Messages

OK  :D ...

I set the MSS normalization setting in firewall settings to 1380 for the wireguard group and things magically are superfast.

The ping response times and iperf3 times are the same though. Is there a way to see if a packet is indeed being fragmented? I see no drops before or now, so it must be fragmenation right?

BTW, Here is a good article to go by. https://gist.github.com/nitred/f16850ca48c48c79bf422e90ee5b9d95

I checked the max mtu size as via ping as 1392+ 28 = 1420. When I set that, the WAN took a dump and I couldn't connect at all, so I reset it to blank and its working again.

not sure how to test mss.

running

OPNsense 23.7.10_1-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w

Since the upgrade, it takes minutes to show folders on my NAS server. 2 minutes to open up a 11kb pdf file.

I have tried smb v2,3 webdav, used openvpn, wireguard and tailscale to test if it the vpn software itself or the protocol. there is zero packet loss, 32ms ping repsonse.

NAS server works perfectly if in the office. Firewall is basically 0%cpu, state table 485. I'm at a loss.

bump..

any ideas please?

running:

OPNsense 19.7.4_1-amd64
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2s 28 May 2019

I have configured the authoritative and server certificates, user name and cert but when I try to perform the client export i do not see "link to openvpn clients" at the bottom of the page. In addition I see an option "export type" which is not in the documentation.

AM I missing something? see screenshot for info.

Running

OPNsense 19.7.2-amd64
FreeBSD 11.2-RELEASE-p12-HBSD
OpenSSL 1.0.2s 28 May 2019

Converted over from pfsense and have this nagging issue. My home voip phone cisco spa122 used to reconnect fine after a firewall reboot or upgrade. It seems not to be able to do this with opnsense. Not sure if a state table issue, dhcp, etc, but if i reboot the spa122 it connects fine.

Any suggestions?

np

I agree. change destination to WAN address. Attached pic is mine and it works fine. To be on the safe side, delete rule and recreate.

running:
OPNsense 19.7.1-amd64
FreeBSD 11.2-RELEASE-p11-HBSD
OpenSSL 1.0.2s 28 May 2019

I have 3 usernames defined root,admin and john. I was setting up John to use google authentication which works fine. The problem is when I try to edit the username john and click the pencil, it quickly shows john and then the screen changes to the username admin. Very weird.

The only way to circumvent this is to change the username manually to John and then start to edit and save. Editing root or admin works fine.

Can't figure this out.

The health quality graph under reporting is showing no data for zoom levels 20,60 hours and 6 years but shows fine for 77 days.


solved.  had to reset rrd data.

Any chance of re-configuring the plugin to add a link in the reporting section of the dashboard?

thank you.

How do you access the graphs for the collectd plugin?

here is line 8 from the rule

# -- User defined rules
drop ip  any any -> any any (msg:"block russia";  geoip:src,RU ; sid:4294967294; rev:1;)

It seems that a port forward rule for port 80 still hung around after I disabled web proxy. It was redirecting all port 80 traffic to the proxy server 3128 port.

Now web site loading is instantaneous. Boy that was frustrating.... >:(