Over the past few weeks, I created the OPNsense Baseline Guide with Mullvad VPN, Guest, and VLAN Support (https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/). It's a beginner-friendly, comprehensive step-by-step guide that replicates the popular pfSense baseline guide (https://nguvu.org/pfsense/pfsense-baseline-setup/) setup that many of you might know.
I skip over hardware selection and installation instructions as I was fortunate enough to be able to support Deciso's open-source mission by buying the DEC630 like a year ago. The only thing I regret about the purchase is that I now can't afford the sexier-looking successor model, the DEC690. ;D
The guide covers the following topics:
- ISP and WireGuard Mullvad VPN WAN
- "Clearnet", VPN, and Guest VLAN configuration
- Simultaneous use of DNS resolver (Unbound) and forwarder (Dnsmasq) to satisfy the requirements of VLANs
I revised this guide many times as I configured and learned about the OPNsense platform. I probably clean installed my appliance more than 20 times. Publishing this guide has been on my agenda for a like a year and I'm really happy to share it with you. Any feedback is greatly appreciated and I hope you like it.
The only issue I'm having is that I can't get WireGuard multi-WAN to work (https://forum.opnsense.org/index.php?topic=25580.0). Someone commented that `wireguard-kmod` makes it possible, so I'm gonna give this a try soon.
thank you
Well done. Thank you.
Thank you very much for this very detailed beginners guide, it helped me a lot getting things set up. Everything works but the wireguard interfaces. I even bought a month of mullvard to be sure that the vpn provider is not the problem but the wireguard service doesn't want to stay on and the vpn gateways keep showing offline (probably as a cause of that). I did get a handshake in the wireguard config though so no idea what's the problem.
Maybe the cause is that I shouldn't have upgraded to 22.1 beta but I hope someone can help me getting it solved anyway.
Thanks in advance
edit: I've reverted to 21.7.5 now, the wireguard service is running now but the wan_vpn interfaces are still down
One of the best guides I ever read, and I refer both at the content and the layout, it was a pleasure reading it. (but I already told you on reddit :D)
Thanks a lot.
Quote from: The_Dave on December 13, 2021, 05:02:32 PM
Thank you very much for this very detailed beginners guide, it helped me a lot getting things set up. Everything works but the wireguard interfaces. I even bought a month of mullvard to be sure that the vpn provider is not the problem but the wireguard service doesn't want to stay on and the vpn gateways keep showing offline (probably as a cause of that). I did get a handshake in the wireguard config though so no idea what's the problem.
Maybe the cause is that I shouldn't have upgraded to 22.1 beta but I hope someone can help me getting it solved anyway.
Thanks in advance
edit: I've reverted to 21.7.5 now, the wireguard service is running now but the wan_vpn interfaces are still down
Adding this here also for completeness:
Quote from: The_Dave
It turns out the solution to the problem was not to use a server adress in form of de4-wg.socks5.mullvad.net as listed on the mullvad website under servers, but to use a server adress like de4-wireguard.mullvad.net.
Fantastic guide, thank you sir for your time, effort and sharing you knowledge.
I'm new to Firewalls and this has helped me tremendously.
Thank you!
Mark
Quote from: The_Dave
It turns out the solution to the problem was not to use a server adress in form of de4-wg.socks5.mullvad.net as listed on the mullvad website under servers, but to use a server adress like de4-wireguard.mullvad.net.
Mullvad should really fix this, it's very easy to miss for beginners! Good you figured it out.
And anyway, this guide is amazing work!
Excellent work!
If you are adding more sections then consider adding Monit with a simple "ping" service test to monitor if a host is up or down!
Upgrading to 22.7 went smoothly 8)