Messages

1

Zenarmor (Sensei) / Re: Extreme reduction of bandwidth on 100Mbit line

« on: April 24, 2024, 01:23:56 pm »

Hello,

I remotely connected and, since I had no access to the described VM, installed ZenArmor on a working OPNSense install in a slightly less powerful host I had access to:

CPU Model: 12th Gen Intel(R) Core(TM) i7-12700
CPU Score: 1203386
Physical Memory Size: 16.6 GB

On this one, for now, I'm able to apply to ZenArmor free the same customizations I did on the other (no ads, High Control in the Category based tab..........) without any bandwidth limitation side effect.

So, for the moment, I thank you vey much for your help and when I come back to work I'll experiment on settings paying attention to the bandwidth side after every modification.

This way, if the problem arises again, I'll be able to describe which step introduced the problem and provide the logs you asked for.

Thanks you very much again for your support.

2

Zenarmor (Sensei) / Re: Extreme reduction of bandwidth on 100Mbit line

« on: April 24, 2024, 10:32:04 am »

Sure,

I'm away from work for a few days for the holidays but I'll post it ASAP.

Thanks for the help

Best Wishes

3

Zenarmor (Sensei) / Re: Extreme reduction of bandwidth on 100Mbit line

« on: April 18, 2024, 02:03:35 pm »

Hi,

yeah, stopping ZenArmor didn't change the behaviour at all.

Best Regards

4

Zenarmor (Sensei) / Re: Extreme reduction of bandwidth on 100Mbit line

« on: April 17, 2024, 04:39:35 pm »

Thank you for your post, I was aware of the implication.

For test purpose, I didn't mention production anywhere, should be good.

Is someone able to give some advice in order to the performace problem? Didn't experience it with any other product I tested before.

Best regards

5

Zenarmor (Sensei) / Extreme reduction of bandwidth on 100Mbit line

« on: April 17, 2024, 01:45:51 pm »

Hello,

I installed the Zenarmor plugin in a well working VM installation of Opnsense.

The host is the following Windows 11 PC:

- Intel Core i7 12700
- 128 GB RAM
- Intel(R) Ethernet Connection (17) I219-LM
- Micron 3400 NVMe 1TB
- ST2000DM008-2UB02 (actually the VM is installed on this HDD)

The OPNSense VM has a static IP and is performing basic functions:

- acts as Internet gateway for internal network
- a few nat port-forwarding
- traffic shaping for some internal IPs

Following the details of the VM:

- last version (7.0.14) of Virtualbox Hypervisor
- 16 GB RAM
- 500 GB HDD space
- one core (tried 4 core but had only stability problems) assigned to the VM
- two Intel PRO/1000 MT desktop network cards in bridge mode, every card has its internal IP

When there is no ZenArmor i can obtain all the 100Mbit up/down bandwidth.
When ZenArmor (free) is installed (doesn't seem netmap mode matters, I tried all the option) I barely reach 20 MBit in both directions.
This behaviour even stopping / bypassyng ZenArmor.

Uninstalling ZenArmor revert the system to full bandwidth.

If someone could give advice on how to proceed it's be greatly appreciated.

Thanks in advance

6

24.1 Legacy Series / Possible crash of services if more than one core allocated to OPNSense

« on: March 20, 2024, 10:32:36 am »

Hi,

for the first time I dedicated 4 cores to the Virtualbox VM hosting OPNSense (24.1 updated to the last patch).
Before, only one core was available and the system never had problems.

Since the change the system stops working, usually in a few hours; PC having it as GW not connected to Internet, WEB UI not reachable..............only console works.
Tried the shell: even ping doesn't work.
Reverting to one core "solves" the problem.
The functions activated on OPNSense are: NAT with Port Forwarding, an OpenVPN (Legacy, and wasn't used but is active), two rules of traffic shaping.

Tried to give a look at logs from console, didn't notice anything but I'd like some advice where (which logs) to search for answers.
And if someone else experienced similar behaviour .........please let me know.

If further info are needed just drop a line, please.

Thanks in advance

7

24.1 Legacy Series / [SOLVED]Re: Enlarging the max size of a dynamically allocated Opnsense VM

« on: March 15, 2024, 10:24:16 am »

Since I solved the thing using the following steps, could be useful for someone else:

I) From the Hypervisor tools adjust the disk size to what you want
II) Boot opnsense in single-user mode
III) use "gpart show" ---> it should report a corrupt ada0
IV) Fix ada0 with "gpart recover ada0"
V) Now "gpart show" shows a correct ada0 and free space after freebsd-ufs (which in my case has id = 3)
VI) Do the resize of the freebsd partition "gpart resize -i 3 ada0"
VII) "gpart show" shows a resized freebsd-ufs
VIII) "growfs /dev/gpt/rootfs" resize the filesystem
IX) Optional: you can make an "fsck" just to be sure
X) "exit" so the system go in multi-user mode

Best Wishes

8

24.1 Legacy Series / Enlarging the max size of a dynamically allocated Opnsense VM

« on: March 13, 2024, 05:19:09 pm »

Hi,

I have a virtualbox Opnsense VM whose VDI size has been defined as dynamically allocated till a defined max size.

Now I'd like to increase the max size; tried using the CloneVDI program using the option to increase the size but this leads (seen through "gpart show") to a corrupt ada0 GPT.

Could you please give me advices on how to resize it properly?

Thanks in advance

9

20.7 Legacy Series / Re: 20.7.7_1 OpenVPN no longer routing to LAN

« on: January 15, 2021, 09:54:05 am »

Hello, I can say that an OpenVPN configured as in the OPNsense manual works (I could connect and RDP into my remote PC without any problem) also in the last version, I used it yesterday too (you can see my last post for details if needed).

So it must be something specific to your configuration and I think a few more details about it will be needed in order to help you.

Best Wishes

10

20.7 Legacy Series / Re: Feature request: OpenVPN client-to-client config option

« on: September 24, 2020, 04:30:43 pm »

Hello,

is the Inter-client communication checkbox when you configure / edit the OpenVPN server

Best Wishes

11

20.7 Legacy Series / Re: SOLVED: OpenVPN not allowing Internet traffic for client after reboot

« on: September 24, 2020, 12:04:40 pm »

If someone should have the same problem:

I restarted from scratch and configured the OpenVPN server exactly as in the OpnSense guide:

https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

apart from the OTP part that I left out.

This way I got a working VPN, capable of RDPing, for example, with split tunneling.

When I want all traffic to go through the tunnel I simply add

redirect-gateway def1

in the client configuration and the system works that way too (using OpenVPN client 2.5 rc1).

Best Wishes

12

20.7 Legacy Series / Re: OpenVPN not allowing Internet traffic for client after reboot

« on: September 16, 2020, 10:45:45 am »

Hi,

if there had been a request to "attach the logs" I should surely had done that.

Anyway I posted how the system was configured, it's enough to follow the link in the first post of this thread.

That said, thanks anyway for your time.

Best Wishes

13

20.7 Legacy Series / Re: OpenVPN not allowing Internet traffic for client after reboot

« on: September 16, 2020, 09:39:49 am »

Hi,

I only introduced one allow rule for RDP so it shouldn't be the source of any problem.

BTW: The first few times I tried it with the phone it all worked, my phone was externally seen with the address of Opnsense WAN and could surf, so rules should've been fine and nothing has been changed by me since then.

Best Wishes

14

20.7 Legacy Series / Re: OpenVPN not allowing Internet traffic for client after reboot

« on: September 15, 2020, 04:35:27 pm »

Hello, Thanks to you too

I only introduced the rules that allowed me to RDP a PC in the LAN from VPN connected clients (and it works now too).

Regarding the tunnel traffic I relied on the automatic rules that are generated by OpnSense when you check "Redirect Gateway".

Regarding the logs..................something I should focus my attention on?

Thanks in advance

15

20.7 Legacy Series / Re: OpenVPN not allowing Internet traffic for client after reboot

« on: September 15, 2020, 03:28:21 pm »

Hi, thanks for your reply.

I tried already last day but this didn't work.

And also connecting my phone alone doesn't work anymore (it connect, can access internal network through VPN according to the rules I wrote but can't surf if I tunnel all traffic through VPN).

The thing that makes me mad is why did it work on my phone at first and not anymore since nothing changed?

Best wishes