Messages

Great work on this release!.

I have been using tailscale as an exit point on a machine inside the firewall but now switched to using the OPNsense instructions on tailscale.com. It is working well - can manage systems inside the firewall and get internet access.
However, I would like to setup a rule that forces any external clients to exit via my wireguard (mullvad) vpn rather than via the WAN. The clients seem to have my external IP address from what I can see.
I know its a basic question but I am going around in circles!.

tdlr- need any client that has come in via TLSCL interface to be able to see internal systems (working) and exit firewall only via VPN.

Many thanks!

sent a pm - let me know if it make sense and works first so that we can do a proper writeup!

Thanks for the offer.... I just got it working.

I made a stupid mistake: in the servers list, I used the multihop Port instead of the standard port!
Juts now changing all my Rules to use Wireguard instead of PIA

Thanks again for the offer of help.

I'm still having problems getting this running ...... anyone have a step-by-step ready for this I would be grateful!

Count me in as another user trying to do the same!.
I have everything running on PIA OpenVPN (including routing for ports/devices) but wanting to switch to Mullvad Wireguard after the recent news.....

I have the wireguard server running on my opnsense - it's awesome!

(hi CHBMB - from another unraid guy!)

Interestingly, I get the same error (using pppoe) when trying to move the WAN interface from em3 (intel 4 port card) to the inbuilt realtek adapter with ppoe profile.

I will try the suggestions here first, but just wanted to let you know that you are not alone!

Just to update everyone..... I tried the 2.4.4rc version of pfsense and that works fine so it may be an 11.1 issue.
Looking forward to using an updated opnsense!

Its not the internet provider.... after lots of testing and trying the same with PFsense that I am trying to migrate from:

pfsense 2.3.5-RELEASE-p2 works well...
an "upgrade" or clean install to 2.4.x cuts the speed to the same that I see with opnsense.

It must be a driver issue, but I'm not clever enough to fix :(
Looks like i will have to stay on pfsense 2.3.5

**edit to add 2.4.x version that doesn't work properly!**

some more testing...

I tried pfsense 2.4.x and had exactly the same slow speed.
I then tried pfsense 2.3.5-RELEASE-p2 (amd64) and get the full speed....

So, something has changed between the pfsense versions.... Can I download the previous Opnsense version I wonder?

Just joined the opnsense train and having a couple of problems...

I am using 18.7.1_3-amd64 on the ASROVK J3455B board (bare metal), 8GB ram, SSD with an 9Y6138 39Y6137 IBM OEM Intel PRO 1000 PT Quad Port PCIE Server NIC and I am seeing traffic bounce around 40-60% of my normal speed.
(normal = ASUS router before this setup, which gave 80mbs down and 20mbs up)

I use a BT Openreach Modem which has 100full duplex connection, the port connected to it shows 100 full duplex.
The port connected to my wifi ap is running at 1000full duplex. I test the speed using wired and wireless on speedtest.net.

Hardware CRC    Disable hardware checksum offload
Hardware TSO    Disable hardware TCP segmentation offload
Hardware LRO   Disable hardware large receive offload
..are all ticked.
I have disabled VT-d.

The system shows almost 100% idle.

No extra modules are loaded/enabled... just straight out of the box.
To enable it to boot, I had to use:
Set hint.hpet.0.clock = 0
Set hint.ahci.0.msi = 2
Set hint.ahci.1.msi = 2
..and this is now in my Tunables.

I am stumped! anyone have a clue?

It is probably unrelated but I had a similar problem with  ASRock J3455B motherboard.
I had to use the following to boot:

Set hint.hpet.0.clock = 0    <---- you might not need this one
Set hint.ahci.0.msi = 2
Set hint.ahci.1.msi = 2