Messages

@bgtux


https://support.surfshark.com/hc/en-us/articles/360010789259-How-to-set-up-pfSense-2-4-4-with-Surfshark

Wenn Du VPN-Surfshark (falls Account vorhanden!) zum laufen bekommen möchtest nutze den Link.

WireGuard wäre erst einmal ein anderes Thema! Also Handy- Mobil zur OPNsense solltest zum späteren Zeitpunkt angehen.

Grüße

Hello @Patuff
unfortunately we could only get to the finish to get Ama*on Prime
to get running.

But the traffic does not go through VPN!

If someone still has a better solution suggestion gladly in the forum...

Greetings from Germany

@defaultuserfoo

System->History->
Look for the date and time when you made the change.
-> if found then press the buttonin the line: restore

Hint:
- in the upper window you can see the changes roughly
- Attention: all changes above will be undone...

Greetings from Germany

@Schubbie

Vorschlag:

ohne NAT

AdGuard Upstream-DNS-Server: 127.0.0.1:53053

OpenSense UNBOUND: Hörender Port: 53053
OpenSense UNBOUND: Netzwerkschnittstellen: alle
(kleiner Vorteil : Dienste: Unbound DNS: Blocklist nutzbar)
System: Einstellungen: Allgemein: deine öffentliche DNS Server eintragen z.Bsp.: 1.1.1.1

DHCPv4: [z.Bsp. vom LAN]  DNS-Server angeben: 192.168.100.1
DHCPv4: [z.Bsp. vom Gast] DNS-Server angeben: 192.168.200.1

und FW Regeln für die geweiligen Netze anlegen...

IPv4 TCP/UDP    *    *    LAN Adresse    53 (DNS)    *    *    LAN erlaube internen DNS 53    
IPv4 TCP/UDP    *    *    *    53 (DNS)    *    *    LAN Blocke externe DNS 53

Habe eventuell etwas vergessen aber AdGuard müsste bei richtiger Configuration soweit jetzt alle Netze Filtern...

Grüße und jetzt schnell in die"Nachtruhe"

@Tuxtom007

Achtung Hinweis:
Port 5353 ist für multicast DNS (mDNS) reserviert daher könnte für Upstream- Unbound DNS z.Bsp.: Port 53053 oder 53530 genutzt werden... also AdGuarHome -> Upstream- Unbound DNS Port xxxxx. Hätte noch den Vorteil das Unbound DNS die Blocklist nutzbar wäre.

Die Sicherung per Cronjob des AdGuard-Ordners, wie hast du dies gelöst unter OPNSense, kannst du
uns im Detail teilhaben lassen an Deiner Lösung ?

Vielen Dank

@wolfgang.frick
nimm diese für das OS Windows mal mit auf:

ctldl.windowsupdate.com
tlu.dl.delivery.mp.microsoft.com

und teste ob alle deine "gefundenen" schritt für schritt und nacheinander noch notwendig sind...

Hast Du -> Unbound DNS: Blocklist aktiv ?

Dann musst du bei Typ der DNSBL:
WindowsSpyblocker (updater)
und
WindowsSpyBlocker (extra)
beide abhaken!

Falls MS Office auch Updates benötigt melde dich noch einmal...



Grüße

@Xentec
und Willkommen in Forum.

Ich fange mal an und Du schaust mal ob diese Option bei Dir ON oder Off ist.

Weiterhin müsstest Du Dich mal im Forum umsehen ob deine Supermicro AOC-SG-i2 Netzwerkkarte
Treibermäßig unterstützt wird.

Auch solltest Du dein WAN Kabel überprüfen oder ggf. mal auswechseln...

Alternativ teste es doch einmal falls vorhanden mit der Onboard Karte aus die Du dann WAN seitig
einbindest. Die Supermicro lässt Du erst einmal nur Lan seitig laufen...

Grüße und viel Erfolg...

@mimugmail

thank you very much for the crucial hint of the interfaces.
We had completely uninstalled everything that was connected to WireGuard. Since we have the VPN provider Surfshark completely in the system.
we have implemented the VPN provider Surfshark completely in the system, we were on the wrong track regarding the interface assignment.
By your hint today a rollback of the Config imported all WG interfaces removed and what I want to say -> THANKS

Please a question still: have you installed the -kmod or still required?

With kind regards from Germany

For what reason do you assign WireGuard interfaces?

@mimugmail
Which way would you take under the assumption that OpenVPN
runs in peaceful coexistence with WireGuard? An installation link where we will read in
would be sufficient for us. Maybe also your hint whether with or without kmod.
Unfortunately we are a little off track regarding WireGuard. WG should
only as a separate site to site line and as a WG server for mobile tab for admin.
tasks...

Thank you and kind regards from Germany

@franco
Sorry with PHP 7.4 I had expressed myself inaccurately, it was of course meant Active Support Until...

@martB
WireGuard now with kmod the same problems...

Result:

only WireGuard everything OK
only WireGuard with kmod everything OK
only OpenVPN everything OK
OpenVPN and WireGuard the above mentioned problems which lt. @franco could occur

our conclusion:
unfortunately waive the WireGuard project for the time being because we currently do not OpenVPN
at the moment...

One thing is still incomprehensible after WireGuard including kmod is completely removed from the FW...
and the factory settings were done and the backup config was restored, the error see photo from the post (2021-11-18 175611.png) still occurs...

Greetings from Germany

@MartB

Oh dear and to our shame we have to confess now that we are
with 2x OPNsense FW of different hardware on productive environment...

The only chance will be tonight for testing.
Will be after Config backup the OpenVPN interfaces
times testwise delete and activate the WG interfaces.

See you later and thanks for the suggestion
Greetings from Germany

Hello All,

OPNsense 22.1.b_5-amd64 - without kmod

The following problem with WireGuard:
1 interface for example (WG0) - > everything OK
add a
2 interface for example (WG1 or WG2) - interface chaos
until then the WAN interface disables itself and only via GUI
to start services reload.

Could it be related to Php 7.4.25 which is EoL as of Dec 2021?
(PHP 8 is probably in the starting blocks)?
or a Prog/ development bug?

Info: the same problem follows us already since 21.7.4

WireGuard was just rolled out an update is now possible since 22.1.b
WireGuard via the console directly to update since now the kernel BSD 13?

Greetings from Germany

@rtch

in my opinion you should be already/ now on 22.1.b1
have a look at Firmware -see photo...

Greetings from Germany

@franco
@patchman

Photo as attachment (PPPoe offline) another OPNsense same problem. without kmod!
That this experimental is no question.
With this one ix0 (LAN) was assigned to WG1... unfortunately on the photo not to see...

after: ifconfig wg0 destroy the wg0 is created correctly as configured.
*the wg1 interface is not created*.

but with both OPNsense (different hardware) unbound is often shut down and occasionally comes
- occasionally- comes back online after a reboot.
Alternatively Dnsmasq is running now which survives a reboot.

Note: both OPNsense FW were reset with the release of 21.7 and the running Config played back so far clean ...

If WireGuard is completely uninstalled, both FW systems work stable without any disturbances...

Since we are not dependent on WireGuard at the moment and all services are also running on OpenVPN no leg break and can of course wait for FreeBSD 13...

@all
Based on the views > 82 we are probably not the only ones with this problem?
Maybe the other readers could also leave a short info. THANKS

Greetings from Germany

Hello guys,
since the update 21.7.5 u. 21.7.5.1-2 the interfaces and also from WireGuard were bent. A change is unfortunately not possible.
It affects 1x OPNsense with kmod and 1x OPNsense without kmod both ix, igb and em.
Reboot, remove kmod, new reinstall kmod or WireGuard
did not help either. Reconfig WG or old Config Backup also brought no change.
There are always Physiche interfaces automatically entered as on the photo.
WG1_S2S to recognize.

Does anyone have a solution or can put us on the right track

Greetings from Germany


Greetings from Germany