Messages

Hi,
I have following use case: opnsense with dual wan. Need to have a wireguard tunnel on first wan and a wireguard tunnel on second wan.
Both tunnel connect to a server on same ip (different port).
How can I do it?
Thanks,
Mario

Hello,
I need this agent too, I can offer a bounty.
Mario

Hi,
I have some OPNsense with dual wan and I need to check quality of internet connections.
Obviously OPNsense change gateway automatically on packet loss or line down.
I need to receive an alarm when a line goes down or there is packet loss.
I would like also to have a centralized log for problems.
I am trying several monitoring solutions but all focus on monitoring cpu/mem usage or ethernet traffic and no one focus on gateway data.
Have you some suggestions?
Thanks,
Mario

Hi All,
I'm Mario and this is my first post on this forum. Pleased to meet You.

I.ve upgraded OPNSense to version 23.7.6 and tried to reconfigure static ip assignment to my OpenVPN clients but this does not work.

My OpenVPN server creates the following subnet 192.168.20.0/24. I want a certain user to login and get always IP 192.168.20.8, so I configured in CSO "IPv4 Tunnel network" to "192.168.20.8/32". It does not work.  :-[

It seems that CSO are completely ignored when client with specific username is logging in. Confirmed also by trying to check the option "Connection blocking"; use can still login normally.

It seems that common name and username never match. I also checked "Force CSO Login Matching" but does not work.

HI,
I have the same name (Mario!) and the same problem.
I am on OPNSense 23.7.12 bought from Azure (so it seems OPNSense earns a commission) and, after an update from previous version I have lost custom options in cso. Now I put topology, but ipv4 ip tunnel network is ignored so I cannot set ip for clients.
I have several openvpn servers active, can it be the problem?

Hi,
I have an openvpn where I fixed each client ip using CSO and putting ifconfig-push in the custom field.
Now custom field is no more but I badly need this feature: I need that clients always reconnecto with same ip!
How can I do it?
This is a serious showstopper for me and no I cannot change vpn type.
Thanks,
Mario

Hi,
I have several OPNSense "clients" that are linked to an OPNSense "server" using OpenVPN.
In each OPNSense I add also a zerotier vpn for service.
In one OPNSense, probably after adding zerotier, but I am not sure, the OpenVPN now fails adding routes.
At boot or if the OpenVPN restarts due to networki problems -> it does not add routes.
So I manually restart and correct routes appear!
I need to solve this problem can someone help me?

Thanks,
Mario

Hi,
I have an opnsense installation with two disks and zfs raid.
One disk broke and I am not able to rebuild it.
It has four partitions (I am using uefi).
I have tried to rebuild partitions following other forum threads but the disks still not boot, probably because boot sector is missing.
Have you a detailed guide to rebuild? It seems very important to me because you do raid because disks break, and when they do you need to replace them quickly.
Proxmox, for example, has built a script that rebuilds the disk structure when you replace a disk.
Thanks in advance for any help.
Mario

I reply to myself: if you have more than one openvpn server AND you want to use CSO you must use a different CA in each server.
I do not remember to have read this thing in any documentation.

Can someone help me in debugging?
Is there some option in the config file that may block CSO usage?
Thanks,
Mario

Hi,
I have an opnsense (latest version), with three openvpn servers on it.
All servers are working and I can ping opnsense and all clients.
On second and third openvpn I have configured several CSO with additional routes.
In the second vpn the CSO are working perfectly and, infact, I see in the folder /var/etc/openvpn-csc/2 I see all cso currently active.
The folder /var/etc/openvpn-csc/3 is always empty and if I try to write manually a cso it is deleted after vpn restart.
I have borrowed configuration of openvpn n3 from openvpn n2 so I do not understand why CSO works only for openvpn n2.
Can you help me?
Thanks,
Mario

Yes, they have a freebsd package after my request. I would like a more integrated solution because I do not want to install it manually.
Thanks,
Mario

I have seen the docs.
Is it possible to hire someone or to give a bounty?
The rport agent is already working on bsd as a shell software.
Mario

Hi,
where I can ask for new plugin?
I am interested in putting rport.io agent as an OPNSense plugin.
Thanks,
Mario

Probably I was not clear, I need that the openvpn client:

- starts on slave when master fails;
- uses second wan when first wan fails

I know that with PFSense it is possible.
I know that with OPNSense was not possible, but several time is passed, are there improvments?

Hi,
I would like to get an update about using openvpn in HA setup and multiple wan (with failover on second wan): is it possible to have both?

Thanks,
Mario