have next question - where natting GRE, we decrement MTU?
#3
24.7, 24.10 Series / GRE over NAT
August 25, 2024, 11:07:05 AM
Hello, guys. I really hope that there are experts among you.
I have next setup:
First site:
OPNsense edge gate\fw (ISP public ip, for example 1.1.1.1) (DMZ ip: for example 10.1.1.1)
Cisco Router in DMZ with tunnels (GRE) interfaces: 10.1.1.2
Second site:
OPNsense edge gate\fw (ISP public ip, for example: 2.2.2.2)
I have working GRE tunnel by scheme:
S2 OPNSense -> MyOPNSense -> (NAT GRE) -> Cisco
by this scheme I have ~60-80mbit troughpout
Today, for testing I made GRE tunnel in local network (vm to cisco), and I get over 600mbit!
Maybe, in OPNsense have settings for GRE over NAT? Because it's very strange.
What can bottleneck?
Ex configs:
Cisco:
interface ga0/0 - ip address 10.1.1.2/24 (DMZ)
interface Tunnel2
(GRE) ip address 10.0.91.1/30
(GRE) tunnel source 10.1.1.2
(GRE) tunnel destination 2.2.2.2
S2 OPNsense:
em0 (WAN, public ISP, anyway...) - ip: 2.2.2.2
gre0:
source - 2.2.2.2
destination - 1.1.1.1
gre local 10.0.91.2/30
If need, I can provide more info
And sorry for my bad english
I have next setup:
First site:
OPNsense edge gate\fw (ISP public ip, for example 1.1.1.1) (DMZ ip: for example 10.1.1.1)
Cisco Router in DMZ with tunnels (GRE) interfaces: 10.1.1.2
Second site:
OPNsense edge gate\fw (ISP public ip, for example: 2.2.2.2)
I have working GRE tunnel by scheme:
S2 OPNSense -> MyOPNSense -> (NAT GRE) -> Cisco
by this scheme I have ~60-80mbit troughpout
Today, for testing I made GRE tunnel in local network (vm to cisco), and I get over 600mbit!
Maybe, in OPNsense have settings for GRE over NAT? Because it's very strange.
What can bottleneck?
Ex configs:
Cisco:
interface ga0/0 - ip address 10.1.1.2/24 (DMZ)
interface Tunnel2
(GRE) ip address 10.0.91.1/30
(GRE) tunnel source 10.1.1.2
(GRE) tunnel destination 2.2.2.2
S2 OPNsense:
em0 (WAN, public ISP, anyway...) - ip: 2.2.2.2
gre0:
source - 2.2.2.2
destination - 1.1.1.1
gre local 10.0.91.2/30
If need, I can provide more info
And sorry for my bad english
#4
24.1, 24.4 Legacy Series / NAT Reflection for remote (not directly attached) network
May 20, 2024, 09:57:49 PM
Hello, folks
I see in mans that NAT reflection works only for directly attached networks.
I have next scheme:
OPNsense gate, watching to WAN network and have LAN network (10.1.1.0/24).
Cisco gate, one port attached to 10.1.1.0/24 and hame self networks (172.16.1.0/24 etc)
with nat reflection I perfectly can connect to WAN_IP:80/443 etc from any host 10.1.1.0/24
but from remote local net (ex. 172.16.3.0/24) I cant reach WAN_IP.
What manual rule I must create in outbound NAT?
I see in mans that NAT reflection works only for directly attached networks.
I have next scheme:
OPNsense gate, watching to WAN network and have LAN network (10.1.1.0/24).
Cisco gate, one port attached to 10.1.1.0/24 and hame self networks (172.16.1.0/24 etc)
with nat reflection I perfectly can connect to WAN_IP:80/443 etc from any host 10.1.1.0/24
but from remote local net (ex. 172.16.3.0/24) I cant reach WAN_IP.
What manual rule I must create in outbound NAT?
Pages1
