Messages

I have tried 3 machines now and all of them get this. These are all installed.

./backup-opnsense.sh: line 7: date: command not found
./backup-opnsense.sh: line 7: curl: command not found
./backup-opnsense.sh: line 10: find: command not found

I have a few wireguard interfaces one linking to my linode instance. I cant seem to get linode to connect to snmp over the tunnel. Wg0 interface on the firewall has a open firewall rule. I can ping all the devices on my LAN. I can also access SNMP on the firewall from a LAN device, just not Linode. Im guessing im missing another rule of some kind?

I have made a simple diagram and included ss from SiteA(opnsense). Hopefully this clears it up.

https://imgur.com/a/uQRUcZ4

I have working on getting 2-3 site to sites setup. The first one is between 2 opnsense firewalls which was a pretty simple process. This 2nd one im working is between opnsense(A) and UbuntuLXC(B). This probably isnt an opnsense issue but figured Id ask here since I am using opnsense at one end.

I have gotten as far as being able to ping B from A but no matter what I try I cannot ping A from B. When I check wg on B there is a handshake but simply no traffic to be had. Below is my config on Site B. Im not 100% sure if the post up and down are correct. The router/firewall that site B has is ISP supplied so it doesnt really have many options for firewall. Bascially it allows for port forwarding, and static routes.

Site B Config

[Interface]
Address = 10.0.10.1/24
ListenPort = 51820
privatekey = MHYvEzm2jHXxxxxxxxxx
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = bQ025Gc06lxxxxxxxxxxx
AllowedIPs = 10.0.10.2/32,192.168.10.0/24
Endpoint = mydomain.ca:51820
On Site A I have a rule on wg0 interface to allow traffic from 192.168.1.0/24 to 192.168.10.0/24 and 10.0.2.8 to 192.168.10.0/24.

Could it be the lack of firewall or routing control preventing me from setting this up on B?

Been trying forever to get this working. I have set an app password and using my normal user. But the logs are just showing errors and telling me to check config. Any thoughts?

Code Select Expand

2022-10-30T15:30:33-04:00 Error php Check Nextcloud configuration parameters
2022-10-30T15:30:33-04:00 Error php {"url":"https:\/\/cloud.mydomain.ca\/remote.php\/dav\/files\/mike\/","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":0,"redirect_count":0,"total_time":60.000495,"namelookup_time":0.001753,"connect_time":0,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"","certinfo":[],"primary_port":0,"local_ip":"","local_port":0,"http_version":0,"protocol":0,"ssl_verifyresult":0,"scheme":"","appconnect_time_us":0,"connect_time_us":0,"namelookup_time_us":1753,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":60000495}
2022-10-30T15:30:33-04:00

Iv thought about simply using rsync...is this even possible? I already save my nextcloud files outside of nextcloud to an offsite backup so its the only reason I was going to use nextcloud.

Edit:  I have created the folder in nextcloud but now in the opnsense logs I get

Error while fetching filelist from Nextcloud '/.' path
Cannot get real username

That LAN rule is for the remote clients that are already setup using wireguard. Figured it would use the same rule to pipe the traffic through.

Edit: Oh you mean on the Homelab interface? Sorry, that allow to LAN rule is non related to this wireguard setup. But I will try that.

Allowed network where? in the endpoint or a firewall rule?

I have been using wireguard for a while in a remote server config with a few client endpoints but this time I trying to set up a site to site with just two windows servers communicating with each other and I can seem to figure out why i cant ping each other.

https://imgur.com/a/FplR0yh

Site B server is sitting on LAN but on Site A I have it in another VLAN(Homelab). I blocked all homelab traffic to LAN except the windows server. (This doesnt really matter in this case)

I noticed yesterday if I try to ping from Site A to B I cant ping. But....if I started to ping from B to A it responds and I can then ping from A to B. Today doesnt seem like any reponse is happening. I tracert on each system but they dont make it past the firewall.

Can't seem to find where this is located on opnsense. Does anyone know the path?

Anyone? Im feeling it might be a bug as on each interface, I have the registered static dhcp entry checked but hostnames only resolve on LAN.

I have a VLAN that I have setup for my homelab devices to keep it isolated. I have allowed my desktop from the LAN to access that VLAN. I have no problem with using IP addresses.

LAN - 192.168.10.1
HOMELAB(VLAN 30) - 192.168.30.1

I have the adguard plugin setup on opnsense and unbound using port 5353. In adguard, I have an upstream entry for [/local/]127.0.0.1:5353. When I ping a device with its hostname, I just get host not found.

I feel like its something simple like FW rule or something. I dont have any rules pertaining to dns atm as I didnt seem to need any. In the VLAN interface on Opnsense, the dns server is blank and using the default in settings/general which is the LAN gateway.

Has anyone setup keepalived to sync with this with a second instance on another server for high availability?

Hmm guess not. I guess if I tried this it would be best on something else than the firewall.

Has anyone setup keepalived to sync with this with a second instance on another server for high availability?

I also noticed that when I ping my vlan for some reason I get a response from a random ip that used to be a vm. Not sure why the heck thats showing, it had nothing to do with DNS.

Ping from 192.168.10.15

Pinging 192.168.30.4 with 32 bytes of data:
Reply from 192.168.30.7: Destination host unreachable.
Request timed out.

I have a single VLAN that is excluded from my main LAN but I have aliases set up to allow connection from my computer to that vlan. For what its worth, I have the adguard home port installed and in use for my dns filtering. I have unbound still enabled on port 5353. In unbound I have checked register dhcp leases and static mappings.

LAN - 192.168.10.1
VLAN - 192.168.30.1

The thing I have noticed that when I try to connect to the VLAN even by a simple ping or to access a web ui. It will hang on a first attempt. If I cancel and ping again or refresh the page it connects without issue. Im not exactly where this is happening. Its acting is if there is no route table created or something. I also cannot contact using the hostnames. Within LAN there doesnt seem to be an issue with hostnames or connecting first try.

Would love some insight into why this could be happening. Forgive me if this isnt enough info, just ask and il be happy to provide.

The thing I have noticed that when I try to connect to another VLAN even by a simple ping or to access a web ui. It will hang on a first attempt. If I cancel and ping again or refresh the page it connects without issue. Im not exactly where this is happening. Its acting is if there is no route table created or something. Would love some insight into why this could be happening. Forgive me if this isnt enough info, just ask and il be happy to provide.