Messages

1

20.1 Legacy Series / Re: WireGuard unable to access devices via hostname

« on: June 30, 2020, 11:12:29 am »

Thanks for the reply. Does the below not do that ?

Firewall->Rules->Wireguard
Protocol : IPv4
Direction : In
Source : WireGuard net
Source Port, Dest, Dest Port, Schedule : *

I did see your suggestion in one of the tutorials, but wasn's sure where to add it and also assumed the above rule passed through all thje ports ?

2

20.1 Legacy Series / WireGuard unable to access devices via hostname

« on: June 29, 2020, 04:18:17 pm »

I managed to get Wiregard working so that I could remotly access my home network. I can access all devices by IP address.. for example http://192.168.0.6:80 works when connected, but http://myserver.local:80 doesn't work.

VPN-WireGuard->Local
DNS Server : 192.168.0.1
Tunnell Address : 10.252:0.0/24

VPN->WireGuard->Endpoints
Allowed IPs : 10.252.0.3/32

Firewall->Rules->Wireguard
Protocol : IPv4
Direction : In
Source : WireGuard net
Source Port, Dest, Dest Port, Schedule : *

Firewall->Rules->WAN
Protocol : UDP
Destination : WAN Address
Port : 51820

Client configuraion with relevenent IP 10.252.0.3 and DNS as 192.168.0.1.

Thanks

3

20.1 Legacy Series / High CPU load when modem is down

« on: June 04, 2020, 09:59:27 am »

Hi,

I've recently been having modem issues with my ISP, meaning i need to reboot my ISP provided modem every morning.
Whilst the modem is down, both Unbound DNS and dhcpd CPU load shoots up to about 100% between them, and stays up until my modem starts to function again.

Just want to check if this is expected behavioiur or a potential bug.

Thanks

4

20.1 Legacy Series / Re: Automate restart of WAN interface

« on: March 10, 2020, 10:08:43 pm »

I've replaced both ifconfig lines with :

Code: [Select]

/usr/local/etc/rc.configure_interface wan
This is called by one of the predefined cron jobs called "Periodic interface reset" which I assume does what it says. I'll see if that works the next time there is an issue.

5

20.1 Legacy Series / Automate restart of WAN interface

« on: March 10, 2020, 08:10:25 pm »

Hi,

I have a script that pings multiple addresses, and if all fails attempts to bring down  then up the WAN interface using :

ifconfig vtnet1 down
delay(20)
ifconfig vtnet1 up

Whilst the internet is fully functioning, using the above two commands seems to work ok.

However, there has been an instance where the internet dropped and the above commands didn't work, but I am able to go into Interface->[WAN]->Untick Enable Interface->Apply, Then re-tick, then apply.
I'm just wondering is different in the process of using ifconfig vs. the Web UI.

Thanks Dilby.

6

20.1 Legacy Series / Occasional internet dropout - promiscuous mode

« on: March 09, 2020, 04:50:46 pm »

Hi,

I get what appears to be random internet dropouts, I can see this by my Nest camera timeline showing periods of no internet. Looking at system.log, the issue seems to line up perfectly to the switching between promiscuous mode on/off.

I'm running OPNsense virtualised on Proxmox - when it works everything works great and there doesn't seem to be any performance issues.

Thanks

Code: [Select]

Mar  9 07:48:37 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:48:52 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:48:52 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:49:05 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:49:05 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:50:40 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:52:13 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:52:13 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:52:25 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:52:26 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:52:32 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:54:40 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:56:52 OPNsense dhcp6c[17834]: Sending SolicitMar  9 07:48:37 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:48:52 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:48:52 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:49:05 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:49:05 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:50:40 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:52:13 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:52:13 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:52:25 OPNsense kernel: pflog0: promiscuous mode disabled
Mar  9 07:52:26 OPNsense kernel: pflog0: promiscuous mode enabled
Mar  9 07:52:32 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:54:40 OPNsense dhcp6c[17834]: Sending Solicit
Mar  9 07:56:52 OPNsense dhcp6c[17834]: Sending Solicit

7

Intrusion Detection and Prevention / Spamhaus DROP/EDROP configuration clarification

« on: January 27, 2020, 03:39:50 pm »

Hi, I'm following the instructions on this page : https://docs.opnsense.org/manual/how-tos/edrop.html

Would like to get clarification on the LAN rules configuration. The heading says "Now do the same for outbound traffic traffic on the LAN interface".
However, the default direction when creating a rule is "In". Should this be set to "Out" (the instructions do not specify) ?

Thanks

8

Hardware and Performance / Proxmox + Opnsense WAN interface not refreshing

« on: January 24, 2020, 10:40:59 am »

Hi,

I'm have Opnsense running on proxmox acting as a firewall and router. My system has two NICs one for WAN and one for LAN. The issue i'm facing is that if my cable modem requires a restart after a crash, I also have to restart the opnsense guest or disable and then re-enable the WAN interface within opnsense.

The issue seems to be that opnsense is still seeing the proxmox Linux Bridge to the WAN interface as being connected (even if the modem is switched off) and not requesting a new lease unless I force it manually.

Is there a way for the bridge to "disconnect" if the physical interface is disconnected ?

I had a search around on the net and seems to be a common issue with some modems being tied to MAC address, but i've tried to spoof the physical MAC within Opnsense WAN interface page and makes no difference.

Thanks.