Messages

Again from the Opnsense console I am able to run uspc <myupsname@nutserveraddress:port>  and get a reply from the NUT server. So this is a setup issue in the GUI. I am not sure what I am missing.

I have a nut server running and trying to attach my opnsense system to it. I installed the NUT service but it won't start. Not sure what I am missing. BTW if I drop into the console and run uspc <myupsname@nutserveraddress:port> I get the UPS status as expected. So I must be doing something wrong in the setup panel.

What I have:

General Setting:

Enable Nut - checked
Service Mode - netclient
Name - deltec-PRA1500 (UPS Name on the NUT Server)
Listen Address - 127.0.0.1 (I also tried <NUT server ip>

UPS Type:

Netclient
Enabled Checked
IP Address <NUT Server IP address>
Username <blank>
Password <blank>

Can you post your configuration?

After a bit more searching MTU was the culprit. I moved it from the default 1420 to 1380 and everything seems to load as expected. I'm going to wait for a day if it these stay like they are I will mark this as solved.

Thought I would try Wireguard client connection to PIA. I used Jonny's Wireguard PIA setup script which did its job. I then moved my VPN IPs to PIA Wireguard from PIA OpenVPN. 

Over time I run into connection issues. I am using Pihole for DNS forwarding. The longer WG is up I get more and more browser connection issues. I can ping the FQDN without issues during the timeouts. I am wondering if this is a routing issue? As I write this I figure a trace route would be in order when the connection issues start.

Anyone seen these type of issues with WG. I have no issues with OVPN.

I followed the pfsense guide on page one of this thread. I also found if you want to use system DNS override, add it to your ISP gateway and not the VPN gateway.

I would also do things in steps. First make sure your OpenVPN client connection is solid. Once connected create the VPN gateway. Once that is done do the routing. Every time to change routing bounce the OpenVPN client. Connections are state-full so you need to bounce so the rule will take affect. Hope this helps

I finally figured out my last issue. It appears in System->Settings->General->DNS Servers you should only have one override. I was adding one for WAN and one for PIA. When I removed the entry for PIA everything worked as expected.

For me with Don't Pull Routes checked it all works. But I can test it like you suggested

I isolated the issue with the Lan rule for PIA. It got corrupted somehow. I deleted it rebooted, recreated it and all is working now.

The icmp and udp issues still exist but everything else is working. I am redirecting DNS requests to a PiHole DNS

Before I try wireguard script I was wondering if anyone has an idea why I see this error when I select Don't pull routes?

Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.0.0.243,dhcp-option DNS 10.0.0.242,ping 10,comp-lzo no,route-gateway 10.11.112.1,topology subnet,ifconfig 10.11.112.3 255.255.255.0,auth-token'

What needs to be setup before the trying the script? Do I remove all the PIA configuration I have? Can I pick the IPs that get pushed through Wiregaurd?

I just ran into an interesting issue. I have a primary and backup Opnsense install. I upgraded the hypervisor on the primary and switched to the secondary. I set up PIA and ran into an issue. For some reason icmp and udp traffic is getting blocked on the lan gateway address. TCP/IP traffic is fine. I found this since DNS look ups were failing but I could ping external IPs. I setup PiHole as a new DNS server, pointed the PIA systems to its IP and all is fine. Any idea what would cause the protocol block?

I found this....

https://github.com/opnsense/core/pull/4433

I wonder if it would fix my problem?

Seems like OPENVPN is broken is OPNSense?

What do you think?

If you ssh into the opnsense console and do a ping -S 10.8.110.<yourIP> google.com does it work?

You need an Outbound NAT rule on the VPN Interface to masquerade outgoing traffic with the ip address of your VPN interface

Its hard to figure out your issue without seeing your config. I posted images of my config which I think is accurate. If you can post yours we can try to figure this out. Just remember when you make changes for sanity sake bounce the interface like I described. I am sure this is what fixed my issue.

This is a manual which I used to do what you want to achieve:
https://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/

It's for pfSense but it's really easy to adopt it.

I went through the guide and it was the same as other guides I have followed. Anyway its working. I think the key was after changes I did a refresh from VPN -> OpenVPN -> Connection Status -> Restart . All my other attempts I would would go to VPN -> OpenVPN -> Clients -> PIA stop start.. Thanks everyone for your support..