OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: spaccabits on June 28, 2022, 02:06:57 pm
-
GUI access:
although Listen interfaces is set to "All (recommended)", only the IP of the LAN interface is accessed.
the same goes for SSH access.
the GUI reboot works if and especially when it wants: after giving it, think about it, go back to the "dashboard" and, with ease, start again, obviously whatever you do you will need to log in.
... and now the most serious problem: Wireguard.
however you set it does not do the handshake even with hammer blows, but not only, if you set the NAT and firewall rules following the instructions in the guide, in particular that relating to Road Warrior clients (https://docs.opnsense.org/manual/how-tos/wireguard-client.html) you completely stop accessing the LAN and therefore also the Internet, you need to access the console and disable the Wireguard interface from here.
if anyone has the opportunity to report these problems to the developers is welcome, then if there are those who have solutions, especially as far as Wireguard is concerned, they are even more welcome.
thanks for your attention
(sorry my bad english)
-
> only the IP of the LAN interface is accessed.
> the same goes for SSH access.
You need to specifically allow access on optional interfaces as allow-all is only applied to default LAN interface. Similar things happen with anti-lockout rules... only the first interface will gain anti-lockout behaviour for management reasons.
I'm not sure about your reboot situation.
Maybe for WireGuard it's just a DNS issue (don't set DNS servers in WireGuard config).
Cheers,
Franco
-
Maybe for WireGuard it's just a DNS issue (don't set DNS servers in WireGuard config).
in the Wireguard configuration I don't have any DNS.
one thing, however, I must say: with the previous version (22.1.8? I don't remember) Wiregurad worked normally, without even the need to create rules for the Firewall, I have no idea what has changed.
I must add that at boot (or reloading the services) this message appears on the console:
Running wireguard-go is not required because this kernel has first class support for WireGuard; For information on installing the kernel module, please visit: https://www.wireguard.com/install
because? how can it be solved?
regards
luigi
-
the GUI reboot works if and especially when it wants: after giving it, think about it, go back to the "dashboard" and, with ease, start again, obviously whatever you do you will need to log in.
Out of interest, do you use the memory filesystem, and have features like Insights enabled with backups to disk?
On a previous release, I used to see that when I had this combination of features, during the reboot OPNsense would try to back up the memory-backed mountpoint to disk. This took so long that the "check for when the box has rebooted" spinner thing would start firing, see that the UI was up, and assume the reboot was finished even though it wasn't. Then when the backup script actually finished, the reboot would happen.
I did some tinkering a while back and opened https://github.com/opnsense/core/issues/5278 (https://github.com/opnsense/core/issues/5278) about changing the compression algorithm; by default it uses gzip which gives good compression but is slow. I changed my appliance to use zstd level-1 which was slightly larger but compressed in around 15% of the time