Messages

[Firewall->Rules->Wireguard]

Thanks for the reply. Does the below not do that ?

Firewall->Rules->Wireguard
Protocol : IPv4
Direction : In
Source : WireGuard net
Source Port, Dest, Dest Port, Schedule : *

I did see your suggestion in one of the tutorials, but wasn's sure where to add it and also assumed the above rule passed through all thje ports ?

[VPN-WireGuard->Local]

I managed to get Wiregard working so that I could remotly access my home network. I can access all devices by IP address.. for example http://192.168.0.6:80 works when connected, but http://myserver.local:80 doesn't work.

VPN-WireGuard->Local
DNS Server : 192.168.0.1
Tunnell Address : 10.252:0.0/24

VPN->WireGuard->Endpoints
Allowed IPs : 10.252.0.3/32

Firewall->Rules->Wireguard
Protocol : IPv4
Direction : In
Source : WireGuard net
Source Port, Dest, Dest Port, Schedule : *

Firewall->Rules->WAN
Protocol : UDP
Destination : WAN Address
Port : 51820

Client configuraion with relevenent IP 10.252.0.3 and DNS as 192.168.0.1.

Thanks

Hi,

I've recently been having modem issues with my ISP, meaning i need to reboot my ISP provided modem every morning.
Whilst the modem is down, both Unbound DNS and dhcpd CPU load shoots up to about 100% between them, and stays up until my modem starts to function again.

Just want to check if this is expected behavioiur or a potential bug.

Thanks

I've replaced both ifconfig lines with :

Code Select Expand

/usr/local/etc/rc.configure_interface wan

This is called by one of the predefined cron jobs called "Periodic interface reset" which I assume does what it says. I'll see if that works the next time there is an issue.

Hi,

I have a script that pings multiple addresses, and if all fails attempts to bring down  then up the WAN interface using :

ifconfig vtnet1 down
delay(20)
ifconfig vtnet1 up

Whilst the internet is fully functioning, using the above two commands seems to work ok.

However, there has been an instance where the internet dropped and the above commands didn't work, but I am able to go into Interface->[WAN]->Untick Enable Interface->Apply, Then re-tick, then apply.
I'm just wondering is different in the process of using ifconfig vs. the Web UI.

Thanks Dilby.

Hi,

I get what appears to be random internet dropouts, I can see this by my Nest camera timeline showing periods of no internet. Looking at system.log, the issue seems to line up perfectly to the switching between promiscuous mode on/off.

I'm running OPNsense virtualised on Proxmox - when it works everything works great and there doesn't seem to be any performance issues.

Thanks

Code Select Expand

Mar  9 07:48:37 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:48:52 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:48:52 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:49:05 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:49:05 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:50:40 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:52:13 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:52:13 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:52:25 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:52:26 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:52:32 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:54:40 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:56:52 OPNsense dhcp6c[17834]: Sending SolicitMar  9 07:48:37 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:48:52 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:48:52 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:49:05 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:49:05 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:50:40 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:52:13 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:52:13 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:52:25 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:52:26 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:52:32 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:54:40 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:56:52 OPNsense dhcp6c[17834]: Sending Solicit

Hi, I'm following the instructions on this page : https://docs.opnsense.org/manual/how-tos/edrop.html

Would like to get clarification on the LAN rules configuration. The heading says "Now do the same for outbound traffic traffic on the LAN interface".
However, the default direction when creating a rule is "In". Should this be set to "Out" (the instructions do not specify) ?

Thanks

Hi,

I'm have Opnsense running on proxmox acting as a firewall and router. My system has two NICs one for WAN and one for LAN. The issue i'm facing is that if my cable modem requires a restart after a crash, I also have to restart the opnsense guest or disable and then re-enable the WAN interface within opnsense.

The issue seems to be that opnsense is still seeing the proxmox Linux Bridge to the WAN interface as being connected (even if the modem is switched off) and not requesting a new lease unless I force it manually.

Is there a way for the bridge to "disconnect" if the physical interface is disconnected ?

I had a search around on the net and seems to be a common issue with some modems being tied to MAC address, but i've tried to spoof the physical MAC within Opnsense WAN interface page and makes no difference.

Thanks.