Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - framura

#1
Italian - Italiano / Auguri a tutti
December 24, 2017, 11:25:47 PM
Auguri di Buon Natale e di un felice anno nuovo  :D
#2
Hi,

I am very interested to fireguard protocol as openvpn replacement: I know at this moment there isn't wireguard port on freebsd world.

There is a chance to get it in the near future?

TIA
#3
Hi,

I noted very high cpu usage with my Safari 11 (on OSX) with Dashboard (with traffic graph on it): after some hours I get page with also very slow response.

I use OPN 17.7.5 but also with 17.7.4 I had same problems.

Anyone has same problem?

#4
17.7 Legacy Series / Unable to upgrade from 17.1.11
August 05, 2017, 07:56:01 PM
Hi,

I tried to upgrade but get this error when I try to upgrade (from GUI or from ssh):

Fetching base-17.7-amd64.obsolete: .............................................................opnsense-verify: Unable to open /var/cache/opnsense-update/41418/base-17.7-amd64.obsolete: No such file or directory
failed


Can you help me?

TIA


Note: I use /var and /tmp in memory
Note2: In the log file I found this:

configd.py: [1b18a9de-e07f-4353-8121-ad3ef316fb82] Script action stderr returned "pkg: Repository OPNsense has a wrong packagesite, need to re-create database"


#5
17.1 Legacy Series / Squid and MultiWAN
March 17, 2017, 04:30:56 PM
Hi,

in my configuration I would like to use WebProxy (forward proxy) with a sort of multiwan configuration.

In my opnsense box, I configured VPN clients (3 openvpn clients) and a gateway group with these 3 openvpn connections: until now  I used this group (with some firewall rules) to force the use of vpn group for some LAN clients traffic and all works good.

Now I would like to add also a web proxy (squid) with the above vpn group: so I enabled and configured proxy (not transparent).

I know squid proxy uses, by default, only default gateway (WAN gateway) and in this mode all works good but I want to force to use only vpn group.

So I read many guides about this argument and I tried to use floating rules for http/https ports, I tried also to add "tcp_outgoing_address 127.0.0.1" in squid template but with no success: can you point me on right direction?

Thanks in advance

#6
HI,

I just upgraded from 16.7.14 version and all seems works very well but not firewall rules.

I have some firewall rules (LAN Tab) to force VPN use on my LAN net: with 16.7.14 all works well but with 17.1 (I haven't modify any configuration) same rules doesn't works anymore.

Can you give me some advice?

Thanks in advance

P.S.: Now I reverted to 16.7.14 (Vmware machine) but I will try also with a fresh installation
#7
Hi,

I am using a gateway group with my 3 VPN connections (I use opnsense as Openvpn client): I defined group (all three connections are tier 1) and firewall rules and all works very good but these 3 connections are not really balanced.

One of these is used at 80%, the others two at 10% each (I see these statistics from OpenVPN->Connection Status).

I think this is not normal: can you help me?

TIA
#8
Hi,

From my point of view, Openvpn main problem is mono thread (and mono core) restriction.

I found Softether solution and I read about opnsense package in an old thread: there is any news about softether inclusion on opnsense ( for example GUI)?

THanks in advance
#9
16.7 Legacy Series / OpenVPn (client) and gateway
August 11, 2016, 08:43:52 PM
I reinstalled 16.7.1 version from scratch.

I configured Openvpn client to a VPN provider: VPN connection is established without problems (I used "don't pull route" in the client configuration).

Then I created a new interface (based on opvnc1): at this point Opnsense created a new gateway with 255.255.255.0 as address (from Gateways->Status).

It's normal?

TIA
#10
16.1 Legacy Series / NAT Outbound And VPN
June 21, 2016, 10:25:18 PM
Hi,

I have a problem with NAT Outbound and my VPN configuration.

I setup months ago OpenVPN (client) with my VPN provider and I setup (Firewall-NAT-Outbound) some manual rules like

192.168.2.0/24 on VPN interface (to force VPN on every device on my LAN).

All works very good.

Now I would like to setup an exception: for a specific device, 192.168.2.12 I want to use wan interface and not VPN.

So I added another rule for 192.168.2.12/32, as first rule, but this device uses always VPN interface.

So, where is my mistake?

Thanks for your help.
#11
Hardware and Performance / Openssl performance
March 09, 2016, 11:57:41 PM
Hi,

I tried to verify openssl performance on my OPNSense machine (4 vCPUs on ESXi 6): I compared these results with those obtained on a Ubuntu 15 server machine (2 vCPUs on same host).

I run this command on Ubuntu and OPNSense:

openssl speed -evp aes-128-cbc

and on OPNSense also

openssl speed -evp aes-128-cbc -engine cryptodev

Output obtained shows me no difference between these two commands on OPNSense and a huge difference with Ubuntu:

OPNSense (no cryptodev)
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes        256 bytes       1024 bytes      8192 bytes
aes-128-cbc  46929.27k  165008.10k   662520.67k   3014012.56k   30838620.16k


OPNSEnse (cryptodev)
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes        256 bytes       1024 bytes      8192 bytes
aes-128-cbc  45672.01k  183696.55k   576098.68k   2877417.92k   20640869.03k


Ubuntu 15

The 'numbers' are in 1000s of bytes per second processed.
type                16 bytes        64 bytes       256 bytes      1024 bytes    8192 bytes
aes-128-cbc     209778.60k   321537.47k   386955.43k   406307.21k   413696.00k


Do you have any idea?

Thanks
 
#12
Hi,

yesterday I just installed OPNSense (16.1.5) on a VM inside ESXi 6 host.

I use a Supermicro A1SRM-2758F motherboard, with 16GB RAM and 256 GB SSD: this MB has 4 Ethernet ports (+1 for IPMI), CPU is 2,40Ghz with 8 cores, 6 SATA ports: on this machine I installed VMWare ESXi 6.


At this moment, I installed OPNSense on a VM with 4GB RAM, 16GB disk space (on the SSD), 4 cores, with 2 Ethernet ports, one for LAN traffic and one for WAN traffic (at this moment only IPv4 but I plan to add IPv6): in next few days I will add a second VM, where I will install Ubuntu Server (I will use it as file server with 4 SATA HDDs), with 4 cores and 2 LAN ports.

I will use OPNSense machine as firewall/router, DHCP server (on the LAN side), proxy server, VPN gateway (i.e. OPNSense will be connect to a VPN Provider for encrypt Internet traffic, I don't need VPN on LAN side).

I need some advice on OPNSense:

1) I think 16GB disk space are sufficient (maybe exaggerated), but disk space is not a problem
2) I have some doubt about RAM (4GB) and core's number (4), in particular about VPN traffic: my WAN speed is actually 100Mbps but in near future I will upgrade to 300Mbps and I would like to not slow down Internet speed with VPN.

In the next few days I'll do some performance tests but your suggestions on this configuration are welcome.

Thanks in advance

Alessandro

P.S.: I would like to contribute to OPNSense (many thanks for your product): I will donate but I would also like to participate more concretely, for example with translation (my native language is italian).

#13
Hi,

just installed 16.1.5 as my new OPNSense machine: when I enable proxy service (without any other proxy configuration) I get following error:

Unable to save data, an internal error occurred.
Response from server was:
{"status":401,"message":"Authentication Failed"}

Thanks in advance

Alessandro
#14
16.1 Legacy Series / 16.1.3: Warning when check updates
February 20, 2016, 06:38:16 PM
Hi,

when i check for updates I get following warning:

Warning: stream_socket_client(): unable to connect to unix:///var/run/configd.socket (Connection refused) in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php on line 93


What does it means?

I also submit this problem with crash reporter.

TIA

Alex
#15
Hi,

I am building my new OPNSense machine (based on Supermicro A1srm-2758, with 16GB RAM, SSD and maybe some HDDs): because I have plenty of CPU power and RAM I would like also to install some programs I use regularly as Plex for example.

I know about a firewall it's not a good place where to use others programs (for security, stability and so on) but I would like to have a single machine (in my home) for all my needs.

With PFsense I found Finch (http://dreamcat4.github.io/finch/) to get (in jail) others programs: what do you think?

It's possible with Finch or with some other way?

Thanks in advance

Alessandro
#16
General Discussion / New hardware
January 24, 2016, 11:04:54 AM
Hi,

I would like to change my actual router, an asus rtn16, with an diy machine based on supermicro mb a1srm 2758 (atom cup 8 core) with ssd, 8gb ram.

I need to use it as vpn gateway with my vpn provider: my wan speed is 100mbps.

With my asus router I get only 10 Mbps as wan speed when I use openvpn (router cpu limit) but with supermicro mb (ads-ni, Intel quickassist) I need to know if opnsense I will get full wan speed.

In few words, opnsense is capable to use aes-ni with openvpn (or l2tp-ipsec) ?

Thanks in advance

Alessandro