OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of richardk3 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - richardk3

Pages: [1]
1
Virtual private networks / Re: Second (wg1) Wireguard gateway for PIA stays offline
« on: January 18, 2024, 03:13:29 am »
Update:  I posted this on the Github discussion of multiple instances, and got a quick response from Fingerlessgloves.  After supplying him with some details, he found that, for the multiple gateways to work, the Wireguard instances need to be using different port number.  He is modifying the script accordingly.

2
Virtual private networks / Second (wg1) Wireguard gateway for PIA stays offline
« on: January 17, 2024, 10:44:03 pm »
Hello, everyone.  Now that the FingerlessGlov3s script for configuring PIA Wireguard

https://github.com/FingerlessGlov3s/OPNsensePIAWireguard

supports multiple instances, I'm trying to configure two alternative gateways on my Opnsense router.  Both Wireguard instances have connected properly, but when I add a gateway using the wg1 instance, that gateway will not come online.  I've used the same setting for the wg1 gateway as for wg0. 

I'm not a networking expert by any means, so I've probably missed something obvious.  What am I doing wrong?

I'd really appreciate any help.


3
Virtual private networks / Re: Phantom wg0 instance
« on: January 11, 2024, 03:11:28 pm »
Update:  I may have fixed this by updating to the new script at

https://github.com/FingerlessGlov3s/OPNsensePIAWireguard/tree/main

4
Virtual private networks / Phantom wg0 instance
« on: January 10, 2024, 08:19:40 pm »
I've somehow managed to create a phantom wg0 device, and I can't seem to get rid of it.  It is not affecting the operation of the vpn gateway, except that the Dashboard page sometimes shows it as "Offline" when the real wg0 device is actually online.

See the screenshots below.

How can I fix this?  Any help would be greatly appreciated.

5
Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script
« on: December 28, 2023, 12:33:00 am »
Feature request -- although I may be the only one in the world who needs this:

When my router reboots, or the cron job runs with "changesever", I sometimes lose access to my IPTV streams.  Apparently, the IPTV provider is blocking one or more PIA server IP addresses within the region I'm using.  I can fix it by running the script manually with "changeserver", so that it selects a different PIA server within the same region.

However, it would be nice if the script would accept a blocklist of specific server IP addresses to bypass, perhaps in the json file.

Or...is there a way to accomplish this with the existing script?

6
Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script
« on: September 26, 2021, 03:57:38 pm »


Error messages are saying they can't connect to the web interface.

Have you changed its port?
[/quote]

Wow, thanks for the instantaneous reply and solution!

I had changed from https to http, and hadn't changed the line in PIAWireguard.json.

It's working now!

7
Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script
« on: September 26, 2021, 03:49:43 pm »
Hmm...I've installed the latest version of the script, and it has stopped working for me.  I've done something stupid, I'm sure, but I don't know what.

Can anyone help?
Code: [Select]
root@OPNsense:~ # /conf/PIAWireguard.py debug
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 169, in _new_conn
    conn = connection.create_connection(
  File "/usr/local/lib/python3.8/site-packages/urllib3/util/connection.py", line 96, in create_connection
    raise err
  File "/usr/local/lib/python3.8/site-packages/urllib3/util/connection.py", line 86, in create_connection
    sock.connect(sa)
TimeoutError: [Errno 60] Operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 353, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 181, in _new_conn
    raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0xcb2553f610>: Failed to establish a new connection: [Errno 60] Operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=443): Max retries exceeded with url: /api/wireguard/server/searchServer/ (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xcb2553f610>: Failed to establish a new connection: [Errno 60] Operation timed out'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/conf/PIAWireguard.py", line 202, in <module>
    r = requests.get(f'{opnsenseURL}/api/wireguard/server/searchServer/', auth=(config['opnsenseKey'], config['opnsenseSecret']), verify=urlVerify)
  File "/usr/local/lib/python3.8/site-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 516, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='127.0.0.1', port=443): Max retries exceeded with url: /api/wireguard/server/searchServer/ (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xcb2553f610>: Failed to establish a new connection: [Errno 60] Operation timed out'))
root@OPNsense:~ #

8
Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script
« on: February 14, 2021, 02:09:19 pm »
Quote from: dsfghjkl; on February 12, 2021, 12:42:31 pm
New to OPNsense but had no problem following along the guide and script and got the gateway online  :)   But then, the final step, Step 13 ... fail ... any clues on how to route all LAN traffic over the new wireguard gateway?  Googling just ends up with a spattering of pages that don't match the current version 21.1.1  :(

I followed this guide to set up the firewall rules, and it worked.

https://imgur.com/gallery/JBf2RF6

Hope this helps.

9
Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script
« on: December 31, 2020, 02:04:36 pm »
I noticed that a step had been added to the installation docs.  Doing this seems to have fixed the problems I was encountering. 

Code: [Select]
Last thing we need to set up is maximum MSS for TCP packets, which is 40 bytes smaller than the MTU of WireGuard, by default Wireguard uses 1420 bytes MTU. So we need to set an MSS maximum of 1380. (Without this you may have issues loading websites or slow speeds).
 Goto Firewall: Settings: Normalization
     1. Click Add
     2. Interface select "WAN_PIAWG"
     3. Enter Description of "Maximum MSS for PIA WireGuard Tunnel"
     4. Max MSS to "1380"
     5. Save (you will notice it'll now list this as OPT rather than the interface name, don't worry it's still correct, just edit it to verify you made the right selection)

10
Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script
« on: December 21, 2020, 04:19:13 pm »
Thanks for all the work on this script!  I followed the instructions, and successfully established a VPN connection with PIA.  I also used this guide to restrict the VPN usage to certain nodes:

https://imgur.com/gallery/JBf2RF6

It worked for me...mostly...

But systems using this connection refuse to connect to certain destinations.  Notably, cnn.com doesn't work.  Also, my Docker containers don't update using Watchtower when using this connection. 

If I connect to PIA using PIA's client app (with Wireguard) on the same computers, everything works.  So something is different when I connect using Wireguard on OPNsense.

Any ideas? 

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2