Trädvy Permalänk
teklager
Plats
Stockholm
Registrerad
Maj 2018

@GLaDER: I'm glad you are happy with your APU2C2!

I have never used pfBlockerNG package, especially in combination with OpenVPN, so I won't be very helpful. I imagine that pfBlockerNG sees encrypted traffic and is unable to block anything. I suppose there's away to make this work, but I have no experience to help you, sorry!
Tell me more about your NAT. What's your setup and what do you want to achieve?

Best,
Pawel

I'm running https://TekLager.se/ - we build Open Source routers in Sweden :-)
(Sorry for writing in English! My Swedish is still not fantastic...)

Trädvy Permalänk
Medlem
Plats
Göteborg
Registrerad
Nov 2011
Skrivet av teklager:

@GLaDER: I'm glad you are happy with your APU2C2!

I have never used pfBlockerNG package, especially in combination with OpenVPN, so I won't be very helpful. I imagine that pfBlockerNG sees encrypted traffic and is unable to block anything. I suppose there's away to make this work, but I have no experience to help you, sorry!
Tell me more about your NAT. What's your setup and what do you want to achieve?

Best,
Pawel

I think you are right (but I'm hooking into the connection before it reaches the VPN why I am a bit confunded).

Regarding the NAT; I want to be able to reach my selfhosted (as in, the server is located at my house) webserver. If I go to mydomain.com, while on another network but my own, it works just fine, but if I do the same while on my network I am unable to reach the webserver. IIRC this is due to NAT Loopback not working by default, but looking at the documentation I am not really able to understand how to solve my issue.

I have been able to add a Split DNS configuration s.t. www.mydomain.com takes me to the webserver when I am on my local network, but that means I need to have two configurations for all applications that I use both externally and internally (i.e. when I want to reach BNC, Nextcloud, Plex, etc. from my Laptop).

Any tips?

:(){ :|:& };:

{🧗‍♂️, 🔥, 🏃‍♂️, ☕}

Blog
YouTube

Trädvy Permalänk
teklager
Plats
Stockholm
Registrerad
Maj 2018

@GLaDER: I know this problem, I had it myself.

There are 2 solutions. Either you "split the DNS" which is what you are doing today, but it's annoying, or you enable "NAT reflection", which is what I did. Net reflection is much nicer option because you don't have to care about updating DNS locally.

I see that you linked to the documentation for NAT reflection. This solved my problem. I'm not sure why it's not working for you. Perhaps it's the firewall that is blocking it now? Do you have any "blocked entries in" firewall logs in Status -> System Logs -> Firewall?

I'm running https://TekLager.se/ - we build Open Source routers in Sweden :-)
(Sorry for writing in English! My Swedish is still not fantastic...)

Trädvy Permalänk
Medlem
Plats
Göteborg
Registrerad
Nov 2011
Skrivet av teklager:

@GLaDER: I know this problem, I had it myself.

There are 2 solutions. Either you "split the DNS" which is what you are doing today, but it's annoying, or you enable "NAT reflection", which is what I did. Net reflection is much nicer option because you don't have to care about updating DNS locally.

I see that you linked to the documentation for NAT reflection. This solved my problem. I'm not sure why it's not working for you. Perhaps it's the firewall that is blocking it now? Do you have any "blocked entries in" firewall logs in Status -> System Logs -> Firewall?

I had simply not looked in the right place. Thank you for encouraging me to take another look. Now it's working.

:(){ :|:& };:

{🧗‍♂️, 🔥, 🏃‍♂️, ☕}

Blog
YouTube

Trädvy Permalänk
Medlem
Plats
Ösmo
Registrerad
Jun 2002

Teklager.se was news to me but I believe I just came in my pants.
Will be buying a custom one next router change/upgrade for sure! Damnit I didnt even know this existed... Im almost wishing my for my current to catch fire or something.

Trädvy Permalänk
Medlem
Plats
Stockholm
Registrerad
Nov 2004

@teklager you might want to edit this part of your shop as it is in violation with Swedish law.

You write:
"14 days open purchase
In case of unbroken package"

Swedish law (konsumentköplagen) states that when purchasing a product over the internet you have the right to inspect and test the product.

Please see this section: "You have the right to inspect the product".
It states:
"To know whether you want to buy a product, you must be able to inspect it. But the product has to remain in its original condition if you are going to return it. You may not use or handle a product in an unnecessary way. If you do, the seller can demand that you pay for the reduction in the value of the product.".

https://www.hallakonsument.se/other-languages/english-engelsk...

https://www.konsumentverket.se/languages/english-engelska/

The exception from this law would be hygiene products and services that start before the 14 days have passed. I.e. earbuds, underwear, subscriptions, mobile phone agreements and other services of this kind.

Chassi: Xigmatek Elysium | PSU: EVGA Supernova G2 750W | MB: ASUS Strix Z390-F GAMING | CPU: INTEL i9-9900K & Corsair H60 | GPU: Asus Strix RTX 2080 OC | SSD: Samsung 970 EVO 500 GB | RAM: HyperX Fury 4x8 GB CL16 2666 Mhz | Ljudkort: Asus Xonar D2X | Nätverkskort: Asus PCE-AC68 |

|| Citera för svar! ||

Trädvy Permalänk
teklager
Plats
Stockholm
Registrerad
Maj 2018

@FireFox: Thanks for pointing this out! This rule was from a template I copied from somewhere, years ago, and we never actually followed it. "Unbroken package" doesn't make any sense anyway

I changed it to "30 days open purchase", if the hardware isn't physically damaged. This is more in line with what we are actually doing in practice today

I'm running https://TekLager.se/ - we build Open Source routers in Sweden :-)
(Sorry for writing in English! My Swedish is still not fantastic...)

Trädvy Permalänk
Medlem
Registrerad
Maj 2004

I see you have increased prices, how can this be?

Trädvy Permalänk
Medlem
Plats
Där min VPN visar
Registrerad
Jan 2005
Skrivet av CrüeHead:

I see you have increased prices, how can this be?

Ökade leverantörspriser?
Inflation?

Trädvy Permalänk
teklager
Plats
Stockholm
Registrerad
Maj 2018

For those who are running APU routers with pfSense, we have some good news
New BIOS with some configuration changes, allow pfSense to route at 1Gbit on all APU routers. Read this article for details:
https://teklager.se/en/knowledge-base/apu2-1-gigabit-throughp...

@Undie: Price increase was rather small, but the reason is that manufacturer increased prices of parts, and PostNord increased prices for shipping.

I'm running https://TekLager.se/ - we build Open Source routers in Sweden :-)
(Sorry for writing in English! My Swedish is still not fantastic...)

Trädvy Permalänk
Medlem
Registrerad
Okt 2001

Impressive :]

Nice guide.

Trädvy Permalänk
Medlem
Registrerad
Nov 2013

Jag köpte en router från TekLager.se och är galet nöjd med prestandan, priset och hjälpen jag fick från Pawel på TekLager! Kör OpenWrt och Wireguard och maxar ut min lina 1000/1000, något jag knappt trodde gick med en router.

Är det någon som har frågor till en kund så får ni gärna skicka ett PM!

Thanks @teklager for great support and an amazing product! Review in Swedish above.

Trädvy Permalänk
Medlem
Registrerad
Aug 2015

Ok, so was just about to put in an order for a Vilfo router when I stumbled over this thread.
Have had a good readup on PfSense/OpnSense and the different types of routers teklager offers.

I have a few questions to @teklager

1. I have a 1000/250 internet connection and want to use VPN, to reach those speeds it seems like i need to get the TLsense i5 right?
2. I also saw that you have a "new" product, TlSense j3p4 (celeron) what performance can
be expected from that hardware?

If i'm new to both OpnSense and PfSense what would you recommend I go for?

Cheers

Trädvy Permalänk
teklager
Plats
Stockholm
Registrerad
Maj 2018
Skrivet av reverend benny:

Ok, so was just about to put in an order for a Vilfo router when I stumbled over this thread.
Have had a good readup on PfSense/OpnSense and the different types of routers teklager offers.

I have a few questions to @teklager

1. I have a 1000/250 internet connection and want to use VPN, to reach those speeds it seems like i need to get the TLsense i5 right?
2. I also saw that you have a "new" product, TlSense j3p4 (celeron) what performance can
be expected from that hardware?

If i'm new to both OpnSense and PfSense what would you recommend I go for?

Cheers

Hi!

Vilfo seems like nice hardware! I've been looking at it for a while, but in the end, decided not to re-sell it because the software is not fully open source. My concern with closed-source OS is that it will stop being updated with security patches, and will make hardware obsolete.

Now, to your questions:
1. That's correct. You will need a CPU with good single-core performance to reach high OpenVPN throughput because OpenVPN is single-threaded. TLSense i5 will give you about 600-800Mbit/s.
2. I have not tested it myself yet, but I've heard from one customer that he reached about 180Mbit/s on OpenVPN on this hardware. This is lower than I expected, so I'll need to test it myself (hope to do this within the next week).

If you are completely new to OPNSense/pfSense then I recommend pfSense because it has more documentation and tutorials online.

Let me know if you have any other questions.

Best,
Pawel

I'm running https://TekLager.se/ - we build Open Source routers in Sweden :-)
(Sorry for writing in English! My Swedish is still not fantastic...)

Trädvy Permalänk
Medlem
Registrerad
Aug 2015

@teklager:

Thanks for a very quick reply, and on a weekend as well

Currently looking at moving on from my Edgerouter 4 as i am getting tired of having to use the CLI for pretty much anything.
It doesn't really support high VPN speed either so thinking of killing two birds with one stone here getting a new router.

One of the reasons why I was a bit uncertain about Vilfo is what you pointed out, I am depending on them to deliver updates and support. Not saying they won't but at least with this solution I won't have to worry about that.

I have one more question that probably should be more aimed toward the OS manufacturer, but that maybe you could answer is:
I want to setup so some devices use VPN and some don't via the router either via VLAN or IP. Is that possible?
Also thinking of maybe mess around using two VPN providers.

I don't expect a massive answer or a step by step instruction, just curious if its possible since Vilfo has that as a USP (that might be so unique).

Cheers

Trädvy Permalänk
teklager
Plats
Stockholm
Registrerad
Maj 2018
Skrivet av reverend benny:

Thanks for a very quick reply, and on a weekend as well

I run TekLager as a hobby business, so I usually answer during weekends and after regular office hours

Skrivet av reverend benny:

One of the reasons why I was a bit uncertain about Vilfo is what you pointed out, I am depending on them to deliver updates and support. Not saying they won't but at least with this solution I won't have to worry about that.

I'm a little torn on this because I support what Vilfo is trying to achieve (secure personal routing), but I have a hard time trusting proprietary software since I can't really verify that it's truly secure.
On the other hand, I understand why they didn't open source the Vilfo OS. This software is their competitive advantage, so it's a business decision.
I wish there was a way for them to open source it, and keep the competitive edge.

Skrivet av reverend benny:

I have one more question that probably should be more aimed toward the OS manufacturer, but that maybe you could answer is:
I want to setup so some devices use VPN and some don't via the router either via VLAN or IP. Is that possible?
Also thinking of maybe mess around using two VPN providers.

I have not tried this, but I believe that it should be quite easy in pfSense/OPNsense. Once you have a VPN provider configured, you will have a virtual VPN WAN interface, and your regular WAN interface. Then it should be possible to route some clients to regular WAN and some clients to VPN-WAN. I believe you can do this based on IPs or VLANs in pfSense by going to Firewall-> NAT -> Outbound -> create Manual Outbound NAT rule.

Best,
Pawel

I'm running https://TekLager.se/ - we build Open Source routers in Sweden :-)
(Sorry for writing in English! My Swedish is still not fantastic...)

Trädvy Permalänk
Medlem
Registrerad
Aug 2015

@teklager:

Again, thanks for the fast and valuable reply.

I'm just going to decide on which one to get now, the celeron one is probably enough as the things that will use VPN isn't the one requiring most of the bandwidth.
At the same time its not that much of a price difference so if i wanna play around with things such as IDP/IDS and other things it might be worth getting the i5 version.

Would you say there are any difference in quality from the Celeron and I5 kit, it seems like its from 2 different manufacturers?

The i5 obviously has a lot more of everything, but apart from that things like building quality, quality of components and if you have had many faulty devices is always interesting to know.

Cheers

Trädvy Permalänk
teklager
Plats
Stockholm
Registrerad
Maj 2018
Skrivet av reverend benny:

@teklager:
Would you say there are any difference in quality from the Celeron and I5 kit, it seems like its from 2 different manufacturers?

The i5 obviously has a lot more of everything, but apart from that things like building quality, quality of components and if you have had many faulty devices is always interesting to know.

From the quality perspective, I think they are equivalent. Both of these boxes are well built and perform well.

TLSense i5 will have a lot more horsepower for IDS/IPS/VPN. If these are not very important to you then you won't see a difference in regular routing.

TLSense J3P4 has really small form factor which I think is cool

From the left: TLSense i7 6P, TLSense i5, J3P4, APU4C4, APU2D4, APU2D0.

Cheers!

I'm running https://TekLager.se/ - we build Open Source routers in Sweden :-)
(Sorry for writing in English! My Swedish is still not fantastic...)

Trädvy Permalänk
Medlem
Registrerad
Aug 2015

Ok, fick äntligen tummen ur att installera min Teklager router jag beställde för ett år sedan. Jag kör OpnSense och det fungerar riktigt bra och är användarvänligt jämfört med t.ex. Edgerouter.

Ska bli kul och börja labba lite mer framåt.