Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - litusbdn

Pages1
#1
Virtual private networks / GL.inet - OPNsense Wireguard VPN Slow
June 03, 2023, 05:19:49 PM
Good afternoon,

I have installed a GL.inet Brume 2 / GL-MT2500 router.

According to the manufacturer, in client mode Wireguard can reach speeds of 500mb/s. https://www.gl-inet.com/products/gl-mt2500/


On the other end, I have an Opnsense 23.1.9, installed on a physical server with 128GB Ram, Intel(R) Xeon(R) Silver 4316 CPU @ 2.30GHz (20 cores, 40 threads).

I have managed to configure the wireguard tunnel successfully and there is traffic between the local and remote network.

The main problem is the speed of the tunnel, it barely reaches +-30mb/s over a 1GB/s optical fiber. I have been modifying the MTU's and I can't find the parameter that can increase the speed.

Can you tell me what I can check to optimize the maximum speed?
I need to be able to create tunnels with a minimum speed of 180mb/s approximately.


If you need any extra details, I will be happy to send them to you.


Thank you very much.
#2
21.7 Legacy Series / Problems with vpn road warrior " tls-crypt unwrap error: packet too short "
October 25, 2021, 10:05:08 PM
Good evening,

We have tried to set up a vpn road warrior with OpenVPN, following the OPNSENSE guide. https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

It is not the first time we set up the vpn road warrior, in other occasions we have set it up and it worked without problems, but now we have a problem, we can't connect, according to the logs, it seems something related to encryption.

I attach details of the configuration, and logs obtained in the opnsense and openvpn client.



Firewall OpenVPN Log:


2021-10-25T19:58:14   openvpn[71085]   TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175   
2021-10-25T19:58:14   openvpn[71085]   tls-crypt unwrap error: packet too short   
2021-10-25T19:58:06   openvpn[71085]   TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175   
2021-10-25T19:58:06   openvpn[71085]   tls-crypt unwrap error: packet too short   
2021-10-25T19:58:02   openvpn[71085]   TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175   
2021-10-25T19:58:02   openvpn[71085]   tls-crypt unwrap error: packet too short   
2021-10-25T19:57:59   openvpn[71085]   TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175   
2021-10-25T19:57:59   openvpn[71085]   tls-crypt unwrap error: packet too short


OpenVPN log in road warrior computer:

Mon Oct 25 21:57:53 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Mon Oct 25 21:57:53 2021 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mon Oct 25 21:57:53 2021 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 20 2021
Mon Oct 25 21:57:53 2021 Windows version 10.0 (Windows 10 or greater) 64bit
Mon Oct 25 21:57:53 2021 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Mon Oct 25 21:58:00 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:58:00 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 21:58:00 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:59:01 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 21:59:01 2021 TLS Error: TLS handshake failed
Mon Oct 25 21:59:01 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 21:59:06 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:59:06 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 21:59:06 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:00:06 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 22:00:06 2021 TLS Error: TLS handshake failed
Mon Oct 25 22:00:06 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 22:00:11 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:00:11 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 22:00:11 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:01:11 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 22:01:11 2021 TLS Error: TLS handshake failed
Mon Oct 25 22:01:11 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 22:01:16 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:01:16 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 22:01:16 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194


See attachment .

Thanks,

Carles.

#3
General Discussion / VPN Site2Site Opnsense (Server) & PFsense (cliente)
October 03, 2020, 12:17:30 AM
Hello,

I have created a site2site vpn with my OPNsense (server) and a pfsense as client.

I have already mounted in previous occasions point to point vpn with opensense without problems, but as a pfsense client, I manage to raise successfully the vpn (up), but it doesn't pass traffic (ping, rdp etc.)

I have the feeling that the problem may be in the type of compression that is used.... hep tested several, and still does not work, or even does not connect the VPN .

Can someone tell me which option to use in pfsense and opnsense?


Thank you very much.
#4
General Discussion / IP SEC, there is no traffic between the two networks
October 07, 2019, 02:53:59 PM
Good morning,

I have configured a point-to-point tunnel following this guide:  https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html

The problem is that the vpn tunnel is successfully established, but I have no data traffic between one site (LAN1   192.168.1.x) and the other (LAN 2 192.168.3.X).


Any idea how I can allow traffic?

All Firewall rules (WAN and IPSEC interfaces) are configured on both sides.

I think it's a route problem, but I can't find the solution.


Thanks
#5
General Discussion / Open ports openvpn (Road warrior)
June 07, 2018, 03:02:28 PM
Good afternoon,

On my opnsense device, I have configured a VPN for a user that connects externally. On other occasions, the vpn has worked perfectly for me.

Now I find myself, that I can not connect from outside (It's a new router).

-If I ping the public IP, I get an answer.
-If I realize a telnet to the public ip, with the port 1194, I do not obtain result.

The difference is that this new router has no DMZ, that is, I have to open the ports (NAT) in the router to point to the IP WAN of the opnsense, and the opnsense made a second NAT in the OPNsense device so that can access the local network. If I do it with an RDP protocol, I can connect.

RDP: PUBLIC IP: 9898 ---> (ROUTER) ---> WAN IP OPNSENSE ----> LAN DEVICE - WORKS ---

If I do it with the VPN port, it does not work.

I suspect that the problem lies in the fact that I need to open a port other than 1194.
Can somebody help me?

Thank you.  :D
#6
General Discussion / Ip static in OpenVpn client
March 15, 2018, 09:07:30 AM
Good Morning,
I have an OpenVpn server enabled.

I do not need to assign a specific IP to the clients that connect via road warrior VPN (network 10.10.10.X). Is it possible to do a Mac-IP relationship so that the same computer always gets the same ip from the VPN server?

Thanks
#7
General Discussion / Problems loading a specific webpage
May 25, 2017, 10:22:25 AM
Good Morning,

For some time, when I visited the website of the Catalonian education department, the web does not load correctly, it seems as if some of the images do not load correctly. The problem only appears in a specific page of the department: http://educacio.gencat.cat/portal/page/portal/Educacio/PCentrePrivat/PCPInici#contenido

On an earlier occasion the same thing happened to me, I reinstalled Opnsense and the problem seemed solved, but it has happened again.

I have activated the web proxy, and disabled the cache, but the network in which the computer is located has excluded the pass through the web proxy.

Thanks!
#8
General Discussion / Problems sending emails
March 01, 2017, 12:26:04 PM
Good morning,
I have done a basic installation of Opensense in my office.
I encounter the problem that when I send mails through Outlook, if the mail has an attachment (attachments of less than 2 MB) Outlook will remain loading for 3-4 minutes and finally send the mail.
If the email does not contain attachments, it is sent instantly.
This problem occurs with multiple accounts (Exchange, Imap, and Pop3).

Without opnsense, everything works correctly.

Any idea what it can be?
#9
General Discussion / Clone sd card to a larger one
February 23, 2017, 01:39:25 PM
Good morning,

I have an Opensense installed on an 8GB SD card.
I ran out of space, and I cloned the card to a 32 GB SD.

I use the Win32DiskImager application. I've cloned the card, but it still recognizes the 8 GB. I'm afraid I have to move the size of partitions. With gparted of ubuntu (for its easy graphic environment) it does not recognize the file system. Is there any way to be able to,simple , go from an 8GB card to a 32 GB card?

Thank you so much,

Greetings.
#10
General Discussion / Run shell script
February 16, 2017, 01:42:47 PM
Good afternoon,

I need to install the following script, to achieve the monitoring of my opnsense through "TrueSight Pulse".

I tried to run the script, but I do not go out with the installation.
I find the following message:
bash: No such file or directory

The script is:

curl -fsS -d '{"token":"XXXXXXXXXXXXXXXXXXX"}' -H 'Content-Type: application/json' https://meter.truesight.bmc.com/setup_meter > setup_meter.sh && chmod +x setup_meter.sh && ./setup_meter.sh


Could you help me?

Thanks!


#11
General Discussion / OpnSense Notification List
February 09, 2017, 01:14:29 PM
Good Morning,

I have configured the alerts to be sent by Growl.
The alert test comes to me correctly.

Can someone give me the list of alerts that can be received by growl? (System, Login, etc.)

Is there any option to customize notifications?


Thank you so much.
#12
General Discussion / Windows command line ftp upload
January 24, 2017, 01:42:27 PM
Good morning,

I have replaced my old firewall with an Opnsense firewall.
I run through a script, a massive upload of txt files to an ftp server.

With the old firewall there were no problems running the script.
With Opensense, I find that it creates the txt files, but without content (all white). Reviewing the logs, I find the error: illegal port command.

With filezilla or other ftp clients works correctly. Only occurs via command line
I have created a firewall rule to allow the entire pass from the local server source to the remote FTP server, but I still have the same problem.

Can someone give me an idea how to correct my problem?

Thank you so much!
#13
General Discussion / Problem with Spamhaus rules
January 20, 2017, 06:32:57 PM
Good Morning,
I am trying to apply the antispam functionality with Spamhaus's "drop" and "edrop" listings. Following the docu-wiki, I created the rule on both the Wan interface and the Lan interface.

I keep getting a lot of SPAM (if no apparent improvement).

A spam mail that I have received, I have resolved the IP of the mail domain. With the Ip, I did a search on the Spamhause website, and it appears as a blocked email address in the "DBL" list. In the drop list and edrop does not appear this IP, for this reason, I think it does not block it.

Is there an effective way to stop spam?

Thank you so much.
Pages1