Messages

1

24.1 Legacy Series / Re: Satellite OPNsense don't reconnect to main via Wireguard

« on: November 24, 2024, 08:52:55 am »

Hi FraLem,
no there is no constant traffic being forwarded between the remote devices and mine.

2

General Discussion / Satellite OPNsense don't reconnect to main via Wireguard

« on: November 23, 2024, 06:00:08 pm »

Hi all!
I have 2 remote OPNsense (1 at my parents and 1 at my sister) and one in my house that has a static public IP.
The 2 remotes connect to my own via Wireguard, but if I restart my OPNsense, the other 2 don't automatically reconnect to mine, they do only when I restart them.
Is there a way to have them automatically reconnect when the connection drops?
Thanks!

3

24.1 Legacy Series / Satellite OPNsense don't reconnect to main via Wireguard

« on: November 23, 2024, 04:44:01 pm »

Hi all!
I have 2 remote OPNsense (1 at my parents and 1 at my sister) and one in my house that has a static public IP.
The 2 remotes connect to my own via Wireguard, but if I restart my OPNsense, the other 2 don't automatically reconnect to mine, they do only when I restart them.
Is there a way to have them automatically reconnect when the connection drops?
Thanks!

P.s. I've moved the post in the General discussion forum but I don't know how to delete this...

4

General Discussion / Internet only works if I disable and enable WAN, after, it doesn't

« on: June 13, 2024, 08:08:07 am »

I've setup a new OPNsense instance.
The WAN is connected to a fiber ONT (PPPoE). It receives the IP and the default route is there.
Internet is not working. If I launch a ping to 8.8.8.8, it fails. Traceroute doesn't reach any hop.
If I leave the ping pending, disable the WAN and enable it back again, when I go into diagnostics I see that the ping works and keep working, but if I stop and start them again or if I launch a new one (always to 8.8.8., they don't work.
Whaaaat?
What could have I done wrong?

5

General Discussion / After restore Wireguard interface is not present

« on: June 03, 2024, 05:31:24 pm »

I've restored the configuration to a new hardware.
After I've uploaded it I've assigned the interfaces because the physical interfaces on the 2 hardware are different (I had to edit with no changes and save all the VLAN, then I could assign the interfaces), but in the interfaces there was not WG1.
I've rebooted, I've disable and enabled back the Wireguard instance, but nothing.
In the Wireguard instance I see that the device is WG1, but I can't find it.
How can I solve this problem?
Thanks!

6

General Discussion / Re: Restore config to new HW -> no WebGUI access

« on: June 03, 2024, 05:27:48 pm »

However, the installation file is version 24.1 and not 24.1.8.
And that was apparently exactly the error!

For me it was the opposite: the backup was from V 23.x, but I'm not sure that this has been what solved the problem because I've done a looot of other tests.

By the way, thanks!

7

General Discussion / Re: Restore config to new HW -> no WebGUI access

« on: May 30, 2024, 07:10:32 pm »

Bump...
Anyone?

8

General Discussion / Re: Restore config to new HW -> no WebGUI access

« on: May 28, 2024, 11:12:26 am »

Check System > Settings > Administration >  Listen Interfaces. Best set to "All (recommended)".

I've just checked, on my old router it's already set to "All (reccomended)".

9

General Discussion / Restore config to new HW -> no WebGUI access

« on: May 28, 2024, 10:57:19 am »

Hi all!
My OPNsense hardware is a Fujitsu Futro S920 with just 1 NIC, so I use VLANs to manage WAN/LAN.
I'm trying to restore the configuration into a new hardware that has multiple NICs, I've opened the config file, renamed the physical interface with the name of one in the new hardware, restored the configuration and I can see all the VLANs and the physical interface. I can assign a new IP to the interfaces, I can ping them, but I can't reach the WebGUI.
I've disabled the firewall with pfctl -d, but nothing.
What am I doing wrong?
Thanks!

Here is the interfaces config part:

Code: [Select]

  <interfaces>
    <lan>
      <if>re0</if>
      <ipaddr>192.168.20.251</ipaddr>
      <subnet>24</subnet>
      <ipaddrv6/>
      <subnetv6/>
      <media/>
      <mediaopt/>
      <gateway/>
      <gatewayv6/>
      <descr>LAN_fisica</descr>
    </lan>
    <lo0>
      <internal_dynamic>1</internal_dynamic>
      <descr>Loopback</descr>
      <enable>1</enable>
      <if>lo0</if>
      <ipaddr>127.0.0.1</ipaddr>
      <ipaddrv6>::1</ipaddrv6>
      <subnet>8</subnet>
      <subnetv6>128</subnetv6>
      <type>none</type>
      <virtual>1</virtual>
    </lo0>
    <opt1>
      <if>vlan01</if>
      <descr>LAN</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.20.251</ipaddr>
      <subnet>24</subnet>
    </opt1>
    <opt2>
      <if>vlan02</if>
      <descr>WAN</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>dhcp</ipaddr>
      <dhcphostname/>
      <alias-address/>
      <alias-subnet>32</alias-subnet>
      <dhcprejectfrom/>
      <adv_dhcp_pt_timeout/>
      <adv_dhcp_pt_retry/>
      <adv_dhcp_pt_select_timeout/>
      <adv_dhcp_pt_reboot/>
      <adv_dhcp_pt_backoff_cutoff/>
      <adv_dhcp_pt_initial_interval/>
      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
      <adv_dhcp_send_options/>
      <adv_dhcp_request_options/>
      <adv_dhcp_required_options/>
      <adv_dhcp_option_modifiers/>
      <adv_dhcp_config_advanced/>
      <adv_dhcp_config_file_override/>
      <adv_dhcp_config_file_override_path/>
    </opt2>
    <opt3>
      <if>vlan03</if>
      <descr>IoT</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>172.16.33.251</ipaddr>
      <subnet>24</subnet>
    </opt3>
    <opt4>
      <if>vlan04</if>
      <descr>VLAN200</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.200.251</ipaddr>
      <subnet>24</subnet>
    </opt4>
    <opt5>
      <if>wg1</if>
      <descr>WG1</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
    </opt5>
    <opt6>
      <if>vlan05</if>
      <descr>Neighbors</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.15.251</ipaddr>
      <subnet>24</subnet>
    </opt6>
    <openvpn>
      <internal_dynamic>1</internal_dynamic>
      <enable>1</enable>
      <if>openvpn</if>
      <descr>OpenVPN</descr>
      <type>group</type>
      <virtual>1</virtual>
      <networks/>
    </openvpn>
    <wireguard>
      <internal_dynamic>1</internal_dynamic>
      <descr>WireGuard (Group)</descr>
      <if>wireguard</if>
      <virtual>1</virtual>
      <enable>1</enable>
      <type>group</type>
      <networks/>
    </wireguard>
  </interfaces>And here the VLAN part:

Code: [Select]

<vlans version="1.0.0">
    <vlan uuid="ab11bcee-edca-4de1-a019-432e490cbbfc">
      <if>re0</if>
      <tag>2</tag>
      <pcp>0</pcp>
      <descr>LAN_VLAN</descr>
      <vlanif>vlan01</vlanif>
    </vlan>
    <vlan uuid="255dd735-3d7e-49fa-9aa3-352dcf1b0c69">
      <if>re0</if>
      <tag>77</tag>
      <pcp>0</pcp>
      <descr>WAN</descr>
      <vlanif>vlan02</vlanif>
    </vlan>
    <vlan uuid="da04b0cb-2852-49c7-82ca-e0a820479c90">
      <if>re0</if>
      <tag>33</tag>
      <pcp>0</pcp>
      <descr>IoT</descr>
      <vlanif>vlan03</vlanif>
    </vlan>
    <vlan uuid="25477895-432b-4814-8a6c-a70423aea760">
      <if>re0</if>
      <tag>200</tag>
      <pcp>0</pcp>
      <descr>Management</descr>
      <vlanif>vlan04</vlanif>
    </vlan>
    <vlan uuid="4843b562-0653-4852-a3e5-b44a64eea025">
      <if>re0</if>
      <tag>15</tag>
      <pcp>0</pcp>
      <descr>Neighbors</descr>
      <vlanif>vlan05</vlanif>
    </vlan>
  </vlans>

10

Virtual private networks / Re: [Wireguard] Name does not resolve - only on reboot

« on: February 01, 2024, 04:38:08 pm »

Well...I've just realized that I didn't setup any DNS  :| OPS!
Thanks!

11

Virtual private networks / Re: [Wireguard] Name does not resolve - only on reboot

« on: February 01, 2024, 04:02:09 pm »

Probably the Internet connection isn't up yet (the vDSL modem is slow).
Why WG doesn't retry?

12

Virtual private networks / [Wireguard] Name does not resolve - only on reboot

« on: February 01, 2024, 03:30:05 pm »

I've setup a Wireguard VPN that works.
Today we had 2 blackout and both the time the VPN didn't connect automatically to the endpoint.
I've checked and in the logs I see

Code: [Select]

Name does not resolve. If i disable and enable back the endpoint, it works.
So it seems that after Opnsense restarts it's not able to resolve a public DNS and WG doesn't retry.
How can I solve this problem?
Thanks!

13

Virtual private networks / Re: WG: site 1 ping site 2, but not vice versa

« on: September 28, 2023, 06:38:33 pm »

Going through the manual you linked me, I've discovered that I was using different subnet in the tunnel address.
Thanks!

14

Virtual private networks / Re: WG: site 1 ping site 2, but not vice versa

« on: September 27, 2023, 05:36:30 pm »

I just have 1 router with public IP, butt I'll try.

15

Virtual private networks / WG: site 1 ping site 2, but not vice versa

« on: September 27, 2023, 04:34:03 pm »

Hi all!
I've setup 2 OPNsense with WireGuard.
Attached you can see the settings of both routers.
Routes of each other routers are presents.
Site 1: 23.7.5, WG plugin (os-wireguard) 2.1 - 192.168.31.251
Site 2: 23.7.5, WG plugin (os-wireguard) 2.1 - 192.168.20.251

From site 1 I can ping 192.168.20.251
From site 2 I CAN'T ping 192.168.31.251

In the firewall In the WG interface I've created 2 rules, 1 for inbound and 1 for outbound with accept on both routers

What am I missing?
Thanks!

P.s. Sorry but I don't know how to place the images inline. How do I do that?