Messages

Dear all,

We're working with opnsense and we would had some feature requests:

- In aliases names should be able to use a dot "."
   In aliases we would like to use FQDNs in names for single hosts
- Aliases groups for hosts
   An option like on networks would be great to group hosts

We have a large environment to migrate from fwbuilder, we need to route lots of hosts to Daimler and working with "  _ " in names are not great.

Also that we can't create single hosts and group them with FQDNs names.
At the moment we can put all IP's to one alias and this would be really ugly to put there without hostnames 150 IP's

best Regards

Weil Dinge die ich momentan vermisse sind unter Alias die Verwendung im Namen als FQDN

Also die Option um hosts zu erstellen und diese in eine Gruppe zu packen.
Im Namen mit " _ " zu arbeiten empfinde ich sehr unangenehm, gerade bei sehr großen Umgebungen,
kann man hierfür ein "feature request" anfragen?

Habe eine kleine Frage, gibt es einen Grund dafür das man bei Aliases keine Leerzeichen, Punkte und Kommas verwenden kann?

viele Grüße

Okay, I'll tell you our right configuration here which is in use.

Master FW has this Interfaces with these Virtual IP's
Internet@1      MASTER   83.236.198.22        | Interface-IP     10.1.0.1
Guests@2              MASTER   10.10.10.1             | Interface-IP     10.10.11.251
Intra@3              MASTER   10.10.50.1              | Interface-IP     10.10.51.251
Residents@4      MASTER   10.10.20.1              | Interface-IP     10.10.21.251
DMZ@5              MASTER   87.193.237.249       | Interface-IP    10.14.14.1


Second FW

Internet@1      BACKUP   83.236.198.22        | Interface-IP      10.1.0.2
Guests@2              BACKUP   10.10.10.1              | Interface-IP      10.10.11.252
Intra@3              BACKUP   10.10.50.1              | Interface-IP      10.10.51.252
Residents@4      BACKUP   10.10.20.1              | Interface-IP      10.10.21.252
DMZ@5              BACKUP   87.193.237.249       | Interface-IP      10.14.14.2


Default Gateway  : 83.236.198.21 /30


This is our configuration on our firewalls.

I think I know what you mean and the world is different.
So this will how you said not work with other configurations.

So I let it open if this would be integrated or not.
Our problem here is often the internet provider, each one has other configurations.
And our external subnet range is /30

best Regards

The external iP is in use by the master FW.
If I have same configuration on the second FW the second FW can't reach packages till the second will hold the external IP from master FW.
Perhaps we misunderstand the handling here.

How I said manually it's working.
I'm using same configuration on second FW, when I kick down yet the first FW I'm able to reconnect with Wireguard 'cause the external virtual IP will switch to the second FW.

Which complications could be there I do not know.
At our configuration only the FW which hold the virtual external IP has internet access. So if the second FW will hold this IP when the first FW will be down it's working.


I can also post here sample configurations of my firewalls,
best Regards

Okay,

Perhaps we could bring up a workaround for this?

WireGuard is bind to the default Gateway which is a Virtual IP.
Only the Master use this Virtual IP, I read a lot about this configuration and I know that in this configuration the second OPNsense has no Internet Access, but it's a failover. 
Pretty good would be here at this point to have the same configuration on second node which would make this work.
When I manually copy the same Wireguard configuration to the Failover OPNsense it's working.

For the Default Gateway we're using the IP's 10.10.20.1 and 10.10.20.2 as interface IP and the Virtual IP point to these interface.
This is 'caused some customer do not have multiple public ip's.

Some Ideas?

Dear all,
I'd like to ask for High Availability Support for my WireGuard Configuration.
Could this be possible?
For openvpn it's available,
best Regards,
Dan