Messages

1

22.7 Legacy Series / Re: No clean shutdown for OPNsense as guest in Hyper-V Server 2022

« on: January 18, 2023, 04:50:09 pm »

Hi, Im running several OPNsenses on 2022 Hyper-V, all have clean shutdowns.

Year ago, they were UFS, now ZFS. In Hyper-V no issues, on physical HW I had some SSD corruption with UFS, thats why I switched to ZFS.

Did you saw shutdown sequence in Hyper-V console?

2

Virtual private networks / wireguard slow download

« on: January 01, 2023, 02:55:25 pm »

Hi,

I have following setup:
Public VM(Server1), Opnsense last version, 400/400 internet connection, Wireguard kmod, NAT from wireguard to WAN.

To Server1 I have connected client (Server2-public VM-Ubuntu) via Wireguard to access internet only via wireguard tunnel (0.0.0.0/0). Server 2 connectivity is 400/400 too.

Both servers are Xeon based (enough performance to encrypt/decrypt), when active on full speed 40% of one core is used.

On both servers running iperf 3 or download from test server "wget https://speed.hetzner.de/10GB.bin" I have full internet connectivity.

When wireguard is active Server2 upload is near full speed(5-10% drop) but download drop is to 2-3MBytes/sec = 16-24MBit/sec.

I start tunning everything to narrow problem for 5days and now Im lost.

I think problem is MTU. Both server WAN is 1500. On both WG 1412 is set as MTU.

Playing with MSS on Server1 on WAN or WG interface - no impact.

Attached is packet capture. My public ip is redacted, 88.198.248.254=speed.hetzner.de, 192.168.4.14=ip wg server2 as described in attached diagram.

diagram


capture_vtnet0-server1-wan


capture_wg0-server1-wg



Packet capture shows that size of TCP packet from test server is 1426, but on first line MSS is sent 1372 (which is correct 1412-40).

After while 662 packets later speed decreases and some black lines appeared, later speed stabilize around 16-24Mbit/sec, which is far too low that upload around 360-380Mbit with WG and 400Mbit download without WG.

Interesting point, that download is ok for UDP (iperf3), but low for TCP (iperf3).

Now Im really out of options what to try next to get download speed back.

Thanks

3

22.7 Legacy Series / Re: OPNSense VLAN and Unifi Switch/AP

« on: December 06, 2022, 04:30:40 pm »

It works for me. There is no settings for that in GUI, experiment with powershell command (in my case):
Set-VMNetworkAdapterVlan -VMName vmname -Trunk -AllowedVlanIdList "30,40" -NativeVlanId 0
Put correct numbers for allowed and native VLANs.

4

Web Proxy Filtering and Caching / Re: HAproxy - Home Assistant - Refresh

« on: December 06, 2022, 04:19:33 pm »

I have home assistant behing HAproxy too. But what you are describing is happening to me even if go directly in LAN to home assistant server bypassing HAproxy.

Probably issue with home assistant based on:
https://community.home-assistant.io/t/home-assistant-portal-keeps-logging-me-out/430427
https://community.home-assistant.io/t/login-page-over-and-over/83522
https://community.home-assistant.io/t/logged-out-on-each-refresh/112801/5

5

General Discussion / Re: acme.sh www.mydomain.com is not an issued domain, skip

« on: October 07, 2022, 06:19:12 pm »

Reported same https://github.com/opnsense/plugins/issues/3154

6

General Discussion / Re: UDP Broadcast Relay

« on: May 21, 2022, 12:50:58 pm »

I found out, that unlike osudpbroadcastrelay udp-proxy-2020 cant forward multicast traffic, so its useless for some of my devices :/ https://github.com/synfinatic/udp-proxy-2020/issues/98

This upnp,ssdp are so crappy protocols...

7

General Discussion / Re: UDP Broadcast Relay

« on: May 21, 2022, 08:50:21 am »

If you copy all files to folders as in archive udp_proxy_2020 will start in 2 instance after reboot, you can check using ps aux | grep udp-proxy-2020 

I have another problem, process probably start before interfaces and in my case VLANs are initialized, need to postpone it little bit or setup service dependency.

8

General Discussion / Re: UDP Broadcast Relay

« on: May 20, 2022, 09:48:43 pm »

https://file.io/jZtYnHbJkNCI

I have 2 services (UDP ports 1900 and 5353) so files are duplicated. Binary in sbin is from github repo (better not to trust and replace )

Its not perfect, but its ok, running as service even after reboot.

9

General Discussion / Re: UDP Broadcast Relay

« on: May 20, 2022, 08:25:46 pm »

I have to admin, that https://github.com/synfinatic/udp-proxy-2020 is more stable for my tv.

10

General Discussion / Re: UDP Broadcast Relay

« on: May 20, 2022, 08:03:18 pm »

Yes, https://github.com/marjohn56/udpbroadcastrelay/pull/7

Is there a pull requests against the official repo?

11

General Discussion / Re: UDP Broadcast Relay quesiton / Roon

« on: May 06, 2022, 07:47:31 pm »

Ah, using wireguard its more complicated.

https://an0n-r0.medium.com/making-dlna-through-site-to-site-vpn-work-f393629f4ce0
https://www.reddit.com/r/WireGuard/comments/b2x986/multicast_routing_through_wireguard/eiyg7qn/
https://redmine.pfsense.org/issues/11498

so far I did not tried that.

12

General Discussion / Re: UDP Broadcast Relay quesiton / Roon

« on: May 04, 2022, 02:06:53 pm »

From discussion here:
https://community.roonlabs.com/t/roon-server-on-different-vlan-subnet-why-not/138566/12

Try 239.255.255.250 port 9003

Great tool is that https://play.google.com/store/apps/details?id=com.tjjang.upnptool&hl=en&gl=US
in same network it can print upnp messages including IP and port

13

22.1 Legacy Series / Re: [22.1.6][unbound] host overide alias doesn't work

« on: May 04, 2022, 01:54:25 pm »

Its not bug, unbound will process ok, its just counter-intuitive GUI.

As I wrote here https://forum.opnsense.org/index.php?topic=27846.msg135631#msg135631

I have to select Host on top to see alias in bottom?
That's terribly counter intuitive - when I want to find alias, I need to click on 50 hosts if some of them have aliases to be displayed.
When nothing is selected on top, all aliases should be displayed.

14

22.1 Legacy Series / Re: Feature: Backup files from file system

« on: April 28, 2022, 06:24:44 pm »

I understand what you meant, that plugin should provide settings for services. But Adguard as example - you have to replicate all configuration logic in Adguard GUI to generate yaml file.

Maybe better way could be some event in case backup started to plugins subscribed to that event to gather config values to be included in backup file.

15

22.1 Legacy Series / Feature: Backup files from file system

« on: April 27, 2022, 05:21:44 pm »

Hi,

I want to open discussion

There are some plugins/functionalities, which require some specific files on file system (Unbound custom config, Adguard config yaml ....).
Restoring firewall without these is not 100%. It would be beneficial to have in Backup section where there is option to backup RRD etc to have option to select file or folders to be included in backup.xml.
When there is backup requested by button or plugin these files serialized to base64 included in backup.xml will produce 100% consistent backup. Same with restore.

What do you think?