1
24.7 Production Series / Re: Wiregaurd Widget - Feature request
« on: August 14, 2024, 05:27:05 pm »
@Monviech it really looks great and I love how all the VPN widgets look alike now... Great work... BTW congrats on the new Job 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.7 Production Series / Re: Wiregaurd Widget - Feature request
« on: August 14, 2024, 04:58:56 pm »
Looks great... Black boxes added for privacy in the screenshot below
3
24.7 Production Series / Re: simple network monitoring (like smokeping)
« on: August 10, 2024, 03:58:32 pm »
You can do the monitoring with monit easily enough... not sure about the notification other than email though.... but under monit advanced settings there are some options for logging to another file and httpd server...
See This Link "Monitor Wiregaurd Tunnel on OPNsense"
https://nicholassaraniti.com/2024/07/30/monitor-wiregaurd-tunnel-on-opnsense/
TLDR;
Services -> Monit -> Settings -> Service Test Settings
Add Test
Name: WG_VPN_ALERT
Condition: failed ping address INSERT SOURCE IP
Action: Alert
Services -> Monit -> Settings -> Service Settings
Add Service
Enable Service Checks: Checked
Name: WG_VPN
Type: Remote Host
Address: INSERT DESTINATION IP
Tests: WG_VPN_ALERT
See This Link "Monitor Wiregaurd Tunnel on OPNsense"
https://nicholassaraniti.com/2024/07/30/monitor-wiregaurd-tunnel-on-opnsense/
TLDR;
Services -> Monit -> Settings -> Service Test Settings
Add Test
Name: WG_VPN_ALERT
Condition: failed ping address INSERT SOURCE IP
Action: Alert
Services -> Monit -> Settings -> Service Settings
Add Service
Enable Service Checks: Checked
Name: WG_VPN
Type: Remote Host
Address: INSERT DESTINATION IP
Tests: WG_VPN_ALERT
4
24.7 Production Series / Re: Multi-gateway rules not working after 24.7 upgrade
« on: August 10, 2024, 03:47:09 pm »
I can confirm that this is happening... I'm not sure its always sticking to the lowest numbered gateway though... Mine failed from primary (252) to secondary (253)... After primary was back up there was nothing I could do to push traffic back to it.. even when disabling the secondary (253) gateway traffic still flowed through secondary (253) and not primary (252).
The only way to restore traffic back to the primary (252) gateway was to reboot... This was definitely introduced in 24.7.
And yes, all changes were "Applied"... I even re-started the interface multiple times.
In addition, for whatever reason, when multiple gateways are enabled, sometimes after reboot they show down on the dashboard, and the only way to get them in an "UP" status is to edit the gateway, change nothing, and apply.
One final note, with multi wan on on 24.1 and starlink you needed "Disable Host Route" checked to be able to use gateway monitoring. On 24.7 Disable Host Route must be UNCHECKED. It doesnt seem to matter for the xfinity/comcast (primary) gateway.
I've been able to replicate all the above amongst multiple sites with the same multi-wan setups.
The only way to restore traffic back to the primary (252) gateway was to reboot... This was definitely introduced in 24.7.
And yes, all changes were "Applied"... I even re-started the interface multiple times.
In addition, for whatever reason, when multiple gateways are enabled, sometimes after reboot they show down on the dashboard, and the only way to get them in an "UP" status is to edit the gateway, change nothing, and apply.
One final note, with multi wan on on 24.1 and starlink you needed "Disable Host Route" checked to be able to use gateway monitoring. On 24.7 Disable Host Route must be UNCHECKED. It doesnt seem to matter for the xfinity/comcast (primary) gateway.
I've been able to replicate all the above amongst multiple sites with the same multi-wan setups.
5
24.7 Production Series / Re: Wiregaurd Widget - Feature request
« on: August 08, 2024, 05:31:16 pm »
Cool.. Sorry I should have searched the PR's
Thanks for the hard work!
Thanks for the hard work!
6
24.7 Production Series / Wiregaurd Widget - Feature request
« on: August 08, 2024, 05:13:51 pm »
Would love to see the green horizontal arrows indicating a wiregaurd connection/tunnel is active like the ipsec tunnel widget uses.
I understand wiregaurd makes this harder then ipsec to tell if tunnel is active, but maybe we can say if last wiregaurd handshake is < X the tunnel/connection is active and display the green arrows or dot.
I understand wiregaurd makes this harder then ipsec to tell if tunnel is active, but maybe we can say if last wiregaurd handshake is < X the tunnel/connection is active and display the green arrows or dot.
7
24.7 Production Series / Re: Gateway falsely marked as down after restart. Works again after clicking "apply"
« on: July 31, 2024, 04:42:14 pm »
@doktornotor I think its safe to use 8.8.8.8 to monitor your gateway... While not perfect, it's probably the best most of us can achieve. Google understands they get lots of pings and mostly respond to ICMP way before it actually gets to their DNS servers. If you have a PUBLIC alternative thats as reliable as google or cloudflare dns I suggest you post it.
This is also why you should make sure you miss more than X pings in a row before considering a gateway down...
My issue appears to be related to "dhcp6c_script: RENEW on igb3 executing"
This is also why you should make sure you miss more than X pings in a row before considering a gateway down...
My issue appears to be related to "dhcp6c_script: RENEW on igb3 executing"
8
24.7 Production Series / {SOLVED] Re: Wiregaurd Monit Remote Host Ping
« on: July 30, 2024, 07:33:50 pm »
SOLVED!
Services -> Monit -> Settings -> Service Test Settings
Add
Name: WG_VPN_ALERT
Condition: failed ping address INSERT SOURCE IP
Action: Alert
Services -> Monit -> Settings -> Service Settings
Add
Enable Service Checks: Checked
Name: WG_VPN
Type: Remote Host
Address: INSERT IP TO PING
Tests: WG_VPN_ALERT
Services -> Monit -> Settings -> Service Test Settings
Add
Name: WG_VPN_ALERT
Condition: failed ping address INSERT SOURCE IP
Action: Alert
Services -> Monit -> Settings -> Service Settings
Add
Enable Service Checks: Checked
Name: WG_VPN
Type: Remote Host
Address: INSERT IP TO PING
Tests: WG_VPN_ALERT
9
24.7 Production Series / Wiregaurd Monit Remote Host Ping
« on: July 30, 2024, 07:02:44 pm »
I want to use Monit to monitor if my Wiregaurd tunnel is up. But using "Remote Host" with a private IP doesnt seem to work (monit must be pinging from the WAN). Is there any way to tell monit to ping a host on the LAN or WG0?
Is there any other suggested way to monitor and get alerted when a Wiregaurd site to site VPN is down?
Setting the SOURCE address works in diagnostics, but I dont know how to do this in monit.
Is there any other suggested way to monitor and get alerted when a Wiregaurd site to site VPN is down?
Setting the SOURCE address works in diagnostics, but I dont know how to do this in monit.
10
24.7 Production Series / Re: Gateway falsely marked as down after restart. Works again after clicking "apply"
« on: July 30, 2024, 07:00:36 pm »
I'm also having this problem, but only in IPv6 gateways... and across multiple installs... The Ipv6 gateway for all my starlink connections has to be "edited" then applied before its considered up. All installs have other default gateways and starlink IPv4 gateways that dont require this.
11
24.1 Legacy Series / Re: KEA DHCP reserevation too sticky
« on: June 12, 2024, 05:32:27 pm »
Allowing the lease to expire resolved the conflict.. But there "Should" be a way to manually remove addresses before their expiry in the GUI
12
24.1 Legacy Series / Re: KEA DHCP reserevation too sticky
« on: June 12, 2024, 03:40:19 am »
Yes, Same issue... The lease should expire sometime tomorrow which I'm hoping will remove it.
13
24.1 Legacy Series / KEA DHCP reserevation too sticky
« on: June 11, 2024, 10:21:44 pm »
I made the switch to KEA with no issues. I have my lease time set to 86400. I have a reservation for 10.11.12.45 everything working fine. Now I have updated the MAC (upgraded server), and the new machine cant get the IP because the old MAC is still in the existing leases list with the old MAC (because it hasn't expired im guessing). There doesn't appear to be any way of manually removing the old reservation from the list (I have even set the expiry down to a min a rebooted with no luck).
Is the a system I can edit file or API call I can make to remove this lease before it expires?
Is the a system I can edit file or API call I can make to remove this lease before it expires?
14
24.1 Legacy Series / Re: KEA DHCP where to set DNS?
« on: April 21, 2024, 01:22:59 am »
For anyone else looking for this uncheck the AUTOCOLLECT box and you will be able to set gateway and dns.
15
24.1 Legacy Series / KEA DHCP where to set DNS?
« on: April 21, 2024, 01:19:29 am »
I don't see anywhere in the KEA settings to set DNS to be sent to clients when they DHCP... They are all just getting the IP gateway as the DNS. Am I missing something? My Gateway is 10.11.12.100, and I would like DNS to be 10.11.12.254,10.11.12.253.