Messages

I'm using it as a client.

[Instances]

Is there a place in the new Instances to do this??
It doesn't seem obvious to me if so.

[Instances]

Hello,

OpenVPN states

Code Select Expand

--pull-filter ignore redirect-gateway is the preferred way to override server pushes to redirect traffic to gateway.  Does the new Opnsense Instances handle this method?  I'm using

Code Select Expand

--route-nopull for now.  I dont see anything like it in the Client Specific Overrides section either.

https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway

Thanks.

This annoys me as well.  Have you found a solution besides CRON?

If I rent a VPS server (public static ip) and my home connection is behind CG-NAT, is it possible to establish a site to site connection with wireguard to allow access to my home network and do port forwarding?  Is this the best solution?

Hello,

I've exhausted my abilities in trying to get my wireguard & upnp working ever since I setup MultiWAN.  I setup a Group Interface, both tier 1, load balanced & failover.  Everything works fantastic, except my Wireguard & uPnP now do not function.  They worked great before.  I have a sense from searching and reading that there may be conflicts between traffic leaving the different interfaces that could be the cause (assuming they're related).

I created a rule for my gaming PC on LAN to go out:
Source [gaming ip] * * * Gateway [main WAN]  and that is working, it's keeping it on my cable internet.

Problem is, uPnP is now broken somehow & I cannot wireguard back home.  It fails at handshaking.

Does anyone have any ideas what firewall rules / nat outbounds / etc that might change for those items if you move to a MultiWAN - balanced, failover situation?

Thanks
------------
Regarding WG:
Did TCP Dump:
Handshake comes into WAN1 (correct)
Response comes through WAN2 (WG doesn't honor, handshake fails)

Any firewall rules that could solve this?  Most appropriate rule to write?
Is this solvable with a firewall rule?  Or does WG interface just not care where it sends the response.

Regaring uPnP
2022-02-13T19:29:25-06:00   Error   miniupnpd   try_sendto(sock=13, len=505, dest=[ff02::c]:1900): sendto: Can't assign requested address
This applies to many interfaces, not just ipv6 LL
-----------------------------------------

Both of these services are tied to the WAN1 interface, yet neither seems to honor

interested.

Is this literally a 12 year old bug?

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132722

Well....?
I'm waiting.

I did find this:
https://brendonmatheson.com/2020/08/07/wan-failover-to-4G-with-pfsense.html

I'm likely going to set this up as well.  Doesn't look hard but I have to find my wireless antennas first!
--------------------
UPDATE
Good luck!  I never got mine to connect properly.  Getting an IPV4 add from my phone was a complete failure and I was able to get IPV6 going and connected but something was VERY wrong.  Then I disabled IPV6 and OPNsense could never figure it out and continued to show ipv6 addresses - I got an IPV4 ONLY when I enabled IPV6 and that was SPOTTY.  It ruined my LTE connection on my phone until the carrier refreshed it. 

It did *not* go well...  Maybe its an iphone thing?  I dunno.  Not even CLOSE to getting the failover part going.

marjohn,

Do these settings look right to you?  I have disabled the DHCPDv6 Server and unchecked "Manual" config.

RADVD

Code Select Expand


# Automatically generated, do not edit
# Generated config for dhcp6 delegation from wan on opt2
interface igb2 {
AdvSendAdvert on;
AdvLinkMTU 1500;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix 2601:xxxxxxxxxxx::/64 {
AdvOnLink on;
AdvAutonomous on;
};
RDNSS 2601:xxxxxxxxx { };
DNSSL hidef.lan { };
};

dhcpdv6

Code Select Expand

option dhcp6.domain-search "hidef.lan";

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;

subnet6 2601:xxxxxx::/64 {
  range6 2601xxxxxx::1000 2601:3xxxxxxx::2000;
  option dhcp6.name-servers 2601:xxxxxxxx;
  prefix6 2601:3xxxxxxxx:: 2601:xxxxx::/63;
}

ddns-update-style none;

[NOT]

Thank you.  I will look into the "auto" mode.  It definitely was NOT working until I used the manual config (even with a Win10 PC), so not sure what happened there.  It was even passing an IP (global) to my computer but for some reason had no internet connectivity.

As it turns out, Xbox is NOT capable of IPv6 only.  You must use a dual-stack.  It has been interesting having a temporary IPv6 network to play on.  It's pretty much useless!  I can surf to a handful of websites and some of the IPv6 testing points and that's about it.  It makes me wonder about the long-term adoption of this standard and I must say it's pretty damn complicated! (at least to me - compared to IPv4)

I'm going to switch to dual stack to get XBox Live working and I will report back.  Something is not quite right with my IPv6, a la the not functioning until put in manual mode.  I suspect some sort of DNS issue or Radvd.

Thank you for your help.  I will update.


UPDATE:  Making progress - I have one xbox on my IPv6/IPv4 subnet & it *CAN* play with the other xbox with no errors.  This looks promising and would work as a solution even as it stands.  I'm going to attempt to get both Xboxes IPv6 address and put them on same subnet and see if there are any networking issues.  Interesting note: the IPv6 xbox shows strict NAT... still no issues with any matchmaking or gaming (perhaps sort of a legacy piece of info hopefully!)  I made zero attempts to setup uPnP or Port forwarding/NAT on my IPv6 network...  still games fine so far.

[Must select **Manual Configuration**]

*********UPDATE*********

I have gotten internet access now, but DNS issues abound.  Resolves many address, fails to resolve about 50%.  Not sure why...  Will watch firewall logs.

For future reference if anyone stumbles onto thread:

Firewall settings[OPT*]: (the only one besides auto generated - I assume this gets my connection to internet)
PASS  IPv6  *   OPT2 net   *   *   *   *   *

INTERFACES
[OPT*]
TRACK IPV6 INTERFACE
Must select **Manual Configuration**

Setup SERVICES
DHCPv6
Enable DHCPv6 Server
Add a "Range" ex -   ::1:2:3:4 - ::1:2:3:9


SERVICES
ROUTER ADVERTISEMENTS
Select Managed
Priority = High

[OVERVIEW OF INTERFACES]

Hello, I have a 4 NIC router running 20.7 OPNsense and I am trying, without luck, to create an IPv6 only network on one of the interfaces (OPT2) to connect my Xboxes so I can game on both at the same time. 

I have Comcast Xfinity and here is my IP arrangement (sorry I don't really know anything about IPv6 and the more I read the worse it's getting).

OVERVIEW OF INTERFACES

WAN INTERFACE
-IPv6 IP 2001:xxxx/128
-Delegated prefix of 2601:xxx/60
-Gateway fe80

OPT2
-IPv6 IP 2601:(matches del prefix)
-fe80 local link add

COMPUTER/XBOX
Computer pulls a 2601:: address
Xbox does NOTHING, will not pull an IPv6 address

INTERFACES SETUP

WAN
IPv6 Config Type = DCHPv6
DHCPv6 client config
prefix deleg size =60
no boxes checked

OPT2
IPv4 config - none
IPv6 config - TRACK INTERFACE
IPv6 Interface - WAN

DNS - google IPv6 servers upstream on WAN_DHCP6

Firewall rules - (I cannot get these figured out, I've tried so many)
PASS  IPv6  *   OPT2 net   *   *   *   *   *
PASS  IPv6  *   fe80::/10   *   *   *   *   *

It appeared to be blocking some local multicasting and originally had NO rules setup other than the "Allow access to DHCPv6 server auto gens"

NOTES:
I can ping off WAN & OPT2 to internet.  Computer / Xbox does NOTHING - it's DOA.

Sorry I don't know more technically about how to shape this scenario, but I have not found any info after hours and hours of reading & searching.  I assume there are probably multiple problems that I can't  figure out how to resolve or even make steps toward completing.

Thank you,
HiDef