Messages

I have been using OpnSense for at least 4 years without any issues. Now, suddenly anytime my ISP service goes down and comes back up, OpnSense fails to recover. Only complete reinstall of OpnSense fixes things. I have two routers running OpnSense and they both exhibit the same behavior. The following things do not help.

1) Rebooting router (neither "reboot" nor shutdown/start)
2) Resetting to factory settings and reloading configuration

I realise I may need to provide some more information about the configuration, but is there anything that could typically cause such behavior? I have multiple OpenWrt routers (I have 5 public IPs in total) and they never have any issues with regards to recovery.

Thanks for any ideas in advance

Thanks Patrick. So simply running a VPN does not expose you to the vulnerability? If there is any risk, do you know if there's a performance penalty to turning on the mitigation? If not, do you do know how to turn it on?

I just updated my CPU's micro code (Celeron 3855U) and I ran the spectre & meltdown checker afterwards. I get a warning about a vulnerability to CVE-2018-3639 as shown in the attached image. Does anyone know why the mitigation isn't turned on? Cheers

Solved, I was using the same address for every peer :D It's remarkable that two still worked. Now I have

10.10.10.2/32

10.10.10.3/32

...

Hi,

I've got a nut to crack. I successfully set up Wireguard on Opnsense and the first two clients/peers (Windows 10 and 11) can connect to the network without any problems.  However, I have since tried to add a third Windows 10 peer, an Android peer and a Gl.inet/OpenWrt peer. All show the same behaviour. Connection is successful, a small number of packets are sent and received, but I can't connect to anything on the network (local or not).  What have I screwed up? A general template of the set-up below (I followed the official docs). 192.168.0.1 is the router.

[Interface]
PrivateKey = <Private2 - from wireguard.keys>
Address = 10.10.10.2/32
DNS = 192.168.0.1
[Peer]
PublicKey = <Public1 - from wireguard.keys>
PresharedKey = <Secret - from wireguard.keys>
AllowedIPs = 0.0.0.0/0
Endpoint = <OPNSense public IP>:51820

 8) That's great news. I must have been just paranoid about the traffic I saw. Many thanks!

This is the routing table from opnsense, not from the K8s nodes

Thank you. By "there shouldn't be anything" do you mean there shouldn't be any security vulnerabilities associated with BGP? Many thanks

Sorry, routing table attached

I just successfully set up BGP routing with FRR to help with load balancing my K8s cluster (with Metallb). I followed instructions from https://blog.xirion.net/posts/metallb-opnsense/. I want the services in my k8s cluster to be advertised only to the local network. However, after setting up BGP I started seeing crazy amounts of suspicious traffic to the internet in Suricata on one of my K8s nodes. What did I screw up? Screenshots attached. Any tips would be much appreciated!