Messages

1

20.7 Production Series / Re: After upgrade to 20.7 - hangs during boot

« on: August 04, 2020, 12:18:10 am »

I experience exactly the same problem.
I have to do the following after reboot "Ctrl - c" - [enter] - "exit" - [enter]
Running headless i do it blindfolded 

2

18.7 Legacy Series / Re: Internet Bandwidth can't reach 1Gbps and CPU AES-NI crypto missing on OpenVPN

« on: September 15, 2018, 04:39:57 pm »

Hi Mahesh
I think it can be of interest which NIC is connected to WAN and which is connected LAN.
I don't want to be picky but "no where near to 1Gpbs" is not an exact measure, what are we talking about?
Please note that the NetXtreme II BCM5716 is NOT based on an Intel chipset but rather a chipset from Broadcom.

As many details as possible will get you the best and fastest assistance.

3

Development and Code Review / Re: Testing open connect server ocserv

« on: July 04, 2018, 04:17:30 pm »

In case anybody else is interested...
I have tested the latest version 0.12.1, it now respects the "device = someinterface"-setting in config.
"someinterface" is appended with an incrementing number.

I enabled an openvpn-server with no settings, just to have an interface for firewall rules, then enabled the "connect-script" as per reply #9 in this thread.

For SSL-certificate i used a certificate generated by the Lets Encrypt plugin, everything seems to be working perfectly.
It would be nice if it was implemented as a plugin. I guess it would be possible to use the radius settings already setup in OpnSense then? And backup would be in the normal firewall backup as well.

4

Development and Code Review / Re: Testing open connect server ocserv

« on: June 15, 2018, 07:55:45 am »

I see 0.12.1 has been available on ports for a month.
Testing this has to be a priority of mine for the coming week.
I really hope it can live up to the hype.

5

Development and Code Review / Re: Testing open connect server ocserv

« on: April 26, 2018, 10:55:24 am »

Apparently an updated version of ocserv has been released

Code: [Select]

* Version 0.12.0 (released 2018-04-22)
- Allow DTLS stream to come from different IP from TLS stream.
  There are situations where internet providers send the UDP
  stream from different IP (#61).
- Increased possibilities of allowed combinations of authentication
  methods (#108).
- Corrected regression since 0.11.8 with OTP authentication (#137).
- Added support for hostname-based virtual hosts, utilizing TLS
  SNI. With that change it is possible to configure multiple servers
  running over the same port (#133).
[b]- Rename the tun device on BSD systems which support SIOCSIFNAME
  ioctl.[/b]
- Correctly handle proxy-protocol's health commands. That eliminates
  few connection drops when proxy protocol is in use.
- Corrected crash on certain cases when proxy protocol is in use (#146).
Does  "- Rename the tun device on BSD systems which support SIOCSIFNAME
  ioctl." solve the issues that are preventing ocserv from functioning on OPNsense?

6

18.1 Legacy Series / Re: Has anyone had a problem-free upgrade from OPNsense 17.7.12 to 18.1?

« on: January 31, 2018, 08:51:45 am »

Yes, I upgraded 3 firewalls without a problem, all upgraded via the web interface.

7

17.1 Legacy Series / Re: Packet Loss with IPS

« on: May 07, 2017, 02:13:31 pm »

If you look in "system" -> "log file". Do you see errors about interface(s) going down and up shortly after?

8

15.1 Legacy Series / Re: SIP

« on: October 31, 2015, 10:42:15 am »

Hi Janne
I have experienced exactly the same issues on pfSense.
The solution, in my situation, was very simple. Change System:Settings:Firewall/NAT:Firewall Optimization Options from Normal to Conservative.

Hope this helps.

/Brian