1
Virtual private networks / Re: OpenVPN Instances - Ignore Redirect Gateway
« on: September 20, 2024, 08:22:54 pm »
I'm using it as a client.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Virtual private networks / Re: OpenVPN Instances - Ignore Redirect Gateway
« on: September 20, 2024, 05:39:16 pm »
Is there a place in the new Instances to do this??
It doesn't seem obvious to me if so.
It doesn't seem obvious to me if so.
3
Virtual private networks / OpenVPN Instances - Ignore Redirect Gateway
« on: September 20, 2024, 02:41:45 am »
Hello,
OpenVPN states
https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
Thanks.
OpenVPN states
Code: [Select]
--pull-filter ignore redirect-gateway is the preferred way to override server pushes to redirect traffic to gateway. Does the new Opnsense Instances handle this method? I'm using Code: [Select]
--route-nopull for now. I dont see anything like it in the Client Specific Overrides section either.https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
Thanks.
4
23.1 Legacy Series / Re: WAN interface fails to reconnect after outage
« on: January 13, 2024, 05:44:52 pm »
This annoys me as well. Have you found a solution besides CRON?
5
General Discussion / Wireguard Site-to-Site CG-NAT
« on: February 24, 2022, 02:39:45 pm »
If I rent a VPS server (public static ip) and my home connection is behind CG-NAT, is it possible to establish a site to site connection with wireguard to allow access to my home network and do port forwarding? Is this the best solution?
6
General Discussion / Multiwan & Wireguard/uPnP issues
« on: February 13, 2022, 01:23:49 am »
Hello,
I've exhausted my abilities in trying to get my wireguard & upnp working ever since I setup MultiWAN. I setup a Group Interface, both tier 1, load balanced & failover. Everything works fantastic, except my Wireguard & uPnP now do not function. They worked great before. I have a sense from searching and reading that there may be conflicts between traffic leaving the different interfaces that could be the cause (assuming they're related).
I created a rule for my gaming PC on LAN to go out:
Source [gaming ip] * * * Gateway [main WAN] and that is working, it's keeping it on my cable internet.
Problem is, uPnP is now broken somehow & I cannot wireguard back home. It fails at handshaking.
Does anyone have any ideas what firewall rules / nat outbounds / etc that might change for those items if you move to a MultiWAN - balanced, failover situation?
Thanks
------------
Regarding WG:
Did TCP Dump:
Handshake comes into WAN1 (correct)
Response comes through WAN2 (WG doesn't honor, handshake fails)
Any firewall rules that could solve this? Most appropriate rule to write?
Is this solvable with a firewall rule? Or does WG interface just not care where it sends the response.
Regaring uPnP
2022-02-13T19:29:25-06:00 Error miniupnpd try_sendto(sock=13, len=505, dest=[ff02::c]:1900): sendto: Can't assign requested address
This applies to many interfaces, not just ipv6 LL
-----------------------------------------
Both of these services are tied to the WAN1 interface, yet neither seems to honor
I've exhausted my abilities in trying to get my wireguard & upnp working ever since I setup MultiWAN. I setup a Group Interface, both tier 1, load balanced & failover. Everything works fantastic, except my Wireguard & uPnP now do not function. They worked great before. I have a sense from searching and reading that there may be conflicts between traffic leaving the different interfaces that could be the cause (assuming they're related).
I created a rule for my gaming PC on LAN to go out:
Source [gaming ip] * * * Gateway [main WAN] and that is working, it's keeping it on my cable internet.
Problem is, uPnP is now broken somehow & I cannot wireguard back home. It fails at handshaking.
Does anyone have any ideas what firewall rules / nat outbounds / etc that might change for those items if you move to a MultiWAN - balanced, failover situation?
Thanks
------------
Regarding WG:
Did TCP Dump:
Handshake comes into WAN1 (correct)
Response comes through WAN2 (WG doesn't honor, handshake fails)
Any firewall rules that could solve this? Most appropriate rule to write?
Is this solvable with a firewall rule? Or does WG interface just not care where it sends the response.
Regaring uPnP
2022-02-13T19:29:25-06:00 Error miniupnpd try_sendto(sock=13, len=505, dest=[ff02::c]:1900): sendto: Can't assign requested address
This applies to many interfaces, not just ipv6 LL
-----------------------------------------
Both of these services are tied to the WAN1 interface, yet neither seems to honor
7
Tutorials and FAQs / Re: Zabbix - OPNsense Services
« on: February 12, 2022, 01:34:03 am »
interested.
8
High availability / Re: [Guide - WIP]WAN failover to mobile hotspot
« on: July 25, 2021, 05:20:52 am »9
High availability / Re: [Guide - WIP]WAN failover to mobile hotspot
« on: July 24, 2021, 04:43:26 pm »
Well....?
I'm waiting.
I did find this:
https://brendonmatheson.com/2020/08/07/wan-failover-to-4G-with-pfsense.html
I'm likely going to set this up as well. Doesn't look hard but I have to find my wireless antennas first!
--------------------
UPDATE
Good luck! I never got mine to connect properly. Getting an IPV4 add from my phone was a complete failure and I was able to get IPV6 going and connected but something was VERY wrong. Then I disabled IPV6 and OPNsense could never figure it out and continued to show ipv6 addresses - I got an IPV4 ONLY when I enabled IPV6 and that was SPOTTY. It ruined my LTE connection on my phone until the carrier refreshed it.
It did *not* go well... Maybe its an iphone thing? I dunno. Not even CLOSE to getting the failover part going.
I'm waiting.
I did find this:
https://brendonmatheson.com/2020/08/07/wan-failover-to-4G-with-pfsense.html
I'm likely going to set this up as well. Doesn't look hard but I have to find my wireless antennas first!
--------------------
UPDATE
Good luck! I never got mine to connect properly. Getting an IPV4 add from my phone was a complete failure and I was able to get IPV6 going and connected but something was VERY wrong. Then I disabled IPV6 and OPNsense could never figure it out and continued to show ipv6 addresses - I got an IPV4 ONLY when I enabled IPV6 and that was SPOTTY. It ruined my LTE connection on my phone until the carrier refreshed it.
It did *not* go well... Maybe its an iphone thing? I dunno. Not even CLOSE to getting the failover part going.
10
20.7 Legacy Series / Re: Need IPv6 Help - cannot get internet access
« on: February 16, 2021, 10:56:08 pm »
marjohn,
Do these settings look right to you? I have disabled the DHCPDv6 Server and unchecked "Manual" config.
RADVD
dhcpdv6
Do these settings look right to you? I have disabled the DHCPDv6 Server and unchecked "Manual" config.
RADVD
Code: [Select]
# Automatically generated, do not edit
# Generated config for dhcp6 delegation from wan on opt2
interface igb2 {
AdvSendAdvert on;
AdvLinkMTU 1500;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix 2601:xxxxxxxxxxx::/64 {
AdvOnLink on;
AdvAutonomous on;
};
RDNSS 2601:xxxxxxxxx { };
DNSSL hidef.lan { };
};dhcpdv6
Code: [Select]
option dhcp6.domain-search "hidef.lan";
default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;
subnet6 2601:xxxxxx::/64 {
range6 2601xxxxxx::1000 2601:3xxxxxxx::2000;
option dhcp6.name-servers 2601:xxxxxxxx;
prefix6 2601:3xxxxxxxx:: 2601:xxxxx::/63;
}
ddns-update-style none;
11
20.7 Legacy Series / Re: Need IPv6 Help - cannot get internet access
« on: February 16, 2021, 05:06:15 pm »
Thank you. I will look into the "auto" mode. It definitely was NOT working until I used the manual config (even with a Win10 PC), so not sure what happened there. It was even passing an IP (global) to my computer but for some reason had no internet connectivity.
As it turns out, Xbox is NOT capable of IPv6 only. You must use a dual-stack. It has been interesting having a temporary IPv6 network to play on. It's pretty much useless! I can surf to a handful of websites and some of the IPv6 testing points and that's about it. It makes me wonder about the long-term adoption of this standard and I must say it's pretty damn complicated! (at least to me - compared to IPv4)
I'm going to switch to dual stack to get XBox Live working and I will report back. Something is not quite right with my IPv6, a la the not functioning until put in manual mode. I suspect some sort of DNS issue or Radvd.
Thank you for your help. I will update.
UPDATE: Making progress - I have one xbox on my IPv6/IPv4 subnet & it *CAN* play with the other xbox with no errors. This looks promising and would work as a solution even as it stands. I'm going to attempt to get both Xboxes IPv6 address and put them on same subnet and see if there are any networking issues. Interesting note: the IPv6 xbox shows strict NAT... still no issues with any matchmaking or gaming (perhaps sort of a legacy piece of info hopefully!) I made zero attempts to setup uPnP or Port forwarding/NAT on my IPv6 network... still games fine so far.
As it turns out, Xbox is NOT capable of IPv6 only. You must use a dual-stack. It has been interesting having a temporary IPv6 network to play on. It's pretty much useless! I can surf to a handful of websites and some of the IPv6 testing points and that's about it. It makes me wonder about the long-term adoption of this standard and I must say it's pretty damn complicated! (at least to me - compared to IPv4)
I'm going to switch to dual stack to get XBox Live working and I will report back. Something is not quite right with my IPv6, a la the not functioning until put in manual mode. I suspect some sort of DNS issue or Radvd.
Thank you for your help. I will update.
UPDATE: Making progress - I have one xbox on my IPv6/IPv4 subnet & it *CAN* play with the other xbox with no errors. This looks promising and would work as a solution even as it stands. I'm going to attempt to get both Xboxes IPv6 address and put them on same subnet and see if there are any networking issues. Interesting note: the IPv6 xbox shows strict NAT... still no issues with any matchmaking or gaming (perhaps sort of a legacy piece of info hopefully!) I made zero attempts to setup uPnP or Port forwarding/NAT on my IPv6 network... still games fine so far.
12
20.7 Legacy Series / Re: Need IPv6 Help - cannot get internet access
« on: February 16, 2021, 04:16:13 am »
*********UPDATE*********
I have gotten internet access now, but DNS issues abound. Resolves many address, fails to resolve about 50%. Not sure why... Will watch firewall logs.
For future reference if anyone stumbles onto thread:
Firewall settings[OPT*]: (the only one besides auto generated - I assume this gets my connection to internet)
PASS IPv6 * OPT2 net * * * * *
INTERFACES
[OPT*]
TRACK IPV6 INTERFACE
Must select **Manual Configuration**
Setup SERVICES
DHCPv6
Enable DHCPv6 Server
Add a "Range" ex - ::1:2:3:4 - ::1:2:3:9
SERVICES
ROUTER ADVERTISEMENTS
Select Managed
Priority = High
I have gotten internet access now, but DNS issues abound. Resolves many address, fails to resolve about 50%. Not sure why... Will watch firewall logs.
For future reference if anyone stumbles onto thread:
Firewall settings[OPT*]: (the only one besides auto generated - I assume this gets my connection to internet)
PASS IPv6 * OPT2 net * * * * *
INTERFACES
[OPT*]
TRACK IPV6 INTERFACE
Must select **Manual Configuration**
Setup SERVICES
DHCPv6
Enable DHCPv6 Server
Add a "Range" ex - ::1:2:3:4 - ::1:2:3:9
SERVICES
ROUTER ADVERTISEMENTS
Select Managed
Priority = High
13
20.7 Legacy Series / Need IPv6 Help - cannot get internet access
« on: February 16, 2021, 01:06:56 am »
Hello, I have a 4 NIC router running 20.7 OPNsense and I am trying, without luck, to create an IPv6 only network on one of the interfaces (OPT2) to connect my Xboxes so I can game on both at the same time.
I have Comcast Xfinity and here is my IP arrangement (sorry I don't really know anything about IPv6 and the more I read the worse it's getting).
OVERVIEW OF INTERFACES
WAN INTERFACE
-IPv6 IP 2001:xxxx/128
-Delegated prefix of 2601:xxx/60
-Gateway fe80
OPT2
-IPv6 IP 2601:(matches del prefix)
-fe80 local link add
COMPUTER/XBOX
Computer pulls a 2601:: address
Xbox does NOTHING, will not pull an IPv6 address
INTERFACES SETUP
WAN
IPv6 Config Type = DCHPv6
DHCPv6 client config
prefix deleg size =60
no boxes checked
OPT2
IPv4 config - none
IPv6 config - TRACK INTERFACE
IPv6 Interface - WAN
DNS - google IPv6 servers upstream on WAN_DHCP6
Firewall rules - (I cannot get these figured out, I've tried so many)
PASS IPv6 * OPT2 net * * * * *
PASS IPv6 * fe80::/10 * * * * *
It appeared to be blocking some local multicasting and originally had NO rules setup other than the "Allow access to DHCPv6 server auto gens"
NOTES:
I can ping off WAN & OPT2 to internet. Computer / Xbox does NOTHING - it's DOA.
Sorry I don't know more technically about how to shape this scenario, but I have not found any info after hours and hours of reading & searching. I assume there are probably multiple problems that I can't figure out how to resolve or even make steps toward completing.
Thank you,
HiDef
I have Comcast Xfinity and here is my IP arrangement (sorry I don't really know anything about IPv6 and the more I read the worse it's getting).
OVERVIEW OF INTERFACES
WAN INTERFACE
-IPv6 IP 2001:xxxx/128
-Delegated prefix of 2601:xxx/60
-Gateway fe80
OPT2
-IPv6 IP 2601:(matches del prefix)
-fe80 local link add
COMPUTER/XBOX
Computer pulls a 2601:: address
Xbox does NOTHING, will not pull an IPv6 address
INTERFACES SETUP
WAN
IPv6 Config Type = DCHPv6
DHCPv6 client config
prefix deleg size =60
no boxes checked
OPT2
IPv4 config - none
IPv6 config - TRACK INTERFACE
IPv6 Interface - WAN
DNS - google IPv6 servers upstream on WAN_DHCP6
Firewall rules - (I cannot get these figured out, I've tried so many)
PASS IPv6 * OPT2 net * * * * *
NOTES:
I can ping off WAN & OPT2 to internet. Computer / Xbox does NOTHING - it's DOA.
Sorry I don't know more technically about how to shape this scenario, but I have not found any info after hours and hours of reading & searching. I assume there are probably multiple problems that I can't figure out how to resolve or even make steps toward completing.
Thank you,
HiDef
Pages: [1]