Topics

1

19.1 Legacy Series / Sending NetFlow data through encrypted IPSec tunnel

« on: June 26, 2019, 08:15:06 pm »

I wanted to know if it was possible to encrypt NetFlow data from the OPNsense box to an external NetFlow Collector using IPSec ?

For the time being, It looks like NetFlow traffic does not enter into the VPN and thus can't be sent remotely through IPSec.

Do you have any idea how to solve this ?


Sincerely yours.

2

19.1 Legacy Series / Flow export does not seem to work

« on: June 24, 2019, 04:26:21 pm »

It looks like if you are planning to use samplicate to send your flows to a remote NetFlow collector for enhanced analysis, flow is not exported.

Despite some tests using tcpdump on all interfaces to track down traffic sent to the specified host in the config "Destination", nothing seems to be sent to this IP address.

So I am wondering if there is not a bug in the samplicate package or if It has been tested with remote hosts.

Some old posts seem to point in the same direction.
https://forum.opnsense.org/index.php?topic=11755.msg53287#msg53287
https://forum.opnsense.org/index.php?topic=12433.msg57172#msg57172

3

17.7 Legacy Series / Regression with 4G modem on 17.7

« on: October 10, 2017, 06:20:41 pm »

There is a regression with 17.7 where 4G modem (we use Huawei) is no longer detected at boot.
We have been testing both version 17.1 where things are working 90% of the time and with 17.7 where it does not work at all.

The USB device is simply randomly detected during startup.

usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED
usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED
usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED
usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED
usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 3 failed, USB_ERR_STALLED

We will test that with FreeBSD 11 and see how It works.

Will try to follow-up and let you know how It goes.

4

15.1 Legacy Series / WiFi general quality

« on: June 02, 2015, 10:25:41 pm »

Hi,

Just a little info about WiFi testing.
For a start, a little reminder of what I am using as a test hardware :

Code: [Select]

APU1D with Compex WLE200NX a/b/g/n miniPCI express radio card - chipset Atheros AR9280

There are some good news and some quite bad news…

Good news is that beside the interface detection problem, most settings are to be usable beside the "Strict Key Regeneration".

I have been testing 802.11 G, N, A and most of them seem to properly activate corresponding WiFi settings.

The bad news (yes - there is a bad news) is that there is a tremendous packet loss (due to my provider's link with google !!!).

Code: [Select]

--- 8.8.8.8 ping statistics ---
50 packets transmitted, 50 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 11.032/12.233/14.751/1.067 ms

Only thing that I can tell is that at this stage OPNSense is ready to be used in a production environment using wireless devices which is not the case with pfSense AFAICT.

OPNSense works like a charm with 802.11 N

Important settings used :

• Standard > 802.11na
• 802.11g OFDM Protection Mode > Protection mode off
• Channel > 11a/n
• Antenna settings > Default
• Regulatory settings > Default
• Location > Indoor (don't want my brain to be fried yet)
• Mode > Access Point
• Minimum wireless standard > Any
• Allow intra-BSS communication > Ticked
• WPA > Enabled
• WPA Mode > WPA
• WPA Key Management Mode > Pre-Shared Key
• Authentication > Open System Authentication
• WPA Pairwise > Both

Congratulations !