OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Cuffs »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Cuffs

Pages: [1]
1
22.1 Legacy Series / Trying to add ssh user, but missing access rights in "Effective Priviliges"
« on: April 10, 2022, 09:23:31 am »
Hi

I'm trying to create a user which has SSH login rights.

From https://docs.opnsense.org/manual/how-tos/user-local.html I know I should set that right via a group or directly on the user itself under "Effective Priviliges" by assigning "User - System - Shell account access"

But I'm missing that item. There are no "User -" items like in the screenshot in the Link obove.


I only see access rights for GUI I could assign (see attachment).



Am I blind? Or is there something else to be done?

ty,
Christian

2
22.1 Legacy Series / Big performance loss after upgrade
« on: January 29, 2022, 11:58:24 am »
Hi

This is the topology:

  .-----+------.
  |  O   igb0  +
  |  P            |              .------------.     .------------.
  |  N   igb1  +--Trunk--+ Switch    +- -+ RPi        |
  |  s            |              .------------.     .------------.
  |  e   igb2  +
  |  n            |             .------------.
  |  s   igb3  +----------+ Laptop    |
  |  e            |             .------------.
  .------------.

RPi is connected to an access port in VLAN10
Laptop is connected to default LAN interface on OPNSense (no VLAN)

igb1 is connected to a trunk port, native VLAN10 and some other ones tagged.
(i know it might be better to change to everything tagged, I planned to do that in 22.1)


Before Upgrading I performed iperf3 tests and got throughputs ~900MBit
After Upgrading the same test shows ~300MBit
No changes were made to any config.

I have read through some articles of https://github.com/ocochard
There I also found the bridge performace issue in FreeBSD12 which was one of the reasons to update OPNSense to 22.1.

Question:
How to debug where this bottleneck resides (I'm very sure it is inside the OPNSense box)?
What board tools of OPNSense / FreeBSD13 can you recommend to look at?

I suspect it has to do with Queues/number of CPUs bound to the interface/interrupts/whatever?


Cheers
Christian

3
21.1 Legacy Series / Transparent Proxy bypasses WAN reject rule
« on: February 25, 2021, 09:26:52 pm »
Hi

I thought after using OPNSense for a year and being very happy with it I'll register here.
Maybe my post is of help/contribution, or maybe I'm just misunderstanding something..

I use Web Proxy in transparent mode - so far so good.
I also added a Rule to reject outgoing IPv4 TCP/UDP any to a Blocklist of DNS via HTTPS servers to port 443.

When doing telnet 9.9.9.9 443 on OPNSense itself the rule kicks in and blocks traffic.
But from a client via the proxy this works. So it seems Squid is bypassing outgoing rules on the WAN interface.


Is this as intended?


Thank you
Christian

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2