VPN Devices

Comments

3 comments

  • Official comment
    SVN Support Team

    Hi Denny,

    Zenarmor can protect OpenVPN (tun) interface and WireGuard-go version interface. Zenarmor uses netmap which is an Operating System subsystem to grab packets off the wire. Netmap can not work with WireGuard-kernel module intrface yet.

    Zenarmor counts the VPN devices for the license as well.

    Comment actions Permalink
  • Mladen Parvanov

    Hi, thank you for the quick response.

    * "Zenarmor can protect OpenVPN (tun) [...]"

    Does it mean that application control and all layer 7 features work over OpenVPN if the client VPN (gateway) is routed through the OPNSense device?

    * "Zenarmor counts the VPN devices for the license as well."

    What is actually counted, the IP addresses? In that case, all non-important devices, such as smart home devices, count as well, right? And what happens if, in the case of the 100-device plan, the devices suddenly and unexpectedly go higher than 100?

    Thank you

    BR

    Denny

    0
    Comment actions Permalink
  • SVN Support Team

    Hi Denny,

    Yes. You can get benefits of all Zenarmor capabilities, like application control and web filtering on a protected OpenVPN interface.

    IP addresses are counted for licensing. You may exempt IPs of unimportant devices easily. https://www.zenarmor.com/docs/opnsense/configuring/general#exempting-vlans--networks

    It won't be a problem to exceed %10 of the license size. Zenarmor doesn't block exceeded device connections. But, Zenarmor arranges the system resources according to license. So when you exceed the license count, Zenarmor can not handle all sessions on it and packet loss starts.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk