Topics

1

22.7 Legacy Series / OpenVPN Speed

« on: November 22, 2022, 12:42:41 pm »

I have an issue with the openvpn speed.

The speed that the VM where the Opensense is installed can support up to 45Mb/s while when I run via the OpenVPN the speed is capped at 1.5Mb/s

I have tried modifying the tunable, disabling encryption, tinkering with OpenVPN settings.

I am out of ideas on what I can do to make it work. The vm is running on KVM. I also configured all the KVM specific config to expose processor to VM and so on.

2

22.1 Legacy Series / No outgoing connection from the OPNsense vm

« on: June 22, 2022, 02:48:31 am »

I have an OpnSense vm running as transparent bridge firewall.
From the VM passing the bridge I can ping 8.8.8.8.

From the firewall VM I am not able to do that. I have an outgoing rule on WAN interface to allow all outgoing traffic. If ai disable the firewall it works. The web interface is available and it works only outgoing connection fails.

Any ideas what it can be?

I have attached a screen of the WAN rules.

3

21.7 Legacy Series / Getting blocked by the firewall

« on: August 06, 2021, 11:36:08 am »

We are trying to migrate from pfsense to opnsense and I encountered a few issues:
1. My Ip is getting blocked all the time and I am not able to connect to the interface if I don't disable the firewall.
I have created a rule for the IP to be allowed fully but I think is overwritten by the automated generated floating rules.

2. Where can I create a white list for the suricata IDS. On pfsense I can create an alias that I can use on all the services. On suricata I can not find where to add such alias.

3. Where can I clean IP blocked by the different services like virusprot, sshlockout list and so on.

4

20.7 Legacy Series / OpenVPN slow

« on: October 24, 2020, 02:17:41 am »

I have a OpenVpn Server config that is very slow I get transfers of 800Kb/s via the VPN while without the VPN the speed is around 30 Mb/s

The VM is running on KVM.
AES-256-CBC
SHA256

The CPU is an Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (2 cores).

Any ideas on what it can be. I have tried also lower security encryption and different configurations but the speed is the same.

Is there anything that I can do to improve this?

The CPU is at 100%.

5

20.1 Legacy Series / OpenVPN disconnects 2FA

« on: June 18, 2020, 10:02:50 am »

I have the following problem:
I have configured the OpenVPN server with 2FA via Google Authenticator. The problem is that the connexion after some time it drops and because of the 2FA never reconnects back.

On the openvpn site got over an article that says to increase some values of the server:

vpn.server.inactive_expire 99999
vpn.server.session_expire 86400
vpn.server.session_ip_lock false

I am not sure if the variable are correct for Opnsense. I have added the values to advanced configuration but after adding the info is not working anymore. Any suggestions on a config that it will work?

Thanks

6

20.7 Legacy Series / Feature request

« on: June 16, 2020, 06:35:01 am »

In OpenVPN Server config there is an option to add IPv4 Local Network that it will add the IP to the route. Not the only possibility is to use the text field and add the IP's as comma separated. But if you use this and add several IP's it becomes almost impossible to manage. Is there any possibility of adding here an ALIAS as it possible in the firewall config.

It will make the whole process more easy to configure and specially maintain if you have many IPs

Thanks

7

20.1 Legacy Series / Many users for OpenVPN

« on: May 08, 2020, 09:33:30 am »

Hi,

I have 100 users that I need to import and use 2FA and OpenVPN. I have the following problems.

1. I don't want to user Radius or LDAP and want to import the users. Is there any way of doing this? I don't see an API for this and I was thinking to do it with ansible or a basc CSV import.

2. After I have the users I need a simple way of exporting, username, Openvpn file (that contains certificate and connection data) and the QR code image for 2fa. Again I can do this by hand but for 100 users is going to be a pain.

3. Is there a way for example to let the users download this data after they login, without giving access to the rest of the system. If I give them access to the OpenVpn Client Export page will see and can download the profiles of all the users.

I really like OPNsense and Pfsense but the fact that there is not an complete api or any way that can be automated it is making the project more for individual and hobbyist than enterprise.

We want to deploy 20 installs and be able to manage them from scripts (deploying ssh keys, users and firewall rules across all of them) Did somebody used OPNsense like this or for the moment I need to look for some other solution?

Thanks

8

General Discussion / Transparent firewall

« on: April 29, 2018, 10:12:44 pm »

I am trying to setup an filtering bridge following this guide: https://wiki.opnsense.org/manual/how-tos/transparent_bridge.html?highlight=transparent

If i put the ip on the bridge interface nothing works. If I put the ip on the wan interface I can get to the GUi but not to the ip of the server behind the bridge (WAN, LAN).

Not sure why is not working as on an other vmware machine I have the same setup and it works.

I have public IP on the wan and on the servers connected to the bridge.

Any ideas what I am doing wrong?