Messages

Interface to Monitor should be WAN not LAN.

Thank you @AhnHEL - I feel dumb for not spotting that! Thank you very much for your help 🙌

Any ideas would really help  :-*

Hello!

I have, what is probably a very simple question- I am trying to configure dynamic DNS, with DuckDNS. However, I have an issue where the cached IP is always 0.0.0.0.

Even after I manually hit "Save and Force Update" in the DDNS settings, it remains as 0.0.0.0. I am using a VPN (connected to Mulllvad, via WireGuard with a static IP), could that be the reason why it is not working?



I am very new to this, and I think that I've likely just missed out a step, but was unable to find a guide or any examples online. Sorry if this is quite a basic question, but I would be super grateful, if anyone could point me in the right direction- thank you very much in advance  ;D

This is what I have done so far:

Under Services --> Dynamic DNS, I added a new client.

I set the Service type to DuckDNS and interface to monitor to LAN, added in the hostname I registered through DuckDNS, and double-checked, and inserted my DuckDNS credentials.



---

Next, under System --> Settings --> General --> Networking, I enabled "Allow DNS server list to be overridden by DHCP/PPP on WAN"



---

I then went to System --> Settings --> Cron, and added a new job to update the IP for DuckDNS every morning, using the standard "Dynamic DNS Update" command



---

Under Services --> DHCPv4 --> [LAN] --> Dynamic DNS, I left it as is, and did not Enable registration of DHCP client names in DNS



---

My DuckDNS account currently shows the correct IP, and seems to all be in order



---

Annoyingly, a while ago I did find a good tutorial, but the website is now down, and I can't fully remember all the content, and doesn't seem to be archived anywhere- I'm slapping myself for not downloading it!

Any suggestions, would be really appreciated- thank you very much in advance!

I finally got this to work -  I spent way more time than I'd like to admit on this! Thank you for the help :)

In the end, all I changed was Disable routes in the local config, the I removed the gateway IP, added the IPv6 address into Tunnel Address. Then reset the VPN, and a minute later it connected.

I wrote up the solution that worked for me here, in case anyone else is having similar trouble getting started

Thank you for your help 🙌

Hi!

I'm very new to OPNsense, and firewalls altogether, but so far I am really impressed by OPNsense's ease of setup, comprehensive documentation, and awesome community.

But I've gotten stuck on one thing- setting up an outbound WireGuard VPN to connect with Mulvad. I've closely read some similar posts on this forum, along with the official documentation- and I have tried so much stuff, but am having trouble getting it working.

Once I enable VPN, I basically have no internet connection. If I check 'Disable Routes' for my local instance (in WireGuard --> Local), then I have internet, but it's not going through Mullvad.

I'm a software engineer usually, and I'm starting to get worried that all this is way above me, there's so much to learn, but it's been hard to know where to start.

These are the steps that I have taken, to get to where I am. And I was wondering if any of you notice something that jumps out as being incorrect, if so, I would really appreciate some pointers - thank very much in advance :) 





Under VPN --> WireGuard --> Local, I created an instance which looks like this:

Name: Mullvad
Public Key: (Automatically Generated)
Private Key: (Automatically Generated)
Listen Port: 51820 (unique)








Next, as per the docs, I SSH'd in and ran this command:

Code Select Expand

curl -sSL https://api.mullvad.net/wg/ -d account=[my-mullvad-account-number] --data-urlencode pubkey=rvUwhXX1P7N2LqJf2MM1Ln4PjFxVN1+fiWF4E2BFHQM=


Which gave me this output:

Code Select Expand

00.xx.xxx.xx/xx,fc00:bbbb:bbbb:bb00::0:0x00/128$
_{(I'm not sure if this result is meant to be private, so I've switched the letters for x, and the numbers for 0)}




Under VPN --> WireGuard --> Endpoints, I created an instance which looks like this:

Name: MullvadInstance
Public Key: J57ba81Q8bigy9RXBXvl0DgABTrbl81nb37GuX50gnY= (from Mullvad instance)
Shared Secret: [blank]
Allowed IPs: 0.0.0.0/0
Endpoint Port: 3060 (from Mullvad instance)






Under Firewall --> NAT --> Outbound, I switched the Rule Generation mode to Hybrid (from automatic), then created a new manual rule.


Interface: WireGuard
Source Address: LAN net
Translation / Target: Interface address

And left all other fields as default






Finally, under VPN --> WireGuard, I checked Enable WireGuard.

The configuration gave the following output:








Notes

My Mullvad account is correct, and topped-up

The Mullvad WireGuard instance I am trying to connect to, looks like this:

Code Select Expand


Server Name: gb5-wireguard.mullvad.net
Socks5 Proxy Address: gb5-wg.socks5.mullvad.net:1080
Public Key: J57ba81Q8bigy9RXBXvl0DgABTrbl81nb37GuX50gnY=
Multihop Port: 3060
Location: London, UK
Provider ID: 31173

Mullvad's DNS server IP:

Code Select Expand

193.138.218.74 Source: https://mullvad.net/en/help/dns-leaks/


Primary sources I used so far:
- OPNsense Docs WireGuard MullvadVPN Road Warrior Setup: https://wiki.opnsense.org/manual/how-tos/wireguard-client-mullvad.html
- OPNsense Forum - Wireguard & Mullvad - I'm lost.....: https://forum.opnsense.org/index.php?topic=15105.0
- Jonny's Screenshot Guide, via Imgur: https://imgur.com/gallery/JBf2RF6
- Thomas Krenn's guide to OPNsense WireGuard Configuration: https://www.thomas-krenn.com/en/wiki/OPNsense_WireGuard_VPN_for_Road_Warrior_configuration