Messages

1

24.7 Production Series / Re: VPN Provider - How to go from legacy client to client instance

« on: November 18, 2024, 05:56:42 pm »

Do I have to use the Authority of the VPN provider? Can't select it in the Trust section when creating a client instance.

Role: Client
Protocol: UDP
Type: TUN
Remote; <vpnserver>:<port>
User: xxxxx
Password: xxxxx

What else?

2

24.7 Production Series / VPN Provider - How to go from legacy client to client instance

« on: November 18, 2024, 12:19:02 pm »

Hi everyone,

For my internet access I use a well known OpenVPN provider. Muliple legacy clients (for multiple countries) are configured. Works fine. How do I go from legacy clients to client instances?

3

24.7 Production Series / Re: Wireguard - No handshake

« on: November 17, 2024, 07:19:38 pm »

How did you configure the Client profile?

Oops.... 
In the client profile I used the public key of my laptop.....for the OPNsense peer.

Got a handshake  . Can't ping anything yet.
That's for another time.
This is solved for now. Thanks!

4

24.7 Production Series / Re: Wireguard - No handshake

« on: November 15, 2024, 11:06:08 pm »

No handshake yet.

When connecting from public wifi to OPNsense 'required key missing' (or similar, this is a translation) was shown on my laptop (wg client).
Have to debug a lot (routes, metric, dns, allowed ip's).

Today I came across the 'wg watch' command.
To be continued. Debug suggestions welcome.

5

24.7 Production Series / Re: Wireguard - No handshake

« on: November 14, 2024, 09:49:05 pm »

No, wireguard doesnt log anything per design.

Didn't knew that. Thanks.

Recreated my 'Laptop' peer. It now shows on the wireguard widget. Offline for now. Not tested with public wifi yet.
Also created an extra firewall rule on Wireguard (Group) to monitor outbound wireguard traffic (51820/udp).

In my 'Laptop' peer I left Endpoint and port empty. Is this correct?

I will report back when I have tested from public wifi.

6

24.7 Production Series / Re: Wireguard - No handshake

« on: November 14, 2024, 05:08:23 pm »

Where in the OPNsense logs can I check those 3 cases?

The packets reach the OPN server. In the logs I see correct source and destination IP address and port 51820/udp (pass).
'Laptop' is a peer of the only wireguard instance (and is enabled).

VPN - Wireguard - Logfile is empty.
VPN - Wireguard - Satus - Handshake is empty.

If the keys are wrong, shouldn't there be at least a log message?

7

24.7 Production Series / [Solved] Wireguard - No handshake

« on: November 13, 2024, 09:01:20 pm »

Hi everyone,

Using a public wifi I'm trying to connect to my home LAN.

In the logs of OPNsense (via Graylog) I see some incoming packets on WAN port 51820 (pass).

There are no firewall rules on the wireguard interface.
There is one rule on Wireguard (Group): Any IPv4 to one private subnet (/24).

Why is there no handshake when I connect from my Linux Mint laptop?
The public wifi isn't the problem I think. There are incoming packets on OPNsense.

8

Hardware and Performance / Re: 4G/5G dongle recommendation?

« on: July 07, 2024, 09:29:59 pm »

Solved with a 4G dongle (Alcatel IK41xx).

Configured WAN interface with USB device (ue0) and DHCP.
The WAN IP address is a private IP address of the dongle.
All fine now.

Key was to remove the PIN code from the SIM card.
Can't tell how that was done. That was done by the store where I bought the Sim card.
Something like put SIM in a smartphone and remove the PIN.

9

Hardware and Performance / Re: 4G/5G dongle recommendation?

« on: July 03, 2024, 11:46:20 am »

Thanks for your replies,
The M6 I saw, but for me it's too expensive for only bridging a gap for a month between two DSL providers.

Because it's a temp solution, switching software is not an option now.

10

Hardware and Performance / [Solved] 4G/5G dongle recommendation?

« on: July 02, 2024, 07:56:20 pm »

Hi,

Today I tried to use a Huawei E3372H. No luck
Read online that model has to be flashed (to S version)

Does anyone has a recommendation for a similar dongle that is supported by OPNsense?
It is a failover for DSL. My DSL is down for now.
Posting from a public hotspot.

The Acer D5 Connect Predator does not work because there is not enough power on the USB port.

11

21.1 Legacy Series / OpenVPN client: Select remote server at random (over time?)

« on: May 31, 2021, 06:18:28 pm »

Hello,

For my internet connection I use a VPN provider.
In the client configuration I have the option 'Select remote server at random' checked.

Assumming that selecting the server is at service start, can it be done over time?
Every x hour connect to a different VPN server.
Via WebGUI or cronjob.

12

21.1 Legacy Series / Re: IGMP proxy configuration (changed subject)

« on: May 30, 2021, 01:02:39 am »

Now I got no pictures at all.
No traffic from IPTV interface. Do have an IP address on IPTV interface (dhcp)
Upgraded to 21.1.6

When I switch to pfSense all is ok (no hardware or cable changes, only other vm and same configuration I think).

Anyone any idea what to check/configure?

13

21.1 Legacy Series / Re: IGMP proxy not started

« on: May 29, 2021, 11:22:08 am »

@RedVortex: Same configuration here. Only other vlan numbers.

> Also, you do not put any network on the downstream interface, only on the upstream.
The upstream networks are from the ISP(IPTV). They are correct (TV channels are visible now)
Downstream network is private subnet on seperate interface
Setup has three network interfaces: WAN/LAN/STB.

Rules:
IPTV (incoming):
IPv4 * * * gw IPTV if
Allow options was off (my bad, sorry) now enabled.

Difference now is that I can see the channels.
But only for a few seconds. Then it freezes.

Settop box:
I have specific rules for the separate network interface. No blocking traffic for what I can see.
DHCP (from OPNsense) works.
DNS is set in the DHCP server to DNS servers of the ISP.

I will review all the settings again. Done this so many time now I'm missing things (like allow options).
Thanks for your help.

Do you have any hints on the picture freeze? On forums I read other people posting this but can't remember what solved it.

14

21.1 Legacy Series / Re: IGMP proxy not started

« on: May 15, 2021, 08:30:13 am »

Code: [Select]

ps aux | grep igmpReturns the process.
The error in the log remains so I can't use igmp proxy.

15

21.1 Legacy Series / IGMP proxy configuration (changed subject)

« on: May 13, 2021, 05:48:13 pm »

Hi,

Trying to configure IPTV.
I think (not fully 100% sure) fw is not blocking traffic and routing correct.

Not installed/upgraded any igmp proxy packages/plugins myself. It came with the installation 
Configured igmpproxy with upstream/downstream.
These settings are correct. Working on other fw software.

Dashboard shows igmpproxy started but it isn't. (ps -ef|grep igmp)
Also see the log message.

How can igmpproxy be started?