Messages

Did you go to firewall settings and ensure pass is set for the WireGuard service...set for drop/block by default

Easy way to make a wifi router into a wireless LAN AP

Set a static ip on the internal network outside the OPNsense DHCP address pool
Turn off wifi router DHCP (OPNsense will be assigning DHCP)
Setup wifi parameters inside wifi router webgui (make sure isolation is NOT turned on in wifi security, LAN must be able to talk to WIFI)

Then connect your home LAN cable to ONLY the LAN port

Done

If you leave NAT enabled on the ISP router, you will have to have a different subnet between the ISP and OPNsense, then more or less port forward thru both routers (referred to double NATing)

Code Select Expand

        ISP ROUTER                           |                         OPNsense                    |                        NETWORK
WAN       ->    |NAT|        LAN            ->            WAN       ->  |NAT|        LAN           ->            SWITCH   ->   COMPUTERS
75.32.53.67     |NAT|     192.168.0.1        |       192.168.0.2        |NAT|     192.168.1.1       ->                   DHCP

https://helpdeskgeek.com/networking/what-is-double-nat-and-how-to-fix-it-on-a-network/

I use an old HP Compaq Elite 8300 SFF box for mine...then got a cheap $20 PCI-X (later a 32bit PCI) card from amazon

Upgraded the CPU to a i7-3770 and put 32 gigs of ram in it...still cheaper than that little box that may or may not work, uses more power I guess

might set the prevent interface removal in the interfaces tab so it doesn't turn off the nic when the PPPoE drops

Might be able to setup/configure VLANs

Found this video that might help
https://www.youtube.com/watch?v=ljq6wlzn4qo

This will help, got it working on mine with NO issues  (also go into options and set OPNsense to boot as 1 so it's the first VM that boots as soon as the PROXMOX system is up, all the others have start with a delay and sequentially)

I also have another nic (the onboard nic of mobo) set as an internal IP, so I can get to the PROXMOX, but the other PCI passthru to the OPNsense for firewall are isolated from the PROXMOX OS itself

https://www.youtube.com/watch?v=hdoBQNI_Ab8

Setup a VPN (wireguard/openvpn), much safer than exposing ports to the internet

Tunnel into VPN and have full access to everything inside your local LAN

https://docs.opnsense.org/manual/settingsmenu.html?highlight=miscellaneous#miscellaneous

under /var /tmp in ramdisk to reduce writes to the drives (similar to zram-config or log2ram)

In fact..PROXMOX is based upon debian...you can probably install log2ram and have it prevent writes but once a day (or set it for 1 hr vs constantly if you like your log files)
https://github.com/azlux/log2ram [disregard if not using a hypervisor]

you should be able to configure the device as an AP

https://www.asus.com/us/support/faq/1015009

I used this guys howto and it worked perfectly

I did also get another dual port ethernet specifically to do a PCI passthru (to isolate the card from the PROXMOX hypervisor)

https://www.youtube.com/watch?v=hdoBQNI_Ab8

from the console

Log in as "installer"

It will install the "live" setup to the harddrive

per the docs
https://docs.opnsense.org/manual/install.html#install-to-target-system

Amazing tutorial on setting up wireguard VPN's

I was beating my head on the desk for a long time, within minutes I had working connections

https://www.youtube.com/watch?v=b58PpuIsQ3A

P.S.  For the developers, I have an unraid server, they have a wireguard plugin that builds a QR code inside the peer view that makes it VERY easy to just QR scan the config...might be a good way to have the package setup

I also found a pretty cool QR code generator that helps with generating a wireguard qr code for quick setup on android devices
https://www.wireguardconfig.com/qrcode

No longer works on OPNsense 20.1.7

Code Select Expand

--- usage.o ---
cc  -pipe -DHARDENEDBSD -fPIE -fPIC -fsanitize=safe-stack -fstack-protector-all -fno-strict-aliasing -DHARDENEDBSD -DNEEDS_BOOL_TYPEDEF -DHASTASKS -DHAS_PAUSE_SBT -DHAS_DUP2 -DHAS_CLOSEFROM -DHASEFFNLINK=i_effnlink -DHASF_VNODE -DHAS_FILEDESCENT -DHAS_TMPFS -DHASWCTYPE_H -DHASSBSTATE -DHAS_KVM_VNODE -DHAS_UFS1_2 -DHAS_NO_IDEV -DHAS_VM_MEMATTR_T -DNEEDS_DEVICE_T -DHAS_CDEV2PRIV -DHAS_NO_SI_UDEV -DHAS_SYS_SX_H -DHASFUSEFS -DHAS_ZFS -DHAS_V_LOCKF -DHAS_LOCKF_ENTRY -DHAS_NO_6PORT -DHAS_NO_6PPCB -DNEEDS_BOOLEAN_T -DHAS_SB_CCC -DHAS_FDESCENTTBL -DFREEBSDV=11000 -DHASFDESCFS=2 -DHASPSEUDOFS -DHASNULLFS -DHASIPv6 -DHASUTMPX -DHAS_STRFTIME -DLSOF_VSTR=\"11.2-RELEASE-p20-HBSD\" -I/usr/src/sys -O2 -c usage.c -o usage.o
--- dnode2.o ---
1 warning and 1 error generated.
*** [dnode2.o] Error code 1

make[3]: stopped in /usr/obj/usr/ports/sysutils/lsof/work/lsof-4.93.2
1 error

make[3]: stopped in /usr/obj/usr/ports/sysutils/lsof/work/lsof-4.93.2
*** [dnode2.o] Error code 2

make[2]: stopped in /usr/obj/usr/ports/sysutils/lsof/work/lsof-4.93.2
--- lib/liblsof.a ---
A failure has been detected in another branch of the parallel make

make[3]: stopped in /usr/obj/usr/ports/sysutils/lsof/work/lsof-4.93.2/lib
*** [lib/liblsof.a] Error code 2

make[2]: stopped in /usr/obj/usr/ports/sysutils/lsof/work/lsof-4.93.2
2 errors

make[2]: stopped in /usr/obj/usr/ports/sysutils/lsof/work/lsof-4.93.2
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/sysutils/lsof
*** Error code 1

Stop.
make: stopped in /usr/ports/sysutils/htop





-------edit

Correction..I had to update to current distro

Code Select Expand

# cd /usr/src
# git checkout stable/20.1

working now very well  Thanks!!!!!