Topics

I have been running openvpn (legacy now) for the past 2+ years on opnsense with no issues to mention. I have configured it in TAP mode and had two clients connected to my home network remotely. 

After noticing that the openvpn is being migrate to the new openvpn instance version I decided to try and migrate everything to the new version but unfortunately I am unable to make it to work as expected. My clients do get connected to the server but after that I can not ping anything on my home lan network. If I try traceroute on any of my lan ip(s) from a client it shows that it can not find the home lan. It would seem to me that there is not routing info being sent from openvpn server to the clients.

I believe I have copied all the settings, certificates etc correctly to the new openvpn instance and I can see the service is coming up just fine. I have setup the same firewall rules and exported the clients again from the opnsense interface to be sure everything is up to date. I tried numerous different scenarios such as to assign the new ovpns to and interface, enabling that interface and setting firewall rules on that one too, creating a bridge and adding the ovpns interface to it but still nothing.

The only thing I notice that propably is relevant is that under Interface-->Overview the new ovpns is not getting assigned either an "IPv4" address or any "Route" while the old one from the legacy server does. I am guessing here if it does not get assign the proper data then it will not sent them to client later correct?

Does anyone have any clue what it going on here and why the new OpenVPN Instance is working as expected? Did I miss a step somewhere and I should add something to the interface and/or route in order to make it work?

Thanks

Hi all,

I have been running opnsense for almost two years now on a fujitsu futro S920 with 8GB ram and AMD GX-222GC SOC CPU. I know this machine is not the strongest out there but it serve me well on my previous connection which was 200MB/50MB (download/upload). In that setup I was also running Openvpn, wireguard, suricata on wan in ids mode and zenarmor in LAN in ips mode. I have arround 50-60 devices connected to the internet (but most of them are IOT devices). Ok things were not ideal due to one of the nics being a realtek but still I was happy giving the amount of money put to it.

Now I have upgrade to a fiber connection of 1GB/250MB (download/upload) speed. In order to get the most of my router I replaced zenarmor with adguard and make some tweaks on the tunnables of the router. Overall I do not see the cpu gets bottleneck all the time but when I speedtest (from a wired pc directly connected to the router) I only get in the best case scenario ~850MB download. Most of the times my speed is capped at around ~550MB. Not sure if there is something I can do more to get more of my speed, I tried disabling suricata and stopping other services but the result was the same.

So I am thinking to moving to new hardware and migrating everything to a new router. I search online to either a dell/HP/lenovo SFF pc or either a ready made router from aliexpress (with N150 cpu and 16GB ram) but I having trouble figuring out whether the new system will be enough.

My requirements are:
1) Being able to get my full speed 1GB/250MB
2) Run OpenVPN for 2-3 clients (not heavy traffic all the time)
3) Run wireguard for 2-3 clients (not heavy traffic all the time)
4) Have a few VLans configured
5) Enable IPv6 in the near future
and ideally ...
6) Run Suricata in IPS mode in wan
7) Run Zenarmor in IPS mode  in LAN

Is the N150 even close enough to what I want to achieve or I need to stay clear? What is the recommended hardware for my setup? What are your thoughts on the matter?

Thanks

Phanos

Hi I am running the latest OPNSense version on a Fujitsu Futro s920 machine. I am pretty happy with it so far, really stable and efficient, but I was wondering if it is possible to get its power consumption to go lower that it is now.

According to a power wattage meter that I install for this particular case, the power consumption of the machine is fluctuating between 15~25 watts while the router is operating. This is the same either if I am home operating the internet or while I am away.

I have already played around with the options in OPNsense under System-->Settings-- Miscellaneous. If I set the "Power Savings"  to "Maximum" the power consumption goes up. If I set up the mode to "Adaptive" or "Minimum" the power consumption goes down a little and to the level I mention above. At this point I have set it up to "Adaptive" which I believe gives a good balance between efficiency and consumption and I do not think I can gain any more out of this option unless someone can pinpoint something I missed.

What I notice however is that if I plug a monitor on the back of the Fujitsu Futro s920 machine I get video. As I understand this also consumes power and I would like to turn the video off after the router has boot up since this is a headless machine most of the time.

Is this possible in OPNSense? Is there an option/hack that can cause video out to turn off after some time of inactivity like on a desktop computer running a Linux/Windows OS?

Are there any more option/hacks that I did not consider in order to minimize the power consumption of my machine running OPNSense?

Thanks

Phanos

Hi I am running latest OPNSense (OPNsense 23.7.12-amd64) on Fujitsu Futro S920 (2.2 GHz cpu, 8GB rams enough disk space).

Although OPNSense seems to be running smooth I notice that when I push my internet connection to its limits by using an accelerator program like axel (linux) the connection is lost for a few moments and then it connected again. All active connections are lost (VPN, downloading etc) and I have to reconnect - reestablished them

In the system log I see the following

<13>1 2024-01-24T10:50:22+02:00 homerouter.phanosp.com kernel - - [meta sequenceId="1"] <6>re0: watchdog timeout                                                                                            [11/2030]
<13>1 2024-01-24T10:50:22+02:00 homerouter.phanosp.com kernel - - [meta sequenceId="2"] <6>re0: link state changed to DOWN                                                                                           
<13>1 2024-01-24T10:50:23+02:00 homerouter.phanosp.com opnsense 43721 - [meta sequenceId="3"] /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for wan(re0)                                                   
<27>1 2024-01-24T10:50:23+02:00 homerouter.phanosp.com dhclient 42195 - [meta sequenceId="4"] connection closed                                                                                                      
<26>1 2024-01-24T10:50:23+02:00 homerouter.phanosp.com dhclient 42195 - [meta sequenceId="5"] exiting.                                                                                                               
<13>1 2024-01-24T10:50:27+02:00 homerouter.phanosp.com kernel - - [meta sequenceId="6"] <6>re0: link state changed to UP                                                                                             
<13>1 2024-01-24T10:50:27+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="7"] /usr/local/etc/rc.linkup: DEVD: Ethernet attached event for wan(re0)                                                   
<13>1 2024-01-24T10:50:27+02:00 homerouter.phanosp.com dhclient 54160 - [meta sequenceId="8"] New IP Address (re0): 192.168.0.20                                                                                     
<13>1 2024-01-24T10:50:27+02:00 homerouter.phanosp.com dhclient 55125 - [meta sequenceId="9"] New Subnet Mask (re0): 255.255.255.0                                                                                   
<13>1 2024-01-24T10:50:27+02:00 homerouter.phanosp.com dhclient 56353 - [meta sequenceId="10"] New Broadcast Address (re0): 192.168.0.255                                                                            
<13>1 2024-01-24T10:50:27+02:00 homerouter.phanosp.com dhclient 57306 - [meta sequenceId="11"] New Routers (re0): 192.168.0.1                                                                                        
<13>1 2024-01-24T10:50:27+02:00 homerouter.phanosp.com dhclient 58836 - [meta sequenceId="12"] Creating resolv.conf                                                                                                  
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="13"] /usr/local/etc/rc.linkup: ROUTING: entering configure using 'wan'                                                     
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="14"] /usr/local/etc/rc.linkup: ROUTING: configuring inet default gateway on wan                                            
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="15"] /usr/local/etc/rc.linkup: ROUTING: setting inet default route to 192.168.0.1                                          
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="16"] /usr/local/etc/rc.linkup: plugins_configure monitor (,WAN_DHCP)                                                       
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="17"] /usr/local/etc/rc.linkup: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_DHCP))                  
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="18"] /usr/local/etc/rc.linkup: plugins_configure monitor (,WAN_DHCP6)                                                      
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="19"] /usr/local/etc/rc.linkup: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_DHCP6))                 
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="20"] /usr/local/etc/rc.linkup: plugins_configure ipsec (,wan)                                                              
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="21"] /usr/local/etc/rc.linkup: plugins_configure ipsec (execute task : ipsec_configure_do(,wan))                           
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="22"] /usr/local/etc/rc.linkup: plugins_configure dhcp ()                                                                   
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="23"] /usr/local/etc/rc.linkup: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())                              
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="24"] /usr/local/etc/rc.newwanip: IP renewal starting (new: 192.168.0.20, old: 192.168.0.20, interface: wan, device: re0, fo
rce: yes)                                                                                                                                                                                                            
<13>1 2024-01-24T10:50:28+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="25"] /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'                                                   
<13>1 2024-01-24T10:50:29+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="26"] /usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on wan                                          
<13>1 2024-01-24T10:50:29+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="27"] /usr/local/etc/rc.newwanip: ROUTING: keeping inet default route to 192.168.0.1                                        
<13>1 2024-01-24T10:50:29+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="28"] /usr/local/etc/rc.newwanip: plugins_configure monitor (,WAN_DHCP)                                                     <13>1 2024-01-24T10:50:29+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="29"] /usr/local/etc/rc.newwanip: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_DHCP))                
<12>1 2024-01-24T10:50:29+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="30"] /usr/local/etc/rc.linkup: dhcpd_radvd_configure(auto) found no suitable IPv6 address on lan(bridge0)                  
<13>1 2024-01-24T10:50:29+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="31"] /usr/local/etc/rc.linkup: plugins_configure dns ()
<13>1 2024-01-24T10:50:29+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="32"] /usr/local/etc/rc.linkup: plugins_configure dns (execute task : dnsmasq_configure_do())
<13>1 2024-01-24T10:50:29+02:00 homerouter.phanosp.com opnsense 49458 - [meta sequenceId="33"] /usr/local/etc/rc.linkup: plugins_configure dns (execute task : unbound_configure_do())
<13>1 2024-01-24T10:50:31+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="34"] /usr/local/etc/rc.newwanip: plugins_configure vpn (,wan)
<13>1 2024-01-24T10:50:31+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="35"] /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : ipsec_configure_do(,wan))
<13>1 2024-01-24T10:50:31+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="36"] /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : openvpn_configure_do(,wan))
<13>1 2024-01-24T10:50:31+02:00 homerouter.phanosp.com opnsense 59987 - [meta sequenceId="37"] /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
<13>1 2024-01-24T10:50:31+02:00 homerouter.phanosp.com kernel - - [meta sequenceId="38"] <6>ovpns1: link state changed to DOWN

Can someone help me pinpoint the issue and perhaps how to resolved it? Could it a hardware problem or a software issue on the OPNSense side?