Messages

1

18.7 Legacy Series / Re: IPSec Phase 1 IPv4 Phase 2 IPv6

« on: August 02, 2018, 09:30:24 am »

All of this is fixed now: https://atelier.aquilenet.fr/projects/services/wiki/Librehosting

2

18.7 Legacy Series / IPSec Phase 1 IPv4 Phase 2 IPv6

« on: July 24, 2018, 01:05:26 am »

Hi,

I'm trying to do something like this:

ServerZZTop ----- FirewallA [OPNSense] o===(IPSEC)===o FirewallB [OpenBSD] ----- Internet

ServerZZTop have a public IPv4/6

Phase 1 Type: IPv4 IKE v1
Phase 2 Type:  ESP IPv4 tunnel
Phase 2 Type:  ESP IPv6 tunnel

Yes I got I phase 2 for an IPv4 tunnel AND another one for an IPv6 tunnel, Strongswan is suposed to work like this(https://www.strongswan.org/testing/testresults/ipv6/net2net-ip6-in-ip4-ikev1/).

1st problem is the following message when I try to modify my phase 1: "There is a Phase 2 using IPv6, you cannot use IPv4".

When I mount the tunnel:

• If I ping from FirewallA to ServerZZTop the IPv4 tunnel is working: I can ping  from Internet ServerZZTop IPv4
• During 5 second after tunnel mounting I can ping  from Internet ServerZZTop IPv6 then the ICMP packet is coming to ServerZZTop but there is only outgoing "ICMP6, neighbor solicitation"  on my  ServerZZTop Interface
• I have to set mtu 1378 to ServerZZTop's interface to make IPv4 work fine
• In FirewallA IPSec logs, I got: "installing route failed: ::/0 via $(FirewallA Default IPv4 Gateway) src $(FirewallA IPv6 Gateway for ServerZZTop) dev pppoe0"

I'm stucked to make the IPv6 Phase2 and I don't understand why I have this message from OPNSense (my 1st problem)

Kind regards

3

Hardware and Performance / Re: qotom i5-5250U

« on: September 09, 2017, 07:29:53 pm »

Here is the dmesg
https://pastebin.aquilenet.fr/?e6af1840b309fa8a#cRsTTwNP7QYgZ88VqE5TXl5iEtGoCZFRiUI7lVo9KJA=

4

Hardware and Performance / Re: qotom i5-5250U

« on: September 09, 2017, 07:24:47 pm »

Hi,

Let's be clear, for me this is the BEST FANLESS HARDWARE FOR OPENSENSE !!!

some iperf gives: Full 1Gbps bandwidth with filtering & nat with less of 20% of one core.

Some bad points:

• Wifi is not working fine with OPNSense order it wthout Wifi or ask to Qotom to build with a compatible one.
  (I have changed it for an Atheros 9280)
• Bios have no ouput on serial port
• Ethernet interfaces are not mapped well: 0-0 1-2 2-3 3-1 (hardware-system)

5

Hardware and Performance / Re: APU2C4 filtering performance + 1Gbps filtering

« on: September 09, 2017, 10:28:06 am »

Hi,

let's follow this topic on "Qotom i5-5250U New".
I've just received it and it's the best fanless hardware for OPNSense I ever had.

Sacha

6

Hardware and Performance / APU2C4 filtering performance + 1Gbps filtering

« on: September 04, 2017, 05:13:08 pm »

Hi gents,

just for your information I tested with iperf the APU2C4 filtering performances:
test is simple: PC1---(lan)---APU---(wan)---PC2
PC2 with "iperf -s" & PC1 with "iperf -c IP(PC2) -i 1 -t 20"
I obtain a downstream of 427Mbps

I'm still looking for a fanless small device which can filter 1Gbps, any idea ?

Regards,
Sacha.

7

General Discussion / Re: Insight: No Data Available

« on: January 20, 2017, 08:10:33 pm »

thanks I'm posting my issue there.

8

16.7 Legacy Series / Re: Netflow Insight shows No Available Data after Upgrade

« on: January 20, 2017, 08:09:21 pm »

Same problem the downgrade didn't solved the issue, still  have no data.

9

General Discussion / Insight: No Data Available

« on: January 20, 2017, 02:18:19 pm »

Hi,

since I added new vlan interfaces, I have no more graph in Insight: No data available !
Restarting services & rebooting didn't correct this bug.
Some ideas around to fix this ?

Regards,
Sacha.