Messages

1

Virtual private networks / Re: Wireguard is ok with ipv4 but not with ipv6

« on: November 20, 2024, 08:52:02 pm »

Hello

I have a functionnal wireguard setting. I can ping everything over ipv4 (LAN or WAN)
But no access to ipv6 ping.

on server peers allowed IP: 0.0.0.0./0,::/64
on client : ::/0

Thanks for help

Hey @stanthewizard.

Would you be willing to share your IPV6 config (minus any private details)?  I'm trying to get WG to work for IPV6.  Thanks.

2

Virtual private networks / Re: Wireguard for IPV6. How far off am I?

« on: November 18, 2024, 08:03:52 pm »

WAN Interface Configuration

3

Virtual private networks / Re: Wireguard for IPV6. How far off am I?

« on: November 18, 2024, 08:02:37 pm »

WAN Firewall Rule

4

Virtual private networks / Re: Wireguard for IPV6. How far off am I?

« on: November 18, 2024, 08:02:13 pm »

Wireguard Firewall Rule

5

Virtual private networks / Re: Wireguard for IPV6. How far off am I?

« on: November 18, 2024, 08:01:45 pm »

Wireguard Instance Screenshot

6

Virtual private networks / Wireguard for IPV6. How far off am I?

« on: November 18, 2024, 08:01:13 pm »

Good day everyone.  I am successfully running Wireguard on my OPNSense installation.  I am wondering why I didn't use it sooner...fast connection, stays on even when my mobile devices lock, and I can access my home network.  It is an awesome solution.

I noticed that I can use my Wireguard VPN whenever I'm connected to a WiFi network.  However, it doesn't work on cellular.  Doing some research, I believe it's because cellular connections use IPV6.  (Please let me know if I am correct or not.)

So, looking at my config, I have some idea as to my next steps but could use some confirmation.  I am attaching screenshots on my current configuration.

Here's what I'm thinking:

• All of my Firewall rules only point to IPV4. I'm assuming I need to switch these rules to use both IPV4+IPV6.
• Do I need to modify my gateway interfaces settings?
• Currently, my DDNS settings are passing arguments for IPV4.  I'm assuming I'll need to have my DDNS pass an IPV6 address.  Is that correct?
• What changes do I need to do for my peers to use IPV6?

Thank you in advance.

Screenshot 1 - Wireguard Interface settings

7

24.7 Production Series / Quick NUT Question

« on: October 02, 2024, 05:16:04 pm »

Good day all.

I recently acquired a new UPS from Amazon and I was successful in setting up NUT via USB.  However, I noticed in the NUT account configuration, there are prompts for the Admin and Monitor password.  Are those passwords just for NUT to access the configuration items in the UPS?  I'm assuming that if a PW is not required we don't have to fill in those fields in the NUT configuration.

Thanks for your help. 

8

24.1 Legacy Series / Re: Kea DHCP IPv6?

« on: September 26, 2024, 07:56:50 pm »

To make matters better using unforeseen directions we're likely going to add DHCP to Dnsmasq instead. To do this we will first move Dnsmasq to a MVC/API implementation for 25.1.

https://github.com/opnsense/core/issues/7905

I'm sorry to say that in this case the plan changed, in part due to Kea not delivering on its promise as much as it delivered on making DHCPD EoL a long time ago already.


Cheers,
Franco

Does that mean KEA DHCP will be deprecated in a future release of OPNSense?  Or just for IPv6?  Or not at all? I may be reading this wrong and wanted to make sure.

9

Virtual private networks / Re: Fix IPSEC or have IPSEC and Wireguard setups at the same time?

« on: March 13, 2024, 08:40:51 pm »

Hey schnipp.  Thanks for the reply.

I only have one roadwarrior definition setup in OpnSense following the guides from a few years ago when I set it up.  Being I'm new to IPSEC and strongswan, I couldn't tell you what the message means.  That's why I was wondering if my IPSEC definitions need to be updated based on the updated guide; or, to go the Wireguard route just for the Linux machine.

10

24.1 Legacy Series / Re: Iot Device Not Geting DHCP Lease

« on: March 13, 2024, 02:19:30 pm »

Good morning meyergru.

Last night, I downgraded back to 23.7.12_5 (tried to revert to 24.1.2 but it was a disaster) via a fresh install (thankfully, I keep point-in-time backups before major upgrades).  Even that didn't seem to work for the affected devices.

So, I'm thinking now that it's a device problem and I'm reaching out to the manufacturer to see if they pushed anything recently that could have affected their devices.

Thank you for all of your guidance on this issue.  I'll mark this thread as "Solved" since it's more of a device problem than it is an OPNSense problem.

11

24.1 Legacy Series / Re: Iot Device Not Geting DHCP Lease

« on: March 12, 2024, 03:46:34 pm »

Hey meyergru.  Thanks for the reply.  I originally had a static setup for the IoT device but then deleted the static assignment.  Either way, I'm still not able to ping the device.  Something happened on 3/4 that it's no longer getting a DHCP lease.

I've also rebooted my mesh network a few times.  The mesh AP setup can see the device - it's just not getting a DHCP lease in OPNSense. 

I've switched to the new KEA DHCPv4 setup and still no joy.  I've done the static reassignment to see if that will help.  What's interesting is there's another IoT device from the same manufacturer that's having the same issue - and it's only those 2 devices from that manufacturer that's causing me grief.  Every other IoT device connects without issue.  Very strange.

Well, we soldier on...

12

24.1 Legacy Series / [Solved] Iot Device Not Geting DHCP Lease

« on: March 11, 2024, 10:37:44 pm »

Good afternoon all.  Could use some hints on how to troubleshoot an issue.

I've got an IoT Device that, as of March 4th, stopped receiving a DHCP lease from the Router.  Checking the ISC DHCPv4 logs, this is what I see for the devices MAC Address:

2024-03-04T10:18:21-05:00   Informational   dhcpd   DHCPACK on 192.168.1.149 to 10:7b:<snip> via re0   
2024-03-04T10:18:21-05:00   Informational   dhcpd   DHCPREQUEST for 192.168.1.149 (192.168.1.1) from 10:7b:<snip> via re0

I haven't changed my setup nor has there been any firmware update on the device itself (that I know of).  Since my AP is separate from my OPNSense router, I can see the device connected to the AP; but, the IP is listed as "Unknown" at the AP.  The device doesn't show up in the DHCPv4 leases page at all on the router.

It's the only device in my network that is not getting an IP address.  Every other device (and IoT device) is getting an IP address.

I am currently on 24.1.3_1.  I have Unbound set to a DNS server using DNS by TLS with some ad blocking blocklists.  I'm also running Zenarmor for some other advanced filtering.

Any suggestions on where I can look for issues would be greatly appreciated.  Thanks.

13

Virtual private networks / Fix IPSEC or have IPSEC and Wireguard setups at the same time?

« on: March 01, 2024, 05:58:06 pm »

Good day all.

I have an existing IPSEC VPN roadwarrior setup (way back from OPNSense 21)  that's working perfectly for iOS, macOS and Windows devices without issue (currently on 24.1.2). 

I'm trying to connect a Linux laptop to the VPN while on the road.  I've made sure the authentication is correct and the pre-shared key is attatched to the config.  However, the linux machine will not connect via VPN.  I keep getting the following error:

"09[IKE]<5>found 1 matching config, but none allows pre-shared key authentication using Main Mode".

Reading the guides, it looks like the IPSEC setup instructions have been updated.  Wondering if updating my existing setup to the "new" guide will help solve the issue. 

The other option is to setup a Wireguard VPN just for the linux laptop.  Can I still keep the exiting IPSEC setup for the iOS/macOS/Windows machines while still having a separate Wireguard setup for the linux machine?  I plan on having the Wireguard addresses on a separate subnet so we don't conflict with the existing IPSEC config.  I just want to make sure I'm going to create more issues by having 2 different VPN protocols.

Thank you in advance for your help.

14

23.7 Legacy Series / [Solved] Ddclient error

« on: January 04, 2024, 09:21:49 pm »

Issue resolved on its own.

15

23.7 Legacy Series / Logs on VPN Crash

« on: January 03, 2024, 04:53:10 pm »

Good day everyone and Happy New Year.

So, during recent holiday travels, I connected into my OPNSense router back home using my configured VPN (IPSec).  I haven't had any issues before; however, this time, for some reason, my VPN dropped after a few minutes.  Then, all of my IoT devices lost connectivity (started receiving connectivity alerts on my phone).  Since I wasn't home, i couldn't log in to see what was wrong.  Luckily, I set a cron job to reboot the router every day while I was gone so we're now back up and running back home.

My question is around the OPNSense logs:

• In the case of a crash like that, are there logs that persist even after a reboot?  If so, where can I find them?
• If they do not persist and get cleared every reboot, I have a script that can check for connectivity and reboot the router if necessary (it's not currently running; but, I'm going to set it up to run every hour using cron). I'd like to amend the script to copy any logs to another place so I can save them to view later.  Any recommendations on log locations for me to save in case of a crash like this again?
  

Thank you all in advance for your help.