Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - TomFreudenberg

Pages1
#1
22.7 Legacy Series / Re: WireGuard does not auto start after Update 22.7.8
November 25, 2022, 10:43:49 AM
Yihaaa :-)

Got the issue with help from twitter friends ;-)

Problem was using a dns-name in endpoint config instead ip directly.

So when wirguard starts the Unbound->Bind chain was not ready and the service did not get the server ip.

Three solutions were suitable:

1. change name into ip
2. add some sleep time to the wireguard start
3. add the ip and name to the hosts file

I choose (1) while that's available via Web GUI

Cheers
Tom
#2
22.7 Legacy Series / Re: WireGuard does not auto start after Update 22.7.8
November 23, 2022, 03:08:04 AM
When I stop and re-start WireGuard from Dashboard console always shows:

wg1: link state changed to DOWN
tun0: link state changed to UP
tun0: changing name to 'wg1'

So maybe it not the assignment ???

Stil wondering if anybody is using WireGuard site 2 site
#3
22.7 Legacy Series / Re: WireGuard does not auto start after Update 22.7.8
November 23, 2022, 02:52:55 AM
Nobody here interested or can help?

I tried a number of things - even complete reinstall but no luck ???

Does anyone have WireGuard running on 22.7.8 with autostart and re-started tunnel?

Thanks for any help or feedback.

--------------

What I can say from my site:

After installation the Interface assignment is

Name (opt1) wg1 [00:00:00:00:00:00]

After reboot the Interface assignment is

Name (opt1) vtnet0 [vtnet0 MAC address]

After manual Start of the WireGuard service (Press button start on Dashboard)

Name (opt1) wg1 [00:00:00:00:00:00]

On console you can see the message

tun0: link state changed to UP
tun0: changing name to 'wg1'

---------------------

It looks like the assignment does not survive the assignment until tun0 is renamed?

#4
22.7 Legacy Series / Re: WireGuard does not auto start after Update 22.7.8
November 17, 2022, 06:45:30 PM
No, no errors on console or anywhere I checked so far.

BUT

After pressing the Button on DASHBOARD the console shows:

Code Select

tun0: link state changed to UP
changing name to 'wg1'


Then the tunnel is directly online and full functioning
#5
22.7 Legacy Series / WireGuard does not auto start after Update 22.7.8 [SOLVED]
November 17, 2022, 06:14:23 PM
Hi,

after updating two opnsense 22.7.7 to 22.7.8 the WireGuard is not starting anymore on reboot.

Checking on console following happens:

Code Select

/usr/local/etc/rc.d/wireguard start


console.

Code Select

[#] ifconfig wg create name wg1
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2 (wg): Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg1
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg1 /dev/stdin
[#] ifconfig wg1 inet 10.254.0.1/32 alias
[#] ifconfig wg1 mtu 1420
[#] ifconfig wg1 up
[#] route -q -n add -inet 10.254.0.2/32 -interface wg1
[#] route -q -n add -inet 10.254.2.0/24 -interface wg1
[+] Backgrounding route monitor



I can click also on the START button at the dashboard and the WireGuard is running then.

Any suggestions?

#6
22.1 Legacy Series / Re: IPv4 LAN access to WAN drops between hours and few days / Default firewall deny
April 05, 2022, 03:26:09 PM
Yes, I use DHCP for v4

and nearly same to me from log


2022-04-05T12:09:54   Notice   dhclient   Creating resolv.conf   
2022-04-05T12:09:54   Notice   dhclient   route add default 62.xxx.xxx.1   
2022-04-05T12:09:54   Notice   dhclient   New Routers (vtnet0): 62.xxx.xxx.1   
2022-04-05T12:09:54   Notice   dhclient   New Broadcast Address (vtnet0): 255.255.255.255   
2022-04-05T12:09:54   Notice   dhclient   New Subnet Mask (vtnet0): 255.255.248.0   
2022-04-05T12:09:54   Notice   dhclient   New IP Address (vtnet0): 62.xxx.xxx.164   
2022-04-05T12:09:54   Critical   dhclient   exiting.   
2022-04-05T12:09:54   Error   dhclient   connection closed   
2022-04-05T12:09:54   Error   dhclient   My address (62.xxx.xxx.164) was deleted, dhclient exiting


#7
22.1 Legacy Series / Re: IPv4 LAN access to WAN drops between hours and few days / Default firewall deny
April 05, 2022, 01:07:33 PM
This issue is still getting me crazy

It is not just the new Connect from ISP but also happens "random"

Any help is appreciated also for digging into debugging.

Thanks
Tom
#8
22.1 Legacy Series / Re: IPv4 LAN access to WAN drops between hours and few days / Default firewall deny
March 29, 2022, 04:58:52 PM
I can re-create that when rebooting my Vodafone (old) ConnectBox

I have a fix IPv4 address from provider and it seems that the OpnSense router has established existing connections but not new ones.

After reboot I could ping 8.8.8.8 from anywhere but could not get DNS for ping google.com

I had to restart all services (maybe just the interfaces are enough) and then everything runs fine.

The router itself could also not get IP for google.com when using Diag from WebGui

I could not see anywhere an event signaling reboot from bridged connect box
#9
22.1 Legacy Series / IPv4 LAN access to WAN drops between hours and few days / Default firewall deny
March 29, 2022, 04:25:31 PM
After running my setup always with the latest Opnsense release, I have an issue for about last 2 weeks.

Current release: OPNsense 22.1.4_1-amd64

Provider Vodafone germany / TV Cable

Suddenly routing from LAN outside to WAN / Internet stops

When checking the firewall - after that (whatever it might be) happens, the firewall log shows that my packets are running into "Default Deny rule" even that I have an outgoing IPv4 rule.

When logging into OpnSense (SSH) and using console, I can reach everything in the WAN Internet from the OpnSense Gateway.

BUT not from the LAN

Just running:

Code Select

pfctl -d ; pfctl -e


or / and

Code Select

configctl filter reload


does not work.

When running:

Code Select

pfctl -d ; /usr/local/etc/rc.reload_all


everything is fine again immediately after "Configuring firewall ... Done" was printed

The mystic - all the time I can use IPv6 without an issue ???

---

I am very happy for any advise

...

I already have deleted the rule from firewall and re-entered it after restart ... without a different behaviour
#10
General Discussion / Re: How about a plugin for sshpiperd (reverse ssh proxy based on usernames / cert)
August 30, 2020, 03:16:37 PM
Update from component author:

sshpiper is based on modified golang crypto library:

https://github.com/tg123/sshpiper.crypto

This is the diff:

https://github.com/golang/crypto/compare/master...tg123:master
#11
General Discussion / How about a plugin for sshpiperd (reverse ssh proxy based on usernames / cert)
August 30, 2020, 12:06:58 PM
Hi

I am wondering if a plugin for this tool maybe helpful and does make sense:

https://github.com/tg123/sshpiper

This tool will run a SSH daemon based on the ssh-go-lib and allows to create pipes for
forwarding ssh requests.

Instead having multiple ip addresses or multiple ports open to forward traffic to internal ssh servers, you may define a pipe list based on usernames or/and certs to allow forwarding:

e.g.

ssh user1@local ---> operator@machine1
ssh user2@local ---> user@machine2

This is at least very helpful and could be managed by a front-end as opnsense plugin.

My questions are:

a. does this break security in a way that it won't be selected as a opnsense plugin?

b. is this a interesting plugin which should be on the plugin-list?
Pages1