OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of lewi3069 »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - lewi3069

Pages: [1]
1
19.1 Legacy Series / 19.1 VPN speeds capped at 100Mbs?
« on: February 08, 2019, 04:57:26 pm »
It appears that recent upgrades have VPN speeds capped around 100Mbs. I have tried building OpenVPN and IPSEC tunnels to test. I used to get over 100 on 18.7 versions.

I've tested with 3 sites
Two are VMs and One Bare Metal
All use Intel Nics
One is using vmxnet3 other is e1000
All support AES-NI Core counts are 8@4ghz, 6@2.8ghz, and 4@3.2ghz
Deleted all Traffic shaping that was applied to one FW
Rebooted everything
Main site that is involeved in all testing is on 19.1.1
Secondary sites are 18.7.x and 19.1.1

Main has 400/20
two sites have 1G/1G

OpenVPN
Tried AES-128-CBC and GCM
SHA 256
DH 2048 and 4096
fast-io;
push "fast-io"; (also set on the other end as I'm not sure if push works)
sndbuf 524288;
rcvbuf 524288;
push "sndbuf 524288";
push "rcvbuf 524288"

IPSec
Tried AES128CBC and GCM
SHA1 and SHA 256
Tried no encryption on Phase2

2
18.7 Legacy Series / Renew WAN interface via CMD or API
« on: January 08, 2019, 10:52:25 pm »
I have AT&T gig fiber. Their "awesome" modem doesn't support direct passthrough. So you have to configure IP passthrough to get the public IP on the WAN interface. If we loose power the OPNsense box reboots quicker than the ONT and I don't get a public IP until I reboot OPNsense again. This is an issue for things like remote access VPN. Is there an easy way to force a renew or reboot with the API or over SSH so I can build a reboot or renew script.

3
18.7 Legacy Series / [SOLVED] Alias URL Table limits
« on: January 05, 2019, 09:15:32 pm »
It appears that a Alias using "URL Table (IPs)" has a limit of 13000 lines. Is there anyway to increase this?

I am trying to import a custom block list of IPs that hit/scan my honey pot. My list has grown to roughly 70k IPs and when I looked at my list under Firewall>Diagnostics>pfTables it was empty. After some troubleshooting I found if I only had 13k IPs in the list it would work.

4
18.7 Legacy Series / Seeing a lot of gateway traffic on port 0 for one VLAN
« on: December 18, 2018, 01:51:25 am »
Can anyone help me out and explain?

Images
QRadar Log Data:
https://drive.google.com/open?id=1QvTP_Kl9DaV1NQsq_GHhgFMN-_Nvpn4d
Rules for DMZ Net:
https://drive.google.com/open?id=13HjGT7RhXGK6Bjb9WRuWhDMNJiAaZjbN

5
18.7 Legacy Series / OpenVPN problem deleting temp file
« on: November 30, 2018, 05:39:25 pm »
Has anyone seen this issue?
Code: [Select]
openvpn[79319]: iPhone/166.x.x.x:2349 MULTI: problem deleting temporary file: /tmp/openvpn_cc_78c8c78b55e511e75462b4354891a65d2e.tmp
OPNsense 18.7.8-amd64
FreeBSD 11.1-RELEASE-p15
LibreSSL 2.7.4

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2