Messages

No. It was a default Debian 13 install.
I don't use IPv6 so I disabled it like so:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

sysctl -p
sysctl net.ipv6.conf.all.disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 1

After this change there is no difference. Also double checked the IPv4 address in Shaper and on the client.
Restarted Shaper service as well.

Yes. I thought so too.

But when I download a file from the computer with limited bandwidth it does not show up on the stats page (0 bytes accessed 1970-01-01T01:00:00).
The pipes and the rules are on the stats page.

So, or the docs/configuration has to be changed, or Shaper does not function as it should.

Hi,

Sometimes a computer on my LAN uses all the available bandwidth.
How do I setup Shaper?
Goal: Max bandwidth as default accept for some computers.

Now I have: Four Pipes: Down/Up for Max and Limited.
No queues.
Four rules: Down/Up for Computer to limit first (Limited pipes) followed by rules for LAN (Max pipes)

At the Status page there are stats for the max pipes but none for the limited pipes.

No. See attached image.

LAN net = subnet A
Internet = subnet A
DMZ = subnet B

The server that is blocked is in subnet C and it's IP address is in the 'NoVPN' alias.
The bottom rule in the picture is for all in subnet C.
Below these rules are more rules. Packets from the server should match the NoVPN rule so I excluded them from the picture.

Hi,

For one box I want internet access bypassing my VPN client to a VPN provider.
So I added the IP address to a 'NoVPN' alias.

On the LAN interface the is a pass rule:
Source: IPv4 NoVPN alias
Destination: *
(and another rule below for the same subnet to use VPN gateway)

When I search the logs using remote logging there are packets on the LAN interface that are blocked from this one box (from tcp high ports to tcp high ports).
So before going out on the internet some packets are blocked.

How is this possible?

Do I have to use the Authority of the VPN provider? Can't select it in the Trust section when creating a client instance.

Role: Client
Protocol: UDP
Type: TUN
Remote; <vpnserver>:<port>
User: xxxxx
Password: xxxxx

What else?

Hi everyone,

For my internet access I use a well known OpenVPN provider. Muliple legacy clients (for multiple countries) are configured. Works fine. How do I go from legacy clients to client instances?

How did you configure the Client profile?

Oops....  :-[
In the client profile I used the public key of my laptop.....for the OPNsense peer.

Got a handshake  :). Can't ping anything yet.
That's for another time.
This is solved for now. Thanks!

No handshake yet.

When connecting from public wifi to OPNsense 'required key missing' (or similar, this is a translation) was shown on my laptop (wg client).
Have to debug a lot (routes, metric, dns, allowed ip's).

Today I came across the 'wg watch' command.
To be continued. Debug suggestions welcome.

No, wireguard doesnt log anything per design.

Didn't knew that. Thanks.

Recreated my 'Laptop' peer. It now shows on the wireguard widget. Offline for now. Not tested with public wifi yet.
Also created an extra firewall rule on Wireguard (Group) to monitor outbound wireguard traffic (51820/udp).

In my 'Laptop' peer I left Endpoint and port empty. Is this correct?

I will report back when I have tested from public wifi.

Where in the OPNsense logs can I check those 3 cases?

The packets reach the OPN server. In the logs I see correct source and destination IP address and port 51820/udp (pass).
'Laptop' is a peer of the only wireguard instance (and is enabled).

VPN - Wireguard - Logfile is empty.
VPN - Wireguard - Satus - Handshake is empty.

If the keys are wrong, shouldn't there be at least a log message?

Hi everyone,

Using a public wifi I'm trying to connect to my home LAN.

In the logs of OPNsense (via Graylog) I see some incoming packets on WAN port 51820 (pass).

There are no firewall rules on the wireguard interface.
There is one rule on Wireguard (Group): Any IPv4 to one private subnet (/24).

Why is there no handshake when I connect from my Linux Mint laptop?
The public wifi isn't the problem I think. There are incoming packets on OPNsense.

Solved with a 4G dongle (Alcatel IK41xx).

Configured WAN interface with USB device (ue0) and DHCP.
The WAN IP address is a private IP address of the dongle.
All fine now.

Key was to remove the PIN code from the SIM card.
Can't tell how that was done. That was done by the store where I bought the Sim card.
Something like put SIM in a smartphone and remove the PIN.

Thanks for your replies,
The M6 I saw, but for me it's too expensive for only bridging a gap for a month between two DSL providers.

Because it's a temp solution, switching software is not an option now.

Hi,

Today I tried to use a Huawei E3372H. No luck
Read online that model has to be flashed (to S version)

Does anyone has a recommendation for a similar dongle that is supported by OPNsense?
It is a failover for DSL. My DSL is down for now.
Posting from a public hotspot.

The Acer D5 Connect Predator does not work because there is not enough power on the USB port.