Messages

i installed WireGuard VPN on my phone and configured OPNsense accordingly. when monitoring port 51820 traffic on my OPNsense uplink, i can see incoming packets from my phone to the WireGuard server.
once my phone enters my local wifi network (which connects to the internet over OPNsense), i can see that port 51820 packets are sent from my uplink to IP 83.219.121.165, and then come back from IP 83.219.121.165 to my uplink to be forwarded to my WireGuard server in OPNsense.
looks quite strange to me. does this mean that all my VPN traffic is first sent to IP 83.219.121.165 (which seems to be somewhere in russia) and then comes back to me?
looks to me like a misconfiguration. right?
how should i change my configuration to avoid this?
thanx for advise!
regards
bongo

i built a new hardware for OPNsense, based on the same mobo, but with intel NICs.

this now seems to run stable for several weeks.

in parallel, i also ran the old hardware with realtec NICs for a few days, but surprisingly, this one also kept its uplink up for the whole time.

when updating to 24.7.11, i realized that this did also some update on the re-driver-package, which was not mentioned in the release notes. so maybe the original issue with realtek NICs got solved there, and it would not have been required to replaced my hardware.

em(4) driver should cover both devices and should be fine. Just for reference, what hardware does this run on?

it's an asrock j3455m pc mainboard (with a realtek onboard nic which i used so far for the upling re0).
in each one of the 3 pcie slots, i have a nic used for one of the lans.
when i built the machine a few years ago, i took different lan cards for each of the slots to be prepared for tests once i run into issues with one of the cards.
unfortunately, all 3 cards are used for lans in the meantime, that's why i attached an usb nic for my actual tests.

i now plan to replace one of the cards with an intel dual nic. so i again get a spare nic.

i plan to replace my uplink with either an intel 82571 or an i350 based NIC. can i expect that this will solve the issue?
thanx!

i think i found the reason why my setup was running stable for 5 days, and then the issue popped up again and the uplink always failed after a few hours:
during these 5 days, i had my uplink connected to a switch that only supports 100M. afther this time, i was confident that everything is working fine again and i removed all the unneeded stuff, and the uplink was running at 1G again.
then i had the issue again.
i tried to force my uplink to 100M by OPNsense settings, but this does not help. now i added the switch again to get the link down to 100M, and it works stable for almost 2 days now.
the only strange thing is, that i did not have this issue before updating to the latest version of OPNsense.

the procedure i mentioned above, i.e. to access to interface overview page twice, is required to recover the uplink when logged in to OPNsense as administrator.
when i log in as a normal user, it is sufficient to just log in, and as soon as i see the lobby/dashboard, the uplink works fine again.

looks like this really helps when the uplink is down:

login and go to
<OPNsenseIP>/ui/interfaces/overview
-> shows that the uplink is down

reload the page
-> shows that the uplink is up

everything is working again, until the uplink fails next time

as i have persisting issues with OPNsense (https://forum.opnsense.org/index.php?topic=44197.0) i wonder if there is an easy way to revert to a former version of OPNsense without losing any configuration and with no unwanted side effects.

if yes, how exactly do i need to do this to be risk free?

thank you very much!

[THE PROBLEM IS BACK :'(]

THE PROBLEM IS BACK  :'(

after switching to a different interface for the uplink (connected on usb), OPNsense was running stable now for about 5 days. now the issue popped up again.
yesterday this showed up 5 or 6 times. suddenly there is no more traffic on the uplink.

when it happened again for the 1st time, i've seen that unboundDNS was down and i restarted it. after doing so, DHCPv4 server became red and i also restarted this, and everything was fine for about 2 hours.

but for the next 4 or 5 times when the uplink failed, the dashboard never showed anything special (besides that there was no traffic on the uplink).
i then tried to do some checks and diagnostics, only confirming that the uplink was down.
while doing so, it happened each time that OPNsense suddenly worked again. so i 1st thought that it automatically recovers after some time. so i did not touch anything for more than 1 hour when this happened the next time, but no recovery then  :-\

but then i came to something very special:
when OPNsense fails and i go to <OPNsenseIP>/ui/interfaces/overview, i see that the uplink is down.
then after about 10 seconds, i do a reload of exactly the same page, and the uplink is up and everything is working fine again.
i have no proof that this always recovers from the issue, but so far, i did this twice and it helped twice. so it seems to be some kind of reproducible.
so this makes me no longer believe that this is a hardware issue. it really looks like something's wrong with the firewall software.

is this forum read by the developpers of OPNsense? can i expect that an expert takes a look at this issue?

according to ASRock datasheet, my mainboard has a  Realtek RTL8111E on.

sounds reasonable. maybe something weird in handling this specific brand of ethernet interface?
so therefore replacing it by a temporary solution by using an usb connected network interface runs stable now for almost 2 days.

referencing back to my original post:
when i log in to OPNsense from LAN network, everything looks fine and the GUI behaves as expected. the only point is, that there is no throughput at all on the uplink. this happens after 1-24h. the only way to get data through the uplink then is to do a reboot.
i'm actually checking behavior when using a different NIC. might be that it's a hardware issue and the onboard NIC is about to die.

the exact message i get with
Interface/Diagnostics/DNSLookup
to www.google.ch with server set to 8.8.8.8 is
Error: error sending query: Error creating socket

2 days ago, i updated to OPNsense 24.7.9_1-amd64.
since then, my internet connection stops working after about 12-24h of working fine.
i could not find out so far what's the reason. everything looks fine when i log in to OPNsense. but what i've seen is, that Interface/Diagnostics/DNSLookup does not work. it answers with a socket error then.
the restarting of unbound service did not solve the issue.
the only thing that seems to help is to reboot the firewall.
before i updated to the latest firmware, i never had such issues.
anyone else having this problem?

ok, done.
thanx!