OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Gizmo »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Gizmo

Pages: [1]
1
General Discussion / DNS Server Setup - All Devices on Quad9 except one on Cloudflare - Why?
« on: June 08, 2024, 01:44:46 am »
Hi all,

Recently I've notice one device, my iPhone on my home private network uses cloudflare DNS servers, even though my Opnsense setup is set to use Quad9 DoT. Everything on my network successfully uses Quad9 DoT, except my phone, bizarre.

Testing methods
On my phone when carrying out DNSleak tests, cloudflare servers show up. When using other devices such as my laptop, dns leak tests and the "Am I on quad9" page show I'm using quad9.

General setup notes
Opnsense Firewall /gateway > Omada Switch > Omada EAPs
System DNS set to 9.9.9.9 and 149.112.112.112 Quad9 servers

Unchecked for allow DNS to be overridden
Unchecked "Do not use local DNS..."
Unchecked allow default gateway switching

Unbound enabled
DNS over TLS enabled for both IPV4 and IPV6 Quad9 servers

VLANs and DNS Setups
Omada -  - DNS for DHCP set to quad9
IOT - DNS for DHCP set to quad9
Private  - DNS for DHCP set to quad9
Guest  - DNS for DHCP set to google
Smart TV  - DNS for DHCP set to NordVPN

Any advice welcomed.

2
23.7 Legacy Series / Unable to access web GUI - But able to access ssh - Please Help
« on: September 28, 2023, 11:23:13 am »
Hi there,

From version 22 onwards access to my web guide fails.

I can access via ssh no problems.

Interestingly, when I restart my firewall, then the web guy works as a one off.

3
Virtual private networks / Wireguard Performance Capped - why?
« on: August 21, 2023, 12:26:34 pm »
Hi all,

Looking for some advice on further tuning ideas to maxmise my Wireguard (Via Nord VPN) performance.

This time totally stalled at how to get my Wireguard VPN performance close to my 1Gb internet connection speed. Currently caps out around 450 to 550Mbps. The speed completely flatlines which leads me to believe its simply a setting which is maxing the throughput/processing.

Firstly, my ISP allows these speeds and have done direct connection to internet router getting about 975Mbps.


Key Questions I have
  • Does the DNS config affect speed? (Currently using Unbound in forwarding mode to Quad9 Servers)
  • Are there specific turnables settings others have used and found a speed boost?
  • What specific MSS and MTU settings were used and where did you apply these?
I have played around with the MTU and MSS settings, between 1380 to 1420. Not seen any major jump across a range of combinations. Additionally not sure where is the best place to enter these as there seems to be several locations to do it
  • The wireguard tunnel
  • WG interface
  • LAN interface
  • Interface normalisation settings
  • System settings
Use Case
Simple home setup using Nord VPN for wireguard, just trying to get maximum speed.


Current Setup
  • Protectli FW6Br2 Intel i3-8130U 2.2Ghz 2 core 4 thread CPU with 16GB DDR4 Ram and 256GB SSD (According to Protectli Wireguard speeds of 900Mbps capable)
  • OPNsense 23.7.1_3-amd64
  • FreeBSD 13.2-RELEASE-p2
  • OpenSSL 1.1.1v 1 Aug 2023

Test ResultsTesting via ethernet cable into LAN port via Speednet CLI Test

Speedtest by Ookla

      Server: Network Solutions Group - Sydney (id: 30430)
         ISP: GSL Networks Pty
Idle Latency:    12.25 ms   (jitter: 4.04ms, low: 8.57ms, high: 16.21ms)
    Download:   455.10 Mbps [==========-         ] 54%   - latency: 273.32 ms       Download:   464.39 Mbps [===========\        ] 55%   - latency: 273.32 ms       Download:   465.29 Mbps [===========|        ] 56%   - latency: 273.32 ms       Download:   465.38 Mbps [===========/        ] 56%   - latency: 273.32 ms 

Upload:    45.21 Mbps (data used: 35.0 MB)                                                   

                 47.27 ms   (jitter: 4.05ms, low: 14.23ms, high: 81.45ms)

Opnsense Setup
LAN Interface MTU = 1420
WG Interface MTU &  MSS = 1420
Using Unbound DNS forwarding to Cloud9 servers - Not using local resolver - Unsure which is best for my application

Notable Turnables I've adjusted based on various gudes - In particular https://binaryimpulse.com/2022/11/opnsense-performance-tuning-for-multi-gigabit-internet/
https://forum.opnsense.org/index.php?topic=24409.msg116941#msg116941

kern.ipc.maxsockbuf = 614400000
net.inet.rss.bits = 2
net.inet.rss.enabled = 1
net.inet.tcp.abc_1_var = 52
net.inet.tcp.minmss = 536
net.inet.tcp.mssdflt = 1240
net.inet.udp.checksum = 1
net.inet.udp.maxdgram = 57344
net.isr.defaultqlimit = 2048
net.isr.dispatch = deferred
net.isr.maxthreads = -1
net.local.dgram.maxdgram = 8192
net.pf.source_nodes_hashsize = 1048576
set.hw.ibrs_disable = 1
vfs.read_max = 32


Any help or advice much appreciated.

4
Virtual private networks / Nord Wireguard Setup - One Final Tweak Required
« on: August 14, 2023, 12:33:43 pm »
N/A

5
Virtual private networks / Multiple Open VPN Tunnel Setup Issues
« on: July 17, 2023, 12:24:32 pm »
N/A

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2