Messages

Thanks for the responses.
Quick update on the situation.

I contacted my ISP and they fixed it. They actually said that this was not on purpose and they don't know if it's gonna happen again in the future. I think the line was: "The system for some reason hands out IPs in the 100.xx range."

Outrageous right?

ISP is Cosmote (Greece).

FYI

Hello,

Up until recently, I was able to connect to my opnsense wireguard vpn instance from outside my house using both my mobile and my laptop. I simply followed the steps as described in the official documentation.
Alas; this is no more the case. I can't get wireguard to work anymore. The only thing that changed is opnsense versions. Or maybe something else (that I don't know) from my ISP?

Opnsense appliance is behind a bridged modem/router provided by my ISP. My WAN connection is pppoe (credentials in opnsense) and I am using no-ip as a ddns service. I repeat; all this was working flawlessly.

While troubleshooting; I stumbled upon something else. When going to Interfaces --> Overview, my WAN interface shows the following:
device: pppoe0, link type: pppoe, IPV4 100.69.xxx.xx/32, gateway 10.106.xxx.xxx and my public IP (external) is something else.

Am I missing something here? Or is this all normal, and it's just my wireguard instance not configured properly?

Thanks in advance.

Hello,

After updating to 24.7.8 I can't connect to wireguard service.
It was running fine before.

Any similar behavior? Any solutions?

Cheers!

Hello,

I need some help regarding my profile in the forum.
I want to change my email address and I get an error regarding my password while I am using the same password in order to log into the forum.

Please advise.

Hi,

Well this is the problem. I am not sure how to do that.
If there is a relevant guide it would help.
I guess I will first have to choose the provider and find out what protocol is in use from his side.

Thanks for your time.

Hi,

If I am not terribly mistaken this is unicast transmission.

So you say I could simply configure OPNSense as VPN Client? Any limitations with regard to the service I should select?

Is there no need to mess with the settings of any of the following:
PiHole, Wireguard (in OPNSense)?

Cheers!

Hello,

I have a rather tricky (regarding my perception) question in hand.

Recently my iptv provider decided that I should use a VPN in order to access his service. Hence this topic :)

Currently I am running latest OPNSense 23.1.11 where I have setup wireguard so that I am able to access my  home network when I am away from home.
OPNSense works as a router and DHCP server alongside a separate raspberry pi wherein lies my pihole.
PiHole acts as a recursive DNS server (https://docs.pi-hole.net/guides/dns/unbound/).

All of the above work flawlessly.

The million-dollar question is what is the best way to introduce a purchased VPN Service in all that.

Any reply is welcome.

Cheers!

Hi there,

Just chipping in to say I am facing same issue and to bump this post in consequence.

Cheers!

Hi there,

Just chipping in to say I am facing same issue and to bump this post in consequence.

Cheers!

Hi there,

Just chipping in to say I am facing same issue and to bump this post in consequence.

Cheers!

Some progress here...

With my dhcpv6 service enabled, I have set up my ipv6 address pool (/120) and there appear to be some leases already handed out!

My problem now is that despite the fact that my pihole's mac address is appearing in the list of ipv6 leases normally (online), when asking the raspberry pi itself for its ipv6 address it only shows the local ipv6 link (eg fe80:: etc). Is this normal? Should I manually set the said ipv6 address on the pi and also reserve it in my opnsense's ipv6 reservations?

With regard to radvdump it seems that the router advertisements are being sent out ok.

And concerning firewall I attached a screenshot of a rule I found out had already been set automatically.

Hello and thanks for the response.

I guess I am missing something(s) here. I am trying to have any IPV6 connectivity pass through my pihole just as with ipv4 so as to block any(?) ads.

Apart from that, how can I find out my

ISP delegation size

?
I am guessing 'bigger' than /64 is /58 ???
Thing is, the only way my wan gets an IP (v6) address is when having delegation size =64 and "Request the IPv6 information through the IPv4 PPP connectivity link." checked.
So, having the above, I selected static ipv6 on lan interface, set delegation size to 120 and chose an ip.
Then, I set up RADVD as you said.
So far my pihole has not yet acquired an IPV6 address and hence I cannot advertise its address as a dns server in DHCPv6. I will wait for it to reboot overnight (default behaviour) and try again tomorrow.
Apart from (all) that, how do I go about allowing ICMPv6?

Thanks again.
Cheers!

As I said,

...in opnsense I have set dns servers from quad9 and cloudflare in Systems->Settings->General page

Still, when doing a traceroute from cmd in windows, the first hop after my opnsense box appears to be my ISP ???
What gives?

How should I specify my pihole in dhcpv6 service? Just put its ipv4 address to the dns server field? Will that remain the same after say, a reboot of opnsense?

Hello to the community.

I am still running opnsense 20.1.9 since I am waiting for a cable in order to connect via the com port of my dedicated firewall box and update afterwards.
My current setup is as follows: VDSL line -> Modem -> Opnsense (dhcp, routing & firewall) -> lan (switches, devices etc) and a pihole in my lan blocking ads. The (static) ip of the pihole is set in opnsense at the DHCPv4 Service page. And the (static) IP of opnsense is set in pihole as the only upstream ipv4 dns server. Finally, in opnsense I have set dns servers from quad9 and cloudflare in Systems->Settings->General page. Everything is working swell as it is but this is just a typical IPV4 lan.
My ISP is handing out dynamic IPV4 and IPV6 addresses. So I figured I can try to setup an IPV6 local network as well.

Well, since I am writing this post you can imagine that this endeavor did not go as planned. The only method by which my personal computer can access IPV6 is with the setup described in the official documentation:
https://docs.opnsense.org/manual/how-tos/ipv6_dsl.html?highlight=ipv6
AND having my NIC (Windows 10) setup with manual settings pointing to specific IPV6 address of opnsense as gateway and DNS Server.

The problem is that with this method, I cannot setup pihole to act as my DNS IPV6 server the same way it works with IPV4. And that is because when my dynamic IPV6 public address changes the same happens with my local IPV6 pool which means I can't use a static IPV6 address for any of my devices. And anyway, all my attempts to setup static IPV6 address in opnsense went to waste as I was losing connectivity altogether!

So long story short, is there a known configuration that accommodates opnsense and pihole working together with IPV6?

And something else: how do you specify IPV4 and IPV6 DNS servers together? You just put them in Systems->Settings->General page? How does this work? When a device requests an IPV6 page the dns are asked sequentially (on after the other)?

Thanks in advance for any input.

Cheers!

Hello.

This is not urgent but rather something I have been wondering about and thought to ask more experienced folks than me.

So; my network topology first:
Bridged modem -> Opnsense appliance (Intel Celeron J1900) -> Switch -> Desktop PC.
All devices are gigabit enabled and wiring is a mix of cat6 and cat5e. Specifically the wire going from my switch to my PC is Cat5e running through walls.

Bridged modem reports VDSL2 synchronization at 109Mbps (annex b, profile 17a, vectoring).
Speedtest website (and actual downloading) maxes out at around 100Mbps.

Don't get me wrong, I am perfectly satisfied with my 100Mbps.
I am just asking if this fluctuation is normal in the given scenario?

Thanks in advance for any input.

Cheers!