Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
OpenVPN Instances - Buffer Size / TLS Version Minimum / NetBIOS
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN Instances - Buffer Size / TLS Version Minimum / NetBIOS (Read 354 times)
ky41083
Newbie
Posts: 45
Karma: 3
OpenVPN Instances - Buffer Size / TLS Version Minimum / NetBIOS
«
on:
August 27, 2024, 04:44:19 am »
Hello! Posting first before submitting a feature request... Looking at migrating my OpenVPN servers over from legacy to Instances. I'm noticing a few advanced options I use are missing and curious if anyone else feels they should be included.
Buffer size:
I always set sndbuf + rcvbuf as well as push them to the client. This is extremely important for mitigating bandwidth bottlenecks, especially on faster and/or higher latency connections. Would it make sense to request an option for each with a text box where the value can be entered in bytes, with an accompanying checkbox to push the custom value to clients? Essentially achieve an affect similar to:
sndbuf 2097152
push "sndbuf 2097152"
rcvbuf 2097152
push "rcvbuf 2097152"
TLS Version Minimum:
The option I use to meet compliancy policy requirements & prevent TLS downgrade attacks. Would it make sense for this to be a drop down option w/ 1.2, 1.3, and Highest as options? This would achieve something similar to the following:
# Use 1.2
tls-version-min 1.2
# Use 1.3
tls-version-min 1.3
# Use Highest Supported
tls-version-min 0.0 or-highest
Disable NetBIOS:
And last, the push options list would be a good place for this. Disable NetBIOS name lookups to cut down on VPN traffic. Maybe called "push disable-nbt". This would achieve the following:
push "dhcp-option DISABLE-NBT"
I request your feedback on the above. Thank you!
«
Last Edit: October 01, 2024, 07:19:40 pm by ky41083
»
Logged
ky41083
Newbie
Posts: 45
Karma: 3
Re: OpenVPN Instances - Buffer Size / TLS Version Minimum / NetBIOS
«
Reply #1 on:
October 01, 2024, 06:50:55 pm »
Submitted
https://github.com/opnsense/core/issues/7929
https://github.com/opnsense/core/issues/7930
https://github.com/opnsense/core/issues/7931
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
OpenVPN Instances - Buffer Size / TLS Version Minimum / NetBIOS