Messages

Thanks it worked.   I was wrong about IPv6.  My switch programming has me entering the 5 colon MAC address I believe as the client ID and the 2 period MAC Address as the hardware address.  OPNsense only needs the 5 colon MAC address in the hardware address with a blank client id.  (one should not be working on this at 3 AM, I guess).  I entered both as noted above.  If this can be passed to your development team it may help others.

PS I have updated to  OPNsense 25.1.6_4-amd64 and entering that data is still possible, if that helps with the problem

I converted from ISC DHCPv4 to DNSMASQ DHCPv4 successfully I believe then I tried to add some IPv6 entries.  It appears I messed up something and have disabled dnsmasq completely.  I know I need to fix whatever is in line 139 and other things like it using probably the WEB GUI.  However; it would be nice to see what is in line 139 of /usr/local/etc/dnsmasq.c so I can do something other than deleting all the IPv6 stuff I tried to add (learning nothing) to recover from the problem,  This is not my working router this is a test environment.

Thanks for any suggestions.  I have read through many forum entries indicating manual editing config files will not work and that is not an issue as far as I am concerned.  My desire is only to determine the contents of line 139 of /usr/local/etc/dnsmasq.c to know what to remove or change in the web gui.

Sorry I tried updating in the middle of the night so as not to affect others.  I failed to notice the first update only got me to 25.1 and NOT 25.1.2.  I just performed both updates and you are correct the problem was resolved.  The first time I tried to patch I only updated to 25.1 because I did not update a second time.  No patch was needed or attempted this time.

Thanks

Thanks for the attempt -- this patch did not seem to work in my case.   

Thanks to both of you that cleared the matter up completely.

I have seen the following "dnsmasq: migrate to MVC/API".  Does this affect the ability to use dnsmasq?  I will admit MVC/API has little real meaning to me.  Searches using "opnsense MVC/API" shed no light on the issue.  API is application programming interface, I believe.  But as far as MVC goes -- that is move character in IBM 360/370 assembler language; which I know is clearly not applicable in this case as well as giving away my age.  Could someone explain please what MVC/API is in this case and if it affects dnsmasq usage.  Thanks in advance.

I cannot say I tested the 25.1 upgrade completely because the Lobby Temperature sensor pannel indicated some potentially significant problems.  I have a feeling the sensor display was in error and I had probably had no hot running components.  It took about 4 hours to re-establish the 24.7.12-4 router.  Attached are two images of the temperature sensors.  The better looking one was from the restored 24.7.12.4 version the one with 100C readings was from 25.1.  The base machine that generated this output is an Qotom Q838GE.  I hope this helps.    I would like to know how to setup a ZFS rollback before attempting the 25.1 upgrade again.  Is someone provides additional information I could extract log files or other information to assist in debugging the problem.

My processor is an I3-8130U.

Update 3/7/2025  using a ZFS snspshot I attempted this update again.  The results were the same as before.  I attempted to follow the advice below for the patch. 

The patch indicated below was attempted.  It reported as successful and the restart appeared to have worked.

Code Select Expand

# opnsense-patch https://github.com/opnsense/core/commit/695772d2017
# service configd restart
  The results were the same as before.  I successfully restored the 24.7.12.4 using my ZFS snapshots.  I can provide additional information from the 25.1 snapshot that still exists.

Any Ideas?

Using the following instructions I have gotten wireguard working without a kill switch.

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

The instructions in step 11 indicate "There are a couple of ways to avoid this, one of which is outlined here".  My understanding which may be wrong is that the creation of the WAN rule may be too general for my case.  I have multiple vlans several (a subset) of which utilize the wireguard gateway for outbound traffic and others do not.  Changing the firewall rules for each the participating vlans that use the wireguard interface makes sense and I believe is appropriate as written (and I believe understand how to do that).  However the second WAN rule to be added (I probably only need one.) has me concerned I have a feeling that I somehow need to restrict it to only the traffic that was allowed on the wireguard gateway.  Since there is an outbound NAT for that gateway created in Step 9.  Do I need to include an address like the outbound wireguard IP in the WAN rule or do I need to include a list of the specific vlan networks that utilize the wireguard gateway and which address are they (probably the source IP address for the outbound side of the traffic) in the required WAN rule?

I created the interface using Step 4 of the above instructions says nothing about checking that box.  So I tried checking that box -- when I started step 6 the gateway was already created -- it appears that checkbox replaces step 6.

Update -- upon checking the gateway the far gateway was not checked nor was monitoring enabled.  When I tried to do that I learned why I could not create the gateway according to step 6.  Most addresses required the CIDR to be entered so my IP and monitor address I included the /32 as indicated by my provider.  When I took the /32 off the IP and monitor address the gateway could be both added without the dynamic gateway policy and with the dynamic gateway policy.

I am progressing without dynamic gateway checked -- unless I encounter a problem later then I will consider testing with that option too.

Thanks to all.  I have progressed through Step 10 of the above instructions.  I am successfully communicating on the wireguard VPN.   I have a question about setting up the kill switch but I believe that is another issue.  Thanks to all this issue is resolved.

To clairify the VPN provided only two keys a public one and a private one.  The provider did not include a PSK so I probably do not need that one.

Thanks for the help.   -- still hung up creating that gateway.

I have created gateways too -- between a VLan switch and my Router.  My problem is when the save button displays the spinner overlay and does not provide any message.  Without a message where does one go next?  Do you think the instructions I am following are the correct ones for this task?  I reviewed the process and except for not knowing about a PSK key on the peer screen I believe I have followed the instructions.  is the PSK key the private key from the VPN?  I get the impression that is a NO. Is the public key from the provider the same one used on the WG Peer screen?  DO i need to generate my own public key for the peer connection?  I get the impression that PSK is optional should I ever create my own wireguard server to connect my own routers.  I am not sure I have not made a mistake, but from the instructions I can not confirm that.

FastestVPN   -- see referenced message shows instructions I followed and explained the step where I am having a problem -- creating the gateway Step 6.  I enter the requested data and when I press save there is a short period of a spinning icon and the screen never closes to allow apply to be pressed.  I would like to say there is a message but I have not seen one.


wireguard status is up and it says I have apparently sent 125K of data and received around 34k.  So the router and wireguard appear to be talking.  I cannot setup a gateway so I cannot access the connection at this time.

Using the following instructions:

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

Things seemed to go well through Step 6.  However; in Step 2 in reviewing the instructions it says to press save and press save again.  The first save closed the Instance window and the button on the screen said Apply (I did press it) and not Save, I did not notice that at the time.  I have no wireguard log messages.  My interfaces widget shows the wireguard tunnel as green.  The Wireguard Status screen has two lines of text for wg0. When I try to add the gateway in Step 6 the data entry seems to be straight forward.  However; when I click on the Save button the spinner flashes quickly and I am back at the Save button.  The window does not close and there is no apply changes button to hit.  What should I try next?  Am I by chance using the wrong instructions?

Thanks

Sorry. I am fully updated on 24.7.1

My provider does not have a wireguard client plugin setup.  I found the following:

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

My provider will send me a config file (They have not yet installed on Opnsense).  I believe the contents of that file will be used to complete requirements in largely step 1 of the above process.  Before paying for the wireguard upgrade, am I on the correct path that this could possibly be successful.  I realize that the only real test is to try to configure the option.  I just am trying to assure I am starting with a reasonable set of instructions.

Thanks

Update I have moved onto testing this.  I have encountered an issue reported here:

https://forum.opnsense.org/index.php?topic=42269.msg208586#msg208586

Thanks -- sorry.