Eh, I gave up on this, and just spun up a VM with openVPN on it, and did a port forward. I'll use Firewall rules to control which VLAN/Service/Servers remote clients can and cannot get to.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Show posts MenuWAN Wireguard net * * * Interface address * NO Wireguard NAT Rule
IPv4 UDP * * WAN address 51820 * * Open Wireguard Port
IPv4 * Wireguard net * * * * * Allow Traffic from Wireguard Clients
WireGuard (Group), Wireguard any any Wireguard MSS Clamping IPv4
cat /var/log/lighttpd.log
Dec 21 18:24:06 OPNsense lighttpd[57191]: (server.c.2057) server stopped by UID = 0 PID = 64556
Dec 21 18:24:06 OPNsense lighttpd[44915]: (server.c.1551) server started (lighttpd/1.4.61)
Dec 21 18:34:33 OPNsense lighttpd[14335]: (server.c.1551) server started (lighttpd/1.4.61)
Dec 23 20:45:36 OPNsense lighttpd[14335]: (server.c.2057) server stopped by UID = 0 PID = 8414
Dec 23 20:45:36 OPNsense lighttpd[2156]: (server.c.1551) server started (lighttpd/1.4.61)
Feb 22 16:19:44 OPNsense lighttpd[8847]: (server.c.1551) server started (lighttpd/1.4.61)
May 12 20:21:31 OPNsense lighttpd[8847]: (server.c.2057) server stopped by UID = 0 PID = 24361
May 12 20:21:31 OPNsense lighttpd[30999]: (server.c.1551) server started (lighttpd/1.4.61)
May 12 20:33:02 OPNsense lighttpd[30999]: (server.c.2057) server stopped by UID = 0 PID = 1781
May 12 20:33:02 OPNsense lighttpd[14785]: (server.c.1551) server started (lighttpd/1.4.61)
May 12 20:40:55 OPNsense lighttpd[14785]: (server.c.2057) server stopped by UID = 0 PID = 31149
May 12 20:40:55 OPNsense lighttpd[40665]: (server.c.1551) server started (lighttpd/1.4.61)
May 12 20:55:12 OPNsense lighttpd[60294]: (server.c.2057) server stopped by UID = 0 PID = 96360
May 12 20:55:12 OPNsense lighttpd[8095]: (server.c.1551) server started (lighttpd/1.4.63)
May 12 21:02:27 OPNsense lighttpd[75562]: (server.c.1551) server started (lighttpd/1.4.63)
ps aux | grep light
root 75562 0.0 0.0 17684 6824 - S 21:02 0:00.01 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
root 15614 0.0 0.0 1060888 3116 0 R+ 21:07 0:00.00 grep light
configctl webgui restart
configctl webgui restart renew
*** OPNsense.domain.tld: OPNsense 21.7.8 (amd64/OpenSSL) ***
LAN (lagg0) -> v4: <lan_ip>/24
WAN (bce3) -> v4/DHCP4: <public_ip>/23
curl https://<lan_ip>
curl: (28) Failed to connect to 192.168.2.1 port 443 after 75018 ms: Operation timed out
Block status Time Source hostname Source port Destination hostname Destination port Block message Interface VLAN Policy
Blocked 12/3/2021 17:22 <int IP> 53570 gateway.discord.gg 443 Blacklisted site access <kids_vlan> 0 Timed Blocking
:/ % df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ufs/OPNsense 50G 50G -4.0G 109% /
devfs 1.0K 1.0K 0B 100% /dev
tmpfs 8.2G 564K 8.2G 0% /tmp
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
devfs 1.0K 1.0K 0B 100% /var/unbound/dev
Quote from: marjohn56 on June 04, 2020, 11:16:38 PM
if its client to client on the same subnet it has S.F.A to do with the firewall, it's point to point. Check the managed switch settings & firewall settings on your clients, start by pinging one from the other, if that works yet something like a web server doesn't then there's an issue with firewall or server settings... windows firewall for example can be an absolute P.I.T.A at times.
Quote from: marjohn56 on June 04, 2020, 10:06:20 PM
As you are saying VLANs, are these clients connected via a managed switch?