Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - andre_x

Pages1 2

Virtual private networks / Tailscale without IP at reboot

July 01, 2025, 11:20:49 AM

Hi everybody!
I'm on OPNsene version 25.1.9_2 and Tailscale plugin version 1.84.2.
When I reboot it, Tailscale results to be online, but without IP (and it doesn't work); I have to disable and enable it back again to get IP.
It could be because it's ready before the ONT is?
How can I solve this issue?
Thanks!

Virtual private networks / Re: Remote gateway over Tailscale

April 27, 2025, 07:50:11 PM

Quote from: ricardolanes on April 27, 2025, 07:11:41 PMHi, I'm not sure if that's it, but try changing the fw rule by setting the outgoing gateway.

Hi Ricardo, thanks for your reply!
I've done that the packages arrives at site A, they goes out, but they don't go back to site B or C. It may be a NAT problem, but I can't find it.

Virtual private networks / Remote gateway over Tailscale

April 27, 2025, 10:02:44 AM

Hi everybody!
I have 2 remote sites (B and C) and I want certain devices to exit to the Internet from my house (A).
Looking at the diagram, I want PC3 and PC6 to exit to the Internet with the public IP 1.2.3.4
All the sites are connected with Tailscale and site B and site C have the exit node set as site C.
On site B and C I've created a gateway with the IP of Tailscale site A, it's up and running with priority 255 (WAN has 254); I've also created a firewall rule for specific LAN IPs with that as gateway.
Onsite A I've created NAT rules (see attachment).
If from PC3 I ping 1.1.1.1 I see that ping going out of site A WAN, but the answer never goes back to PC3.
What am I missing?
Thanks!

Edit: how can I place picture in the post instead as attachments?

24.1, 24.4 Legacy Series / Re: Satellite OPNsense don't reconnect to main via Wireguard

November 24, 2024, 08:52:55 AM

Hi FraLem,
no there is no constant traffic being forwarded between the remote devices and mine.

General Discussion / Satellite OPNsense don't reconnect to main via Wireguard

November 23, 2024, 06:00:08 PM

Hi all!
I have 2 remote OPNsense (1 at my parents and 1 at my sister) and one in my house that has a static public IP.
The 2 remotes connect to my own via Wireguard, but if I restart my OPNsense, the other 2 don't automatically reconnect to mine, they do only when I restart them.
Is there a way to have them automatically reconnect when the connection drops?
Thanks!

24.1, 24.4 Legacy Series / Satellite OPNsense don't reconnect to main via Wireguard

November 23, 2024, 04:44:01 PM

General Discussion / Internet only works if I disable and enable WAN, after, it doesn't

June 13, 2024, 08:08:07 AM

I've setup a new OPNsense instance.
The WAN is connected to a fiber ONT (PPPoE). It receives the IP and the default route is there.
Internet is not working. If I launch a ping to 8.8.8.8, it fails. Traceroute doesn't reach any hop.
If I leave the ping pending, disable the WAN and enable it back again, when I go into diagnostics I see that the ping works and keep working, but if I stop and start them again or if I launch a new one (always to 8.8.8.8), they don't work.
Whaaaat?
What could have I done wrong?

General Discussion / After restore Wireguard interface is not present

June 03, 2024, 05:31:24 PM

I've restored the configuration to a new hardware.
After I've uploaded it I've assigned the interfaces because the physical interfaces on the 2 hardware are different (I had to edit with no changes and save all the VLAN, then I could assign the interfaces), but in the interfaces there was not WG1.
I've rebooted, I've disable and enabled back the Wireguard instance, but nothing.
In the Wireguard instance I see that the device is WG1, but I can't find it.
How can I solve this problem?
Thanks!

General Discussion / Re: Restore config to new HW -> no WebGUI access

June 03, 2024, 05:27:48 PM

Quote from: xenon2008 on June 02, 2024, 03:36:03 PM
However, the installation file is version 24.1 and not 24.1.8.
And that was apparently exactly the error!

For me it was the opposite: the backup was from V 23.x, but I'm not sure that this has been what solved the problem because I've done a looot of other tests.

By the way, thanks!

#10

General Discussion / Re: Restore config to new HW -> no WebGUI access

May 30, 2024, 07:10:32 PM

Bump...
Anyone?

#11

General Discussion / Re: Restore config to new HW -> no WebGUI access

May 28, 2024, 11:12:26 AM

Quote from: Patrick M. Hausen on May 28, 2024, 11:10:08 AM
Check System > Settings > Administration > Listen Interfaces. Best set to "All (recommended)".

I've just checked, on my old router it's already set to "All (reccomended)".

#12

General Discussion / Restore config to new HW -> no WebGUI access

May 28, 2024, 10:57:19 AM

Hi all!
My OPNsense hardware is a Fujitsu Futro S920 with just 1 NIC, so I use VLANs to manage WAN/LAN.
I'm trying to restore the configuration into a new hardware that has multiple NICs, I've opened the config file, renamed the physical interface with the name of one in the new hardware, restored the configuration and I can see all the VLANs and the physical interface. I can assign a new IP to the interfaces, I can ping them, but I can't reach the WebGUI.
I've disabled the firewall with pfctl -d, but nothing.
What am I doing wrong?
Thanks!

Here is the interfaces config part:

Code Select

  <interfaces>
    <lan>
      <if>re0</if>
      <ipaddr>192.168.20.251</ipaddr>
      <subnet>24</subnet>
      <ipaddrv6/>
      <subnetv6/>
      <media/>
      <mediaopt/>
      <gateway/>
      <gatewayv6/>
      <descr>LAN_fisica</descr>
    </lan>
    <lo0>
      <internal_dynamic>1</internal_dynamic>
      <descr>Loopback</descr>
      <enable>1</enable>
      <if>lo0</if>
      <ipaddr>127.0.0.1</ipaddr>
      <ipaddrv6>::1</ipaddrv6>
      <subnet>8</subnet>
      <subnetv6>128</subnetv6>
      <type>none</type>
      <virtual>1</virtual>
    </lo0>
    <opt1>
      <if>vlan01</if>
      <descr>LAN</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.20.251</ipaddr>
      <subnet>24</subnet>
    </opt1>
    <opt2>
      <if>vlan02</if>
      <descr>WAN</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>dhcp</ipaddr>
      <dhcphostname/>
      <alias-address/>
      <alias-subnet>32</alias-subnet>
      <dhcprejectfrom/>
      <adv_dhcp_pt_timeout/>
      <adv_dhcp_pt_retry/>
      <adv_dhcp_pt_select_timeout/>
      <adv_dhcp_pt_reboot/>
      <adv_dhcp_pt_backoff_cutoff/>
      <adv_dhcp_pt_initial_interval/>
      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
      <adv_dhcp_send_options/>
      <adv_dhcp_request_options/>
      <adv_dhcp_required_options/>
      <adv_dhcp_option_modifiers/>
      <adv_dhcp_config_advanced/>
      <adv_dhcp_config_file_override/>
      <adv_dhcp_config_file_override_path/>
    </opt2>
    <opt3>
      <if>vlan03</if>
      <descr>IoT</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>172.16.33.251</ipaddr>
      <subnet>24</subnet>
    </opt3>
    <opt4>
      <if>vlan04</if>
      <descr>VLAN200</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.200.251</ipaddr>
      <subnet>24</subnet>
    </opt4>
    <opt5>
      <if>wg1</if>
      <descr>WG1</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
    </opt5>
    <opt6>
      <if>vlan05</if>
      <descr>Neighbors</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.15.251</ipaddr>
      <subnet>24</subnet>
    </opt6>
    <openvpn>
      <internal_dynamic>1</internal_dynamic>
      <enable>1</enable>
      <if>openvpn</if>
      <descr>OpenVPN</descr>
      <type>group</type>
      <virtual>1</virtual>
      <networks/>
    </openvpn>
    <wireguard>
      <internal_dynamic>1</internal_dynamic>
      <descr>WireGuard (Group)</descr>
      <if>wireguard</if>
      <virtual>1</virtual>
      <enable>1</enable>
      <type>group</type>
      <networks/>
    </wireguard>
  </interfaces>

And here the VLAN part:

Code Select

<vlans version="1.0.0">
    <vlan uuid="ab11bcee-edca-4de1-a019-432e490cbbfc">
      <if>re0</if>
      <tag>2</tag>
      <pcp>0</pcp>
      <descr>LAN_VLAN</descr>
      <vlanif>vlan01</vlanif>
    </vlan>
    <vlan uuid="255dd735-3d7e-49fa-9aa3-352dcf1b0c69">
      <if>re0</if>
      <tag>77</tag>
      <pcp>0</pcp>
      <descr>WAN</descr>
      <vlanif>vlan02</vlanif>
    </vlan>
    <vlan uuid="da04b0cb-2852-49c7-82ca-e0a820479c90">
      <if>re0</if>
      <tag>33</tag>
      <pcp>0</pcp>
      <descr>IoT</descr>
      <vlanif>vlan03</vlanif>
    </vlan>
    <vlan uuid="25477895-432b-4814-8a6c-a70423aea760">
      <if>re0</if>
      <tag>200</tag>
      <pcp>0</pcp>
      <descr>Management</descr>
      <vlanif>vlan04</vlanif>
    </vlan>
    <vlan uuid="4843b562-0653-4852-a3e5-b44a64eea025">
      <if>re0</if>
      <tag>15</tag>
      <pcp>0</pcp>
      <descr>Neighbors</descr>
      <vlanif>vlan05</vlanif>
    </vlan>
  </vlans>

#13

Virtual private networks / Re: [Wireguard] Name does not resolve - only on reboot

February 01, 2024, 04:38:08 PM

Well...I've just realized that I didn't setup any DNS :| OPS!
Thanks!

#14

Virtual private networks / Re: [Wireguard] Name does not resolve - only on reboot

February 01, 2024, 04:02:09 PM

Probably the Internet connection isn't up yet (the vDSL modem is slow).
Why WG doesn't retry?

#15

Virtual private networks / [Wireguard] Name does not resolve - only on reboot

February 01, 2024, 03:30:05 PM

I've setup a Wireguard VPN that works.
Today we had 2 blackout and both the time the VPN didn't connect automatically to the endpoint.
I've checked and in the logs I see

Code Select

Name does not resolve. If i disable and enable back the endpoint, it works.
So it seems that after Opnsense restarts it's not able to resolve a public DNS and WG doesn't retry.
How can I solve this problem?
Thanks!

Pages1 2