Messages

1

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 04:36:32 pm »

Best regards from VPN I created new instance and removed the old one. I supposed the problem was in Interface settings. Anyway it works!
Thank you for help, lesson and patience!

2

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 02:39:03 pm »

Yes the istance is running, i tried with OPN Restart. with no success. Do I need the NAT Port Forwarding? How to create new instance, the service is the same - should I create new Interface right?

3

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 01:27:34 pm »

I'm not home at the moment therefore I can try only traceroute from mobile phone. Earlier, I tried both with LAN and LTE and also did not work.

PING: 192.168.20.1 works
Traceroute to 192.168.20.1 - NO response
Traceroute to 8.8.8.8 - only one HOP - 192.168.20.1

No blocks on FW

In about 1 hour I can try from Windows Maschine

I really appreciate your help

4

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 11:08:30 am »

I'm changed the rule source to "Wireguard net" and removed the IPv4 from Wireguard interface settings. To do this I have to deactivate also DHCP on this interface.

Results still the same:

Code: [Select]

wg1 2022-10-21T11:08:53 192.168.20.21:33888 192.168.20.1:53 udp Default deny / state violation rule
wg1 2022-10-21T11:08:53 192.168.20.21:64906 192.168.20.1:53 udp Default deny / state violation rule
wg1 2022-10-21T11:08:53 192.168.20.21:6700 192.168.20.1:53 udp Default deny / state violation rule
wg1 2022-10-21T11:08:42 192.168.20.21:12967 192.168.20.1:53 udp Default deny / state violation rule
wg1 2022-10-21T11:08:33 192.168.20.21:45439 192.168.20.1:53 udp Default deny / state violation rule
Update - I have to create the any rule in Interface - WireGuard (Group)  then FW and DNS is allowed. This interface has been created automatically with the installation of WG.

Ping to FW via VPN works
DNS to FW ist allowed
ping 8.8.8.8 and internet doesn't works

5

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 10:58:32 am »

MY interfaces and assigment attached

6

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 10:45:07 am »

I suggest to clean up the FW rules, maybe start with one rule "allow WG to any" as you are doing nothing else with those rules for the only two clients that can be connected to WG interface. If you need to block something, place those block rules before "allow any", everything first match.

I've created this rule and deactivated any else. Now I receive may DNS and ICMP blocks.

Another strange behavior - In firewall I can see many block, but if I set the filter fo Wireguard I can't see the blocks anymore. Maybe there is something with my Interface?

7

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 10:30:49 am »

really to say it is only HOMELAB infrastructure, for short test I can do everything:)

One Question- in the manual i read in this manual https://homenetworkguy.com/how-to/configure-wireguard-opnsense/ , that if I create an wg interface - I don't have to create NAT Port forwarding, iand I dont have to config IPc4 in interface settings. It is right?

8

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 08:13:54 am »

For Windows client use allowed IPs / erlaubte IPs ) = 0.0.0.0/1, 128.0.0.0/1 as Windows don´t like to change the default route 0.0.0.0/0

I tried  with 0.0.0.0/1, 128.0.0.0/1 Unfortunately it doesn't work, on SURFACE and SAMSUNG (Android) the same behavior.

9

Virtual private networks / Re: WireGuard no internet

« on: October 21, 2022, 08:13:01 am »

The firewall rules... is this WG interface? The rules looks pretty weird...
1. The "WG allow internet" rule is last match, causing that "reject private networks" will be hit before
2. "allow S21" and "allow surface" rule´s source is a host IP, but you´re using /24 instead of /32 (but should not be the problem)
3. there are two DNS rules. Why? 192.168.10.1 is "this firewall" / the sense´s LAN IP, correct? Use the sense´s WG IP instead (192.168.20.1 I guess)

This are the rules for my WG (Roadwarrior) interface for reference:

1. This is intentional - I followed the manual on: https://www.youtube.com/watch?v=kYFNa_zpeII . It is explained in about 14''. It works in my config also in another interfaces. It is wrong configuration or only another way to block traffic between interfaces and allow internet?
2. Thank you, I corrected the IP Settings.
3. I corrected the rules. I used 192.168.10.1 because I'm ping the firewall I can see that 192.168.10.1 is blocked. (Screenshot attached)

Unfortunately it doesn't work, on SURFACE and SAMSUNG the same behavior. The VPN Connection works, ping to LAN devices works, but there is no interent.

Rules screenshot attached

10

Virtual private networks / Re: WireGuard no internet

« on: October 20, 2022, 08:22:22 pm »

FW Rules:

11

Virtual private networks / Re: WireGuard no internet

« on: October 20, 2022, 08:21:58 pm »

and some screenshots more

12

Virtual private networks / Re: WireGuard no internet

« on: October 20, 2022, 08:20:14 pm »

Thank you for the help! Screenshots attached.

13

Virtual private networks / Re: WireGuard no internet

« on: October 20, 2022, 04:45:34 pm »

Is configured as interface. I think I got similar configuration as  in this manual. DNS is on firewall itself. Adguard

14

Virtual private networks / WireGuard no internet

« on: September 03, 2022, 03:21:04 pm »

Hello,

I have just set up VPN Wireguard and I can connect to my LAN, but then I lose connection to the internet, but I can ping fex. 8.8.8.8
As DNS Server i've got ADGuard installed on OPNsense
In FW LOG i can see something like that:

https://i.imgur.com/0xfytfk.png

15

22.1 Legacy Series / Re: The port is blocked even it is allowed by rule

« on: March 27, 2022, 02:22:46 pm »

I forgot to mention about it:  Block private networks on all interface settings is unchecked.