Messages

I have a site-to-site wireguard vpn setup between two sites and it works perfect, except when one of the sites changes ip-address.. Both wireguard setups are set with a dns-name as endpoint address to the other network and that works perfect. But if one if the sites change ip-address (yes they have dynamic assigned addresses, but changes very rarely) I have to disable and enable wireguard to pick up the change and do a new lookup for that particular dns-name. The dns change when the ip-address change so the issue is that wireguard does not pick up the change except when it is restarted.

Any solutions?

You could create a custom gateway for some rules  and just shut that down

How can I create a gateway for a vlan and route that just as if it were the default WAN_DHCP gateway?
(and disable the gateway when I want to disable internet for a particular VLAN)
Please give som hints, this is quite new to me. :)

You could create a custom gateway for some rules  and just shut that down

Yes, that can be a functional solution. Right now they disable the whole vlan interface, but maybe shutdown a custom gateway is better .

How? Cant find a repeating setting at all?

Actually it is. To be able to shut off internet for their children (quite often) that is not a nice way to do it.
Firtst, disable a firewall rule, then find another page and click reset.

And we don't want to clear state for all connections, just for the connections belonging to that particular vlan.
The reset button resets all states for the whole firewall, and that is not the right way to do it either if you don't want to interrupt other traffic in the firewall.

So yes, it is too complicated and not the right way to do it, I'm afraid..

I have an opnsense box setup at my brothers place and he want to cut the net for his children. They have an own vlan and I have set it up so they can just login and disable a rule to shutdown internet connection on that particular vlan. It works, except that when they play games or watch youtube they can continue to do so.
I know that opnsense firewall just block new connections, but is it any way to kill active connections/state when changing a rule? I need to automate this, because it is to hard for them to go and manually kill active connections or runt certain commands in the shell.

Any way to accomplish this from the gui in a "click one button" approach or something? We really need to be able to kill active connections for that vlan..

I can't find a way to make a timebased rule that does not include a date?
I want to make a schedule that occur every day at say 14:00 to 23:59 and set that schedule
to a firewall rule. Cant find a way to skip the date??
I have never seen this approach before, that you need to specify a certain day in a certain month?
I can only choose, lets say "December_20" which I think means December -2020 and then certain days and then time (from/to).
The use case for specifying a certain date in a certain year must be pretty rare compared to a rule that occur a certain time every day, that you don't need to update all the time?

Is it possible to create a schedule that doesn't contain dates?