Messages

1

24.7 Production Series / Re: NAT works for Windows Client but not for Linux

« on: August 27, 2024, 11:03:47 am »

Try passing through the WAN network interface to OPNsense rather than bridging it.

https://pve.proxmox.com/wiki/PCI_Passthrough

its not practical in my setup, OPNsense just breaks to often in updates to give it the only nic of the server with passthrough.

2

24.7 Production Series / Re: NAT works for Windows Client but not for Linux

« on: August 27, 2024, 10:25:23 am »

It never stops to amaze me: I installed an Desktop Linux and NAT works, but it wont work in an linux debian server and talos, veeery strange. also 3cx debian iso had a hard time and now it works.

3

24.7 Production Series / NAT works for Windows Client but not for Linux

« on: August 27, 2024, 07:56:24 am »

I set up proxmox on an public root server. all traffic besides of port 22 and 8006 is directed to opnsense

now ive got 2 network bridges for opnsense, 1 for the wan and 1 for the lan. dhcp server is enabled on the lan.

hosts in the "lan" get IP addresses from opnsense. ive got a virtual windows 11 client where dns resolution and NAT for internet access works.

however if I boot up a linux server/client DNS doenst work, but the firewall logs dont show any blocks. also unbound only registers dns querys from the windows client and single hits from the linux servers but they dont get responses or not all and hang in a loop

i tried different network card setups in proxmox for linux, but to no avail.

im kind of running out of ideas (opnsense is ofc updated)

4

24.1 Legacy Series / Re: DNS/Connection/NAT Problems since 24.1.8

« on: June 05, 2024, 07:15:07 pm »

after every reboot DNS doent work, only after changeing and saving something on the wan interface.

5

24.1 Legacy Series / DNS/Connection/NAT Problems since 24.1.8

« on: June 02, 2024, 09:31:41 pm »

I have set my OPNsense installations to auto-update. yesterday 24.1.8 broke connectivity on my 24+ months updated systems.

It doesnt seem to be one single behaviour/option that is the issue:

I have on  all locations (private) double NAT setups, all connected with wireguard side to side vpn and using an openvpn tunnel for some asn.

all was working fine. buuuut then i started to pull my hair out.

dns was blocked, ping was blocked, unbound not responding.

it worked on and off playing with options like "dont use local nameserver", but stopped without changing options.

I noticed that the WAN IP was set to a /32 subnet (and therefore i couldnt reach the Modem), changed that to 24.

I noticed that it started working if i set the bogus and private adresses block on the WAN interface (how?) and it stopped everytime I restarted the openvpn tunnel.

Right now it works as long the openvpn tunnel is running, but it shouldnt route tru this tunnel (only 2 ASN)

6

Virtual private networks / Re: Wireguard S2S Routing from single Concentrator

« on: July 12, 2022, 09:33:27 pm »

No, they are in live log on the WG interface and not blocked. I tried an outbound nat but also to no avail, I don't get where they are blocked/not forwarded

7

Virtual private networks / Wireguard S2S Routing from single Concentrator

« on: July 08, 2022, 09:30:57 am »

Hi I have the following problem:

I have multiple sites (no overlapping ip ranges)
All of them are connected to a central wireguard server.
Routing from the central network to all connected works. Site A to all others and vice versa. What doesn't work is to connect from Site B to Site C.

If I add routes on Site B for Site C to use the connection to Site A it doesn't work.

8

22.1 Legacy Series / os-firewall with aliases and schedules

« on: April 29, 2022, 07:17:06 am »

Hi, is it possible to use aliases and schedules with the os-firewall "automation" plugin? the UI seems to be very restricted.

9

21.7 Legacy Series / Wireguard-kmod wont start with certain configs

« on: October 25, 2021, 10:30:06 am »

I have 3 locations, all running the latest version of opnsense 21.7.3_3, all with wireguard plugin 1.7 and wireguard-kmod 0.0.20210606_1

Site A (10.23.9.12 as Tunnel-Address)
Peer and Handshake to Site B + C works

Site B (10.23.9.80 )
Peer and Handshake to Site A
Peer listed for C

Site C (10.23.9.95 )
Peer and Handshake to Site A
Endpoint B need to be disabled to start Wireguard, with B enabled

If I enable Endpoint B on Site C it wont start. I had the same behaviour on Site B with Endpoint C, I have the feeling but suddenly its reversed.

10

Virtual private networks / IPSec S2S Routing into Remote Network / SSH works HTTP not

« on: January 22, 2021, 10:01:33 am »

Following Setup:

Site A)
Cable-Modem in Router-Mode (1 Public-IP)
192.168.12.0/24
connected to OpnSense-Box
WAN: 192.168.12.10 (DMZ of Cable-Modem-Router)
LAN: 10.11.20.0/24

Site B)
LTE-Modem in Router-Mode (1 Public-IP)
192.168.95.0/24
connected to OpnSense-Box
WAN: 192.168.95.10 (DMZ of Cable-Modem-Router)
LAN: 10.95.0.0/24

I can establish the tunnel and access the webinterface of the remote opnsense box but cant access websites on the remote network. however, I can ping the hosts on the remote network and even login via ssh.