Topics

1

22.1 Legacy Series / Ipsec throughput poor

« on: February 10, 2022, 03:36:47 pm »

Hi folks,

Im facing this behavior with 21.1, 21. 7  and now with 22.1 Series.
I have two OPNSense routers with the same version - 22.1-amd64

1-  Branch office
     vmx0 - Lan interface - 172.20.0.0/24
     vmx1 - Wan Interface - 1.1.1.1

2 - Head office
     vmx0 - Lan interface - 172.50.0.0/24
     vmx1 - Wan Interface - 2.2.2.2


Each one has the same config and are running over Esxi.
When I do transfer files (SCP, CIFS, HTTP) over Ipsec Tunnel - Between networks - 172.50.0.0/24 and 172.20.0.0/24 the network throughput does not pass over 30Mbps.

When I try transfer files From Head office LAN 172.50.0.0/24 to Brach office  1.1.1.1  over WAN interface (Port forward) I got 90Mbps of throughput. The same happen fram Lan Branch office to Head office over WAN.


Could someone has idea about solve it ?

These options already disabled in both devices.
 Hardware CRC
 Hardware TSO
 Hardware LRO
 VLAN Hardware Filtering



Best regards

2

19.7 Legacy Series / L2TP routing

« on: August 15, 2019, 03:19:43 pm »

Hi Folks,

Could someone has ideia how to solve this ?
https://github.com/opnsense/plugins/issues/1422

regards
Carlos

3

19.1 Legacy Series / Nginx Plugin :: Autoblock

« on: June 27, 2019, 12:00:06 am »

Hi folks,

Could someone explain how the autoblock process (from nginx package) works? It seems that we having some problem with it I tried disable it by cron (console) and this is not persistent, after reboot the autoblock crontab entry it is created again.

My system in some hours add 4233 entries.

Regards

Carlos

4

19.1 Legacy Series / Nginx log rotate

« on: June 21, 2019, 06:23:29 pm »

Hi folks,
Could someone explain how is done the Nginx log rotate?
It seems  that tls_handshake.log does not rotating, i my system I need delete it manually, it was 5Gb.

Best regards
Carlos

5

19.1 Legacy Series / OPNSense GUI ACL

« on: June 11, 2019, 07:14:31 pm »

Hi folks, currently I`m trying restrict an user to change somethings by OPNsense GUI.
I have created a new group and select only the items that I would like to allow, in this case ALL less *interfaces* page.

But it seems this does not working as expected, because I can see and change these items.

Does someone has idea if is there any problem with this !?

Best regards


it is below the acl from config.xml

Code: [Select]

<group>
      <name>manager</name>
      <description>Managers</description>
      <gid>2001</gid>
      <priv>page-dashboard-all</priv>
      <priv>page-system-login-logout</priv>
      <priv>page-getserviceproviders</priv>
      <priv>page-getstats</priv>
      <priv>page-dashboard-widgets</priv>
      <priv>page-diagnostics-arptable</priv>
      <priv>page-diagnostics-authentication</priv>
      <priv>page-diagnostics-backup-restore</priv>
      <priv>page-diagnostics-configurationhistory</priv>
      <priv>page-diagnostics-factorydefaults</priv>
      <priv>page-diagnostics-haltsystem</priv>
      <priv>page-diagnostics-limiter-info</priv>
      <priv>page-diagnostics-logs-dhcp</priv>
      <priv>page-diagnostics-logs-firewall-dynamic</priv>
      <priv>page-diagnostics-logs-firewall-plain</priv>
      <priv>page-diagnostics-logs-firewall-summary</priv>
      <priv>page-diagnostics-logs-gateways</priv>
      <priv>page-diagnostics-logs-settings</priv>
      <priv>page-diagnostics-logs-system</priv>
      <priv>page-diagnostics-ndptable</priv>
      <priv>page-diagnostics-netflow</priv>
      <priv>page-diagnostics-networkinsight</priv>
      <priv>page-diagnostics-packetcapture</priv>
      <priv>page-diagnostics-tables</priv>
      <priv>page-diagnostics-pf-info</priv>
      <priv>page-diagnostics-system-pftop</priv>
      <priv>page-diagnostics-ping</priv>
      <priv>page-diagnostics-rebootsystem</priv>
      <priv>page-diagnostics-resetstate</priv>
      <priv>page-diagnostics-routingtables</priv>
      <priv>page-diagnostics-showstates</priv>
      <priv>page-diagnostics-sockets</priv>
      <priv>page-diagnostics-statessummary</priv>
      <priv>page-diagnostics-system-activity</priv>
      <priv>page-diagnostics-health</priv>
      <priv>page-diagnostics-testport</priv>
      <priv>page-diagnostics-traceroute</priv>
      <priv>page-firewall-alias-edit</priv>
      <priv>page-firewall-aliases</priv>
      <priv>page-firewall-nat-1-1</priv>
      <priv>page-firewall-nat-1-1-edit</priv>
      <priv>page-firewall-nat-npt</priv>
      <priv>page-firewall-nat-npt-edit</priv>
      <priv>page-firewall-nat-outbound</priv>
      <priv>page-firewall-nat-outbound-edit</priv>
      <priv>page-firewall-nat-portforward</priv>
      <priv>page-firewall-nat-portforward-edit</priv>
      <priv>page-firewall-scrub</priv>
      <priv>page-firewall-rules</priv>
      <priv>page-firewall-rules-edit</priv>
      <priv>page-firewall-schedules</priv>
      <priv>page-firewall-schedules-edit</priv>
      <priv>page-firewall-trafficshaper</priv>
      <priv>user-proxy-auth</priv>
      <priv>page-services-captiveportal</priv>
      <priv>page-services-dhcprelay</priv>
      <priv>page-services-dhcpserver</priv>
      <priv>page-services-dhcpserver-editstaticmapping</priv>
      <priv>page-services-dhcpv6relay</priv>
      <priv>page-services-dhcpv6server</priv>
      <priv>page-services-dhcpserverv6-editstaticmapping</priv>
      <priv>page-services-opendns</priv>
      <priv>page-services-dnsforwarder-editdomainoverride</priv>
      <priv>page-services-dnsforwarder-edithost</priv>
      <priv>page-diagnostics-logs-dnsmasq</priv>
      <priv>page-services-dnsforwarder</priv>
      <priv>page-services-dynamicdnsclients</priv>
      <priv>page-services-ids</priv>
      <priv>page-services-ntpd</priv>
      <priv>page-services-proxy</priv>
      <priv>page-services-router-advertisements</priv>
      <priv>page-services-dnsresolver-acls</priv>
      <priv>page-services-dnsresolver-advanced</priv>
      <priv>page-services-dnsresolver-editdomainoverride</priv>
      <priv>page-services-dnsresolver-edithost</priv>
      <priv>page-services-dnsresolver</priv>
      <priv>page-diagnostics-logs-resolver</priv>
      <priv>page-status-carp</priv>
      <priv>page-status-dhcpleases</priv>
      <priv>page-status-dhcpv6leases</priv>
      <priv>page-status-habackup</priv>
      <priv>page-status-ipsec</priv>
      <priv>page-status-ipsec-leases</priv>
      <priv>page-status-ipsec-sad</priv>
      <priv>page-status-ipsec-spd</priv>
      <priv>page-status-ntp</priv>
      <priv>page-services-ntp-gps</priv>
      <priv>page-services-ntp-pps</priv>
      <priv>page-status-openvpn</priv>
      <priv>page-status-services</priv>
      <priv>page-status-systemlogs-portalauth</priv>
      <priv>page-status-systemlogs-ppp</priv>
      <priv>page-status-systemlogs-ipsecvpn</priv>
      <priv>page-status-systemlogs-ntpd</priv>
      <priv>page-status-systemlogs-openvpn</priv>
      <priv>page-status-systemlogs-routing</priv>
      <priv>page-status-systemlogs-wireless</priv>
      <priv>page-status-trafficgraph</priv>
      <priv>page-diagnostics-wirelessstatus</priv>
      <priv>page-wizard-system</priv>
      <priv>page-system-advanced-admin</priv>
      <priv>page-system-advanced-firewall</priv>
      <priv>page-system-advanced-misc</priv>
      <priv>page-system-advanced-network</priv>
      <priv>page-system-advanced-sysctl</priv>
      <priv>page-system-authservers</priv>
      <priv>page-system-camanager</priv>
      <priv>page-system-certmanager</priv>
      <priv>page-diagnostics-crash-reporter</priv>
      <priv>page-system-crlmanager</priv>
      <priv>page-system-firmware-manualupdate</priv>
      <priv>page-system-gatewaygroups</priv>
      <priv>page-system-generalsetup</priv>
      <priv>page-system-groupmanager</priv>
      <priv>page-system-groupmanager-addprivs</priv>
      <priv>page-system-hasync</priv>
      <priv>page-system-license</priv>
      <priv>page-system-cron</priv>
      <priv>page-system-staticroutes</priv>
      <priv>page-system-usermanager</priv>
      <priv>page-system-usermanager-addprivs</priv>
      <priv>page-system-usermanager-passwordmg</priv>
      <priv>page-vpn-ipsec</priv>
      <priv>page-vpn-ipsec-editphase1</priv>
      <priv>page-vpn-ipsec-editphase2</priv>
      <priv>page-vpn-ipsec-editkeys</priv>
      <priv>page-vpn-ipsec-mobile</priv>
      <priv>page-vpn-ipsec-listkeys</priv>
      <priv>page-openvpn-client</priv>
      <priv>page-openvpn-client-export</priv>
      <priv>page-openvpn-csc</priv>
      <priv>page-openvpn-server</priv>
      <priv>page-services-monit</priv>
      <priv>page-xmlrpclibrary</priv>
      <member>2001</member>
    </group>

6

19.1 Legacy Series / [SOLVED] Plugins are not able to save - 19.1.5

« on: April 05, 2019, 03:09:39 pm »

Hi folks, after upgrade to 19.1.5, the Nginx, Monit (I will test others) plugins does not "save" the new configs or current config, It seems the save button does not has action.

I already reboot the appliance, clean cache, tested on several devices.


Is there any special procedure after upgrade to 19.1.5 ?

regards

Carlos

7

18.7 Legacy Series / Nginx and LetsEncrypt cert

« on: January 08, 2019, 04:54:29 pm »

Hi folks, is it possible usage letsencrypt plugin with nginx ?
If yes, Is there any documentation !?

Regards
Carlos

8

18.7 Legacy Series / Nginx Plugin :: Log Viewer

« on: December 14, 2018, 11:34:46 am »

Hello @fabian,
I upgrade two appliances to 18.7.9 and I could see that nginx has log viewr (Nice, thanks for it!)

But when I try access any logs, my Browser crash (in both appliances). I supose that is bacuse the size log file.
looking the logs I could see the following.

Code: [Select]

[14-Dec-2018 00:01:31 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522266880 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:02:20 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522290512 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:02:24 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522308872 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:02:42 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522314600 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:02:43 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522314800 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:05:48 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522354280 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:15:23 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522830464 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 08:19:09 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1536664032 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
DO you got similar problem ?

Regards

Carlos

9

18.7 Legacy Series / Nginx Plugin :: Multiple locations

« on: November 28, 2018, 06:46:19 pm »

Hi @fabian,

It seems the locations config has a BUG, but before open a ticket I would like to check it.

I was running the Nginx with a single Location, and it works as expected, now I needed add more 2 Locations, by GUI I can see the config, but nginx.conf does not have these 2 new locations.

I tried add manually these tw new locations into nginx.conf and restart it manually, and it works. It seems that exists any problem in process to generate the neginx.conf.

It its attached some screens and config to try explain better.

-------
Config generated - > https://pastebin.com/8dJVdfG5
Config working with add location manually - > https://pastebin.com/MDkhRFdf

10

18.7 Legacy Series / Nginx Plugin :: WAF Whitelist

« on: November 28, 2018, 03:28:11 pm »

Hi folks, could someone can please instruct howto create a Whistelist Rule/Policy in NGINX WAF plugin!?

In my tests, it seems that whitelist is not interpreted.

Best regards
Carlos

11

18.7 Legacy Series / Nginx Plugin :: WAF

« on: November 23, 2018, 04:04:52 pm »

Hi folks,

   Could someone guide me with Nginx + WAF plugin!!?
   Is it mandatory specify the Custom Security Policy in Location config when using Enable Security Rules option? (WAF).  Im asking because the WAF rules only works when I specified Custom Security Policy, according attached image.

Best regards
Carlos

12

18.7 Legacy Series / Automatic outbound NAT rule does not working

« on: November 08, 2018, 07:50:39 pm »

Hi guys,

It seems that Automatic outbound NAT rule generation does not working as expected.
It works only when I define Manual outbound NAT rule generation and create my rules.

Tested with fresh installation OPNsense 18.7.7 and 18.7.7 versions.

Does someone are facing the same problem ??!

Regards
Carlos

13

18.7 Legacy Series / Backup API Method

« on: September 17, 2018, 03:10:20 pm »

Hi folks, is there anyway to do backup (config.xml) using API functions?!

Best regards
Carlos

14

18.7 Legacy Series / Email notification

« on: September 03, 2018, 05:38:05 pm »

Hi folks, could someone inform in wich events the email notification is used?

I have it configured, but I cannot see option to enable/disble notifications.

I my case, Im trying setup configuration in Ipsec tunnels Status, Gateway Status... Is it possible!?

Regards
Carlos

15

18.7 Legacy Series / Ipsec VPn Error

« on: August 29, 2018, 02:49:04 am »

Hi folks,

Im trying replace some pfSense by OPNSense, but we are facing ipsec problem.
Currently we have a pfSense appliance established IPSEC VPN with Sophos/Cyberoam Vendor.
I just replace my pfSense appliance  by OPNSense with the same identical configs. (it is attached the screen and logs), but IPSEC VPN does not establish connection.
It seems that there is any problem in supported ipsec proposals methods.


Does someone has any idea about fix it?

Best regards

Carlos