Topics

1

23.1 Legacy Series / Tailscale working well, but how do I set a rule to force clients thru VPN?

« on: January 31, 2023, 11:00:07 am »

Great work on this release!.

I have been using tailscale as an exit point on a machine inside the firewall but now switched to using the OPNsense instructions on tailscale.com. It is working well - can manage systems inside the firewall and get internet access.
However, I would like to setup a rule that forces any external clients to exit via my wireguard (mullvad) vpn rather than via the WAN. The clients seem to have my external IP address from what I can see.
I know its a basic question but I am going around in circles!.

tdlr- need any client that has come in via TLSCL interface to be able to see internal systems (working) and exit firewall only via VPN.

Many thanks!
 

2

Hardware and Performance / WAN slow with ASROCK J3455B and intel quad nic

« on: August 21, 2018, 04:24:43 pm »

Just joined the opnsense train and having a couple of problems...

I am using 18.7.1_3-amd64 on the ASROVK J3455B board (bare metal), 8GB ram, SSD with an 9Y6138 39Y6137 IBM OEM Intel PRO 1000 PT Quad Port PCIE Server NIC and I am seeing traffic bounce around 40-60% of my normal speed.
(normal = ASUS router before this setup, which gave 80mbs down and 20mbs up)

I use a BT Openreach Modem which has 100full duplex connection, the port connected to it shows 100 full duplex.
The port connected to my wifi ap is running at 1000full duplex. I test the speed using wired and wireless on speedtest.net.

 Hardware CRC    Disable hardware checksum offload
 Hardware TSO    Disable hardware TCP segmentation offload
 Hardware LRO   Disable hardware large receive offload
..are all ticked.
I have disabled VT-d.

The system shows almost 100% idle.

No extra modules are loaded/enabled... just straight out of the box.
To enable it to boot, I had to use:
Set hint.hpet.0.clock = 0
Set hint.ahci.0.msi = 2
Set hint.ahci.1.msi = 2
..and this is now in my Tunables.

I am stumped! anyone have a clue?