Messages

I'm sure we will be adding a widget, but first let's get everyone up and running :)

Cheers,
Franco

Thanks Franco and an entirely understandable plan.

Appreciate all the work you do.

Best wishes

For me the only thing that is lacking with the new DynamicDNS plugin is the lovely widget from the old one.

Agree, would be nice to have the widget back!

Glad I'm not the only one.  I found the code here but I don't know anywhere near enough php to tackle a migration to os-ddclient.

@chbmb What is the objective with the NAT rule? I have enabled only the uPNP (in the same way you did) to achieve Type 2 NAT.

Actually you don't need uPNP, my PS4 works perfectly with just that Nat -> Outbound rule.

Sorry for the late reply, got a chance to test this a bit more. 

I found with my uPNP setup as above if I disable the NAT rule my NAT Type defaults to Type 3.

However if I stop the uPNP service everything continues to work with NAT Type 2.  So I'm going to go with hushcoden on ths one and I've removed uPNP and edited my original post to reflect that.

I've upgraded to 22.1 today and migrated my simple Dynamic DNS requirements over to ddclient without too much trouble.

Code Select Expand

root@opnsense:~ # cat /usr/local/etc/ddclient.conf
daemon=300
syslog=yes                  # log update msgs to syslog
pid=/var/run/ddclient.pid   # record PID in file.
ssl=yes

#
# setup how we expect to retrieve an IP address
#
use=web, web=http://checkip.dyndns.org/, web-skip="Current IP Address:"

use=if, if=pppoe0, \
protocol=cloudflare, \
zone=domain.tld, \
login=my.email@gmail.com, \
password=mycloudflare API key \
domain.tld

Logs

Code Select Expand

2022-02-20T09:05:56 Notice ddclient[17589] 64046 - [meta sequenceId="1"] SUCCESS:  domain.tld -- Updated Successfully to xxx.xx.xxx.xxx

Webui


For me the only thing that is lacking with the new DynamicDNS plugin is the lovely widget from the old one.

[DISCLAIMER]

DISCLAIMER I'm sure cleverer and greater minds than mine have achieved this in other ways and quite probably with more finesse, but it does seem to generate a few questions on the internet so figured I'd post what worked for me.

EDITED 20/2/22  Following the post by hushcoden (Thanks) below it appears the uPNP setup I had included is superfluous to requirements and I've removed it, as I've never been a fan of uPNP!

I've had a PS4 for years and never bothered to fix my NAT type as I don't play online, however I've been lucky enough to recently get hold of a PS5 so decided to work out my NAT issues and thought I'd post it here for anyone who might be interested.

Step 1

I setup static mappings in my DHCP for both the ethernet and wifi interfaces on my PS5 (To give me the flexibility of being able to move it elsewhere in the house and not necessarily need a hardwired connection.



Step 2

I created an alias for both of these IP addresses.



Step 3

Finally here's my NAT rule (I'm using Hybrid NAT)

@ownerer: if you want to start from scratch, disable OpenVPN stuff and do a packet capture on the WG interface to check if packets are traversing the tunnel. I need screenshots of FW rules and outbound NAT. The interface has to be with no ip configuration and if you touch it you need to restart wireguard

Hi mimugmail, I think a few of us are finding this more difficult than expected.  I'm a bit tied up at the moment as very busy at work and second child arriving fairly soon, I was wondering, would it help if I donated a month or two of Mullvad to you?  If nothing else so you can illustrate the firewall rules required, Let me know and I'll quite happily do so.

Will do.  I'm clearly missing something.   I'm getting very close to a nuke and pave.

Thanks for the offer.... I just got it working.

I made a stupid mistake: in the servers list, I used the multihop Port instead of the standard port!
Juts now changing all my Rules to use Wireguard instead of PIA

Thanks again for the offer of help.

Well if you'd care to share, I still can't get it working!  ;D

Where have you got to with it?  Perhaps we can figure it out together?

Ok.....

So this is unfortunate.....

I broke my first rule of documenting stuff and backing it up  before doing anything else.  Unfortunately, I suffered a power cut to the house not long after mimugmail was kind enough to teamviewer in and help with this.

My config got hosed and I'm trying to recreate it, but am completely unable to resolve any addresses.

I did save the messages between myself and mimugmail at the time, so all is not lost, so if anyone else wants to try this here are the brief instructions.

In sum, pick a random IP like 1.2.3.4, add it to endpoint in addition to 0.0.0.0, add it to gateway in local instance and hit disable routes, assign wg interface, add a gateway with ip 1.2.3.4 and far gateway, then create firewall rules with 1.2.3.4 as gateway.

Count me in as another user trying to do the same!.
I have everything running on PIA OpenVPN (including routing for ports/devices) but wanting to switch to Mullvad Wireguard after the recent news.....

I have the wireguard server running on my opnsense - it's awesome!

(hi CHBMB - from another unraid guy!)

Hello mate, I recognise the name!

I fixed it with him, he will write a guide

You did, I'm still fiddling with a few things which I think are DNS related.  But yeah, definitely able to get stuff routed down the tunnel now.

Can you ping me via IRC? I can have a look via Teamviewer

Yeah, will do when I get back from work and we'll try and work out a time.  Thanks for that!

Sent from my Mi A1 using Tapatalk

Count me as another user trying to get wireguard to work with policy based routing. I tried months ago with no luck. Hopefully someone figures it out.

Well that's three of us that are struggling!  If nothing else you've made me feel better about not being able to get it working.

Perhaps I'm not quite as dumb as I thought!   ;D

I have tried to get this working with mullvad aswell, got it working once for 10minutes. I will try again this weekend if I can get it stable I can share the configuration with you.

I would be very grateful.   ;D

I noticed you use hybrid nat on your wan and your source on it is any, the auto nat rules also contain your mullvad interface on wan, im not sure the manual nat rule for the mullvad interface will work here.. have you tried manual outbound nat ?

I haven't tried manual outbound NAT, I thought with hybrid that rules were applied in order from top down.

I would also then remove the source "lan net" from your lan rule and make it source any and put the mullvad gateway back into your lan in rule to test if it works at all

Unfortunately, it still didn't work

(if it does you can try an alias containing ip's as source next). You could also try to set a local tag on the lan in rule and match the tag on the outbound nat rule for the mullvad interface (in a manual nat configuration).

It's my end intention to make it a bit more granular in terms of clients that use the Mullvad tunnel, just figured making it as simple as possible to start with.

Not that it's been as simple as I'd originally hoped.....

Thanks for the reply, if nothing else it's reassuring to know others have had difficulty too....

OK guys, I'm not sure what you're doing, but I can 100% confirm port forwarding is working as expected.  I'm new to OPNsense too, but I came from Pfsense, which is pretty similar. 

I did find there was a fairly steep learning curve coming from a modem/router (I was using an Asus prior to this) here's my port forwards so you get an idea of what they should look like.