"
Auguri di Buon Natale e di un felice anno nuovo :D
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
Development and Code Review / Any chance to get wireguard?
October 15, 2017, 10:29:38 PM
Hi,
I am very interested to fireguard protocol as openvpn replacement: I know at this moment there isn't wireguard port on freebsd world.
There is a chance to get it in the near future?
TIA
I am very interested to fireguard protocol as openvpn replacement: I know at this moment there isn't wireguard port on freebsd world.
There is a chance to get it in the near future?
TIA
#3
17.7 Legacy Series / Dashbord and Safari: high cpu usage
October 15, 2017, 10:24:19 PM
Hi,
I noted very high cpu usage with my Safari 11 (on OSX) with Dashboard (with traffic graph on it): after some hours I get page with also very slow response.
I use OPN 17.7.5 but also with 17.7.4 I had same problems.
Anyone has same problem?
I noted very high cpu usage with my Safari 11 (on OSX) with Dashboard (with traffic graph on it): after some hours I get page with also very slow response.
I use OPN 17.7.5 but also with 17.7.4 I had same problems.
Anyone has same problem?
#4
17.7 Legacy Series / Unable to upgrade from 17.1.11
August 05, 2017, 07:56:01 PM
Hi,
I tried to upgrade but get this error when I try to upgrade (from GUI or from ssh):
Fetching base-17.7-amd64.obsolete: .............................................................opnsense-verify: Unable to open /var/cache/opnsense-update/41418/base-17.7-amd64.obsolete: No such file or directory
failed
Can you help me?
TIA
Note: I use /var and /tmp in memory
Note2: In the log file I found this:
configd.py: [1b18a9de-e07f-4353-8121-ad3ef316fb82] Script action stderr returned "pkg: Repository OPNsense has a wrong packagesite, need to re-create database"
I tried to upgrade but get this error when I try to upgrade (from GUI or from ssh):
Fetching base-17.7-amd64.obsolete: .............................................................opnsense-verify: Unable to open /var/cache/opnsense-update/41418/base-17.7-amd64.obsolete: No such file or directory
failed
Can you help me?
TIA
Note: I use /var and /tmp in memory
Note2: In the log file I found this:
configd.py: [1b18a9de-e07f-4353-8121-ad3ef316fb82] Script action stderr returned "pkg: Repository OPNsense has a wrong packagesite, need to re-create database"
#5
17.1 Legacy Series / Squid and MultiWAN
March 17, 2017, 04:30:56 PM
Hi,
in my configuration I would like to use WebProxy (forward proxy) with a sort of multiwan configuration.
In my opnsense box, I configured VPN clients (3 openvpn clients) and a gateway group with these 3 openvpn connections: until now I used this group (with some firewall rules) to force the use of vpn group for some LAN clients traffic and all works good.
Now I would like to add also a web proxy (squid) with the above vpn group: so I enabled and configured proxy (not transparent).
I know squid proxy uses, by default, only default gateway (WAN gateway) and in this mode all works good but I want to force to use only vpn group.
So I read many guides about this argument and I tried to use floating rules for http/https ports, I tried also to add "tcp_outgoing_address 127.0.0.1" in squid template but with no success: can you point me on right direction?
Thanks in advance
in my configuration I would like to use WebProxy (forward proxy) with a sort of multiwan configuration.
In my opnsense box, I configured VPN clients (3 openvpn clients) and a gateway group with these 3 openvpn connections: until now I used this group (with some firewall rules) to force the use of vpn group for some LAN clients traffic and all works good.
Now I would like to add also a web proxy (squid) with the above vpn group: so I enabled and configured proxy (not transparent).
I know squid proxy uses, by default, only default gateway (WAN gateway) and in this mode all works good but I want to force to use only vpn group.
So I read many guides about this argument and I tried to use floating rules for http/https ports, I tried also to add "tcp_outgoing_address 127.0.0.1" in squid template but with no success: can you point me on right direction?
Thanks in advance
#6
17.1 Legacy Series / Upgrade from 16.7.14: Firewall rules doesn't works as before
January 31, 2017, 08:18:29 PM
HI,
I just upgraded from 16.7.14 version and all seems works very well but not firewall rules.
I have some firewall rules (LAN Tab) to force VPN use on my LAN net: with 16.7.14 all works well but with 17.1 (I haven't modify any configuration) same rules doesn't works anymore.
Can you give me some advice?
Thanks in advance
P.S.: Now I reverted to 16.7.14 (Vmware machine) but I will try also with a fresh installation
I just upgraded from 16.7.14 version and all seems works very well but not firewall rules.
I have some firewall rules (LAN Tab) to force VPN use on my LAN net: with 16.7.14 all works well but with 17.1 (I haven't modify any configuration) same rules doesn't works anymore.
Can you give me some advice?
Thanks in advance
P.S.: Now I reverted to 16.7.14 (Vmware machine) but I will try also with a fresh installation
#7
16.7 Legacy Series / Gateway group: connections not really balanced
November 03, 2016, 08:56:09 PM
Hi,
I am using a gateway group with my 3 VPN connections (I use opnsense as Openvpn client): I defined group (all three connections are tier 1) and firewall rules and all works very good but these 3 connections are not really balanced.
One of these is used at 80%, the others two at 10% each (I see these statistics from OpenVPN->Connection Status).
I think this is not normal: can you help me?
TIA
I am using a gateway group with my 3 VPN connections (I use opnsense as Openvpn client): I defined group (all three connections are tier 1) and firewall rules and all works very good but these 3 connections are not really balanced.
One of these is used at 80%, the others two at 10% each (I see these statistics from OpenVPN->Connection Status).
I think this is not normal: can you help me?
TIA
#8
General Discussion / Openvpn mono thread solution: Softether
August 19, 2016, 11:19:16 PM
Hi,
From my point of view, Openvpn main problem is mono thread (and mono core) restriction.
I found Softether solution and I read about opnsense package in an old thread: there is any news about softether inclusion on opnsense ( for example GUI)?
THanks in advance
From my point of view, Openvpn main problem is mono thread (and mono core) restriction.
I found Softether solution and I read about opnsense package in an old thread: there is any news about softether inclusion on opnsense ( for example GUI)?
THanks in advance
#9
16.7 Legacy Series / OpenVPn (client) and gateway
August 11, 2016, 08:43:52 PM
I reinstalled 16.7.1 version from scratch.
I configured Openvpn client to a VPN provider: VPN connection is established without problems (I used "don't pull route" in the client configuration).
Then I created a new interface (based on opvnc1): at this point Opnsense created a new gateway with 255.255.255.0 as address (from Gateways->Status).
It's normal?
TIA
I configured Openvpn client to a VPN provider: VPN connection is established without problems (I used "don't pull route" in the client configuration).
Then I created a new interface (based on opvnc1): at this point Opnsense created a new gateway with 255.255.255.0 as address (from Gateways->Status).
It's normal?
TIA
#10
16.1 Legacy Series / NAT Outbound And VPN
June 21, 2016, 10:25:18 PM
Hi,
I have a problem with NAT Outbound and my VPN configuration.
I setup months ago OpenVPN (client) with my VPN provider and I setup (Firewall-NAT-Outbound) some manual rules like
192.168.2.0/24 on VPN interface (to force VPN on every device on my LAN).
All works very good.
Now I would like to setup an exception: for a specific device, 192.168.2.12 I want to use wan interface and not VPN.
So I added another rule for 192.168.2.12/32, as first rule, but this device uses always VPN interface.
So, where is my mistake?
Thanks for your help.
I have a problem with NAT Outbound and my VPN configuration.
I setup months ago OpenVPN (client) with my VPN provider and I setup (Firewall-NAT-Outbound) some manual rules like
192.168.2.0/24 on VPN interface (to force VPN on every device on my LAN).
All works very good.
Now I would like to setup an exception: for a specific device, 192.168.2.12 I want to use wan interface and not VPN.
So I added another rule for 192.168.2.12/32, as first rule, but this device uses always VPN interface.
So, where is my mistake?
Thanks for your help.
#11
Hardware and Performance / Openssl performance
March 09, 2016, 11:57:41 PM
Hi,
I tried to verify openssl performance on my OPNSense machine (4 vCPUs on ESXi 6): I compared these results with those obtained on a Ubuntu 15 server machine (2 vCPUs on same host).
I run this command on Ubuntu and OPNSense:
openssl speed -evp aes-128-cbc
and on OPNSense also
openssl speed -evp aes-128-cbc -engine cryptodev
Output obtained shows me no difference between these two commands on OPNSense and a huge difference with Ubuntu:
OPNSense (no cryptodev)
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 46929.27k 165008.10k 662520.67k 3014012.56k 30838620.16k
OPNSEnse (cryptodev)
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 45672.01k 183696.55k 576098.68k 2877417.92k 20640869.03k
Ubuntu 15
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 209778.60k 321537.47k 386955.43k 406307.21k 413696.00k
Do you have any idea?
Thanks
I tried to verify openssl performance on my OPNSense machine (4 vCPUs on ESXi 6): I compared these results with those obtained on a Ubuntu 15 server machine (2 vCPUs on same host).
I run this command on Ubuntu and OPNSense:
openssl speed -evp aes-128-cbc
and on OPNSense also
openssl speed -evp aes-128-cbc -engine cryptodev
Output obtained shows me no difference between these two commands on OPNSense and a huge difference with Ubuntu:
OPNSense (no cryptodev)
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 46929.27k 165008.10k 662520.67k 3014012.56k 30838620.16k
OPNSEnse (cryptodev)
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 45672.01k 183696.55k 576098.68k 2877417.92k 20640869.03k
Ubuntu 15
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 209778.60k 321537.47k 386955.43k 406307.21k 413696.00k
Do you have any idea?
Thanks
#12
Hardware and Performance / Some suggestions for my new OPNSense (on ESXi host)
March 04, 2016, 10:49:35 AM
Hi,
yesterday I just installed OPNSense (16.1.5) on a VM inside ESXi 6 host.
I use a Supermicro A1SRM-2758F motherboard, with 16GB RAM and 256 GB SSD: this MB has 4 Ethernet ports (+1 for IPMI), CPU is 2,40Ghz with 8 cores, 6 SATA ports: on this machine I installed VMWare ESXi 6.
At this moment, I installed OPNSense on a VM with 4GB RAM, 16GB disk space (on the SSD), 4 cores, with 2 Ethernet ports, one for LAN traffic and one for WAN traffic (at this moment only IPv4 but I plan to add IPv6): in next few days I will add a second VM, where I will install Ubuntu Server (I will use it as file server with 4 SATA HDDs), with 4 cores and 2 LAN ports.
I will use OPNSense machine as firewall/router, DHCP server (on the LAN side), proxy server, VPN gateway (i.e. OPNSense will be connect to a VPN Provider for encrypt Internet traffic, I don't need VPN on LAN side).
I need some advice on OPNSense:
1) I think 16GB disk space are sufficient (maybe exaggerated), but disk space is not a problem
2) I have some doubt about RAM (4GB) and core's number (4), in particular about VPN traffic: my WAN speed is actually 100Mbps but in near future I will upgrade to 300Mbps and I would like to not slow down Internet speed with VPN.
In the next few days I'll do some performance tests but your suggestions on this configuration are welcome.
Thanks in advance
Alessandro
P.S.: I would like to contribute to OPNSense (many thanks for your product): I will donate but I would also like to participate more concretely, for example with translation (my native language is italian).
yesterday I just installed OPNSense (16.1.5) on a VM inside ESXi 6 host.
I use a Supermicro A1SRM-2758F motherboard, with 16GB RAM and 256 GB SSD: this MB has 4 Ethernet ports (+1 for IPMI), CPU is 2,40Ghz with 8 cores, 6 SATA ports: on this machine I installed VMWare ESXi 6.
At this moment, I installed OPNSense on a VM with 4GB RAM, 16GB disk space (on the SSD), 4 cores, with 2 Ethernet ports, one for LAN traffic and one for WAN traffic (at this moment only IPv4 but I plan to add IPv6): in next few days I will add a second VM, where I will install Ubuntu Server (I will use it as file server with 4 SATA HDDs), with 4 cores and 2 LAN ports.
I will use OPNSense machine as firewall/router, DHCP server (on the LAN side), proxy server, VPN gateway (i.e. OPNSense will be connect to a VPN Provider for encrypt Internet traffic, I don't need VPN on LAN side).
I need some advice on OPNSense:
1) I think 16GB disk space are sufficient (maybe exaggerated), but disk space is not a problem
2) I have some doubt about RAM (4GB) and core's number (4), in particular about VPN traffic: my WAN speed is actually 100Mbps but in near future I will upgrade to 300Mbps and I would like to not slow down Internet speed with VPN.
In the next few days I'll do some performance tests but your suggestions on this configuration are welcome.
Thanks in advance
Alessandro
P.S.: I would like to contribute to OPNSense (many thanks for your product): I will donate but I would also like to participate more concretely, for example with translation (my native language is italian).
#13
16.1 Legacy Series / [SOLVED] Unable to start proxy service
March 03, 2016, 08:30:57 PM
Hi,
just installed 16.1.5 as my new OPNSense machine: when I enable proxy service (without any other proxy configuration) I get following error:
Unable to save data, an internal error occurred.
Response from server was:
{"status":401,"message":"Authentication Failed"}
Thanks in advance
Alessandro
just installed 16.1.5 as my new OPNSense machine: when I enable proxy service (without any other proxy configuration) I get following error:
Unable to save data, an internal error occurred.
Response from server was:
{"status":401,"message":"Authentication Failed"}
Thanks in advance
Alessandro
#14
16.1 Legacy Series / 16.1.3: Warning when check updates
February 20, 2016, 06:38:16 PM
Hi,
when i check for updates I get following warning:
Warning: stream_socket_client(): unable to connect to unix:///var/run/configd.socket (Connection refused) in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php on line 93
What does it means?
I also submit this problem with crash reporter.
TIA
Alex
when i check for updates I get following warning:
Warning: stream_socket_client(): unable to connect to unix:///var/run/configd.socket (Connection refused) in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php on line 93
What does it means?
I also submit this problem with crash reporter.
TIA
Alex
#15
General Discussion / OPNSense and others programs (in jail)
February 02, 2016, 10:41:33 AM
Hi,
I am building my new OPNSense machine (based on Supermicro A1srm-2758, with 16GB RAM, SSD and maybe some HDDs): because I have plenty of CPU power and RAM I would like also to install some programs I use regularly as Plex for example.
I know about a firewall it's not a good place where to use others programs (for security, stability and so on) but I would like to have a single machine (in my home) for all my needs.
With PFsense I found Finch (http://dreamcat4.github.io/finch/) to get (in jail) others programs: what do you think?
It's possible with Finch or with some other way?
Thanks in advance
Alessandro
I am building my new OPNSense machine (based on Supermicro A1srm-2758, with 16GB RAM, SSD and maybe some HDDs): because I have plenty of CPU power and RAM I would like also to install some programs I use regularly as Plex for example.
I know about a firewall it's not a good place where to use others programs (for security, stability and so on) but I would like to have a single machine (in my home) for all my needs.
With PFsense I found Finch (http://dreamcat4.github.io/finch/) to get (in jail) others programs: what do you think?
It's possible with Finch or with some other way?
Thanks in advance
Alessandro
#16
General Discussion / New hardware
January 24, 2016, 11:04:54 AM
Hi,
I would like to change my actual router, an asus rtn16, with an diy machine based on supermicro mb a1srm 2758 (atom cup 8 core) with ssd, 8gb ram.
I need to use it as vpn gateway with my vpn provider: my wan speed is 100mbps.
With my asus router I get only 10 Mbps as wan speed when I use openvpn (router cpu limit) but with supermicro mb (ads-ni, Intel quickassist) I need to know if opnsense I will get full wan speed.
In few words, opnsense is capable to use aes-ni with openvpn (or l2tp-ipsec) ?
Thanks in advance
Alessandro
I would like to change my actual router, an asus rtn16, with an diy machine based on supermicro mb a1srm 2758 (atom cup 8 core) with ssd, 8gb ram.
I need to use it as vpn gateway with my vpn provider: my wan speed is 100mbps.
With my asus router I get only 10 Mbps as wan speed when I use openvpn (router cpu limit) but with supermicro mb (ads-ni, Intel quickassist) I need to know if opnsense I will get full wan speed.
In few words, opnsense is capable to use aes-ni with openvpn (or l2tp-ipsec) ?
Thanks in advance
Alessandro
Pages1
