Topics

1

19.7 Legacy Series / Power off does not always work and reboots instead

« on: March 21, 2020, 11:08:14 am »

Hi all,

Any idea what might be causing this? In about 50% of the tries, power off actually reboots the Qotom box.
Any logs I can examine?

2

General Discussion / Policy based routing: what are the options?

« on: July 30, 2018, 11:36:21 am »

Hi,

I've got 2 VPN-tunnels enabled. These are not pulling in or configuring a default route. So the only default route in the table is the one pointing to my ISP.

However, I want to set a next-hop IP (or preferably a next-hop interface), thus policy route, based on the source ip.

Code: [Select]

I.E host 192.168.200.1 => next hop =>  send traffic to VPN_int_1
host 192.168.200.2 => Next hop => sent traffic to VPN_int_2
Traffic not matching those 2 rules will used the default route in the routing table pointing to the ISP. Hence, traffic that has not been matched will no not go to any of the VPN-tunnels.

In Linux there are 2 options for achieving the same thing:

- Mark a packet in the "prerouting" chain and put a second default route in the routing table which will only be used if the packet mark is present
- Bypass the main routing table and set a next hop interface (or ip) in "prerouting".

So both are policy based routing mechanisms. I can't find anything in the documentation that will allow me to do this. Am I missing something?

3

General Discussion / Opnsense prerouting (Policy based routing)?

« on: July 02, 2018, 03:43:01 pm »

Hi!

I've noticed *bsd is a fair bit different than Linux. Normally, for PBR I would use

Code: [Select]

MARK --set-mark 1 as described here https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html.

However, as I understand, no router will not able to act on this type of 'mark' as its not actually something that is set in the ip packet. What kind of actionable items can Opnsense use for a policy based routing decision? Hereby excluding the source and destination address as possible candidates.

I have a Linux router in play that will have to mark the traffic somehow so that Opnsense can route it out of the desired interface.

4

General Discussion / Openconnect throughput

« on: June 20, 2018, 04:48:16 pm »

Dear community

I'm looking to setup Openconnect in client mode. My main router will PBR traffic to the OPNsense router which then encrypts it and sends it on its way to my VPN-provider. I normally know how to get this done technically but I do have a few Q's.

I need about 70 Mbps of net throughput. However, I'm having trouble finding out whether this VPN-flavour is HW-accelerated using AES-NI. I was looking at this board https://www.pcengines.ch/apu2c4.htm. But is this a good choice or should I be looking at more powerful HW?