Messages

Thanks to all who read my post.

This was my NFS error and had nothing to do with OPNsense.

In my /etc/export file, I forgot to include /24 at the end of my ip adresses allowed.

That is instead of xxx.xxx.xxx.x/24, I left the /24 off the address.

Thanks.

Bill Dika

Hi Cosmic:

Thanks for the reply. Sorry for the slow response.

I thought I had things set up as you suggested without any luck.

In any case, I am going back to a simple install and  step by step try again.

Thanks again.

Bill Dika

I have a very basic home OPNsense set up (so far just the default install).

I have --> ISP Modem --> Protectli(OPNsense) --> Netgear R7000 Access Point(Fresh Tomato) --> My Lan.

Everything seems to be working fine. I can access the internet on all my lan computers and they all seem to be able to access each other.

I have a usb disk attached to the R7000 which I am trying to access from my computers in the lan by NFS.

The FreshTomato OS on the R7000 has an NFS server on it. I have activated it. I have checked the exports file on the NFS server and it appears to be correct. When I go to mount an NFS share on a Lan computer, I get "access denied by server" error.

I am very new to OPNsense and firewalls. I am familiar with NFS servers and clients and had them working before I started using OPNsense. My problem is that I do not have enough knowledge of OPNsense to know if it is the cause of the "access denied" error (which I suspect) or whether I have messed up something in my NFS implementation (which I don't suspect). I have googled and tried various NFS solutions to the error without any success.

What modifications do I have to make to OPNsense UI to allow me to mount NFS shares on my network? Or should it be working with my current setup?

Any advice would be much appreciated.

Thanks.

Attached is my outbound-config.

Hi Greelan:

I tried port 51820 without any luck.

Attached are my local-config, my endpoint-config.

Because of size limitations, I will post the outbound-config in the next post.

Thanks in advance. If you need any further information, just let me know.

Hi Greelan:

I did what you suggested and rebooted but any time I enable wireguard, I lose connection to the internet and can only access the OPNsense interface locally on my web browser but nothing else online.

If I disable wireguard, I get access to the internet.

Could this be a problem with my Nighthawk R7000 in access mode?

Any help would be much appreciated.

Bill Dika

Hi Greelan:

Thanks for the reply.

did you disable and re-enable the Local config, as the guide you used instructs

I thought that I did that, but I will try again tonight.

a reboot of OPNsense should fix the issue

I thought that I did that too a number of times, but will retry tonight and post back.

I am new to OPNsense and firewall appliances.

I tried to set up Mullvad wireguard using https://notes.aliciasykes.com/18842/how-to-mullvad-vpn-using-wireguard-on-opnsense instructions.

I made the mistake of including Mullvad's DNS server in the local configuration and possibly breaking OPNsense's DNS according to this:

UPDATE #2 28 March 2021: This tutorial has been updated to remove reference to including the VPN provider's DNS servers in the Local configuration, as this can break DNS resolution on OPNsense itself. Also, if your network generally uses local DNS servers, you will likely experience DNS leaks unless you take further steps. Suggested solutions are proposed to be added to the official OPNsense documentation.

Is there a way I can restore OPNsense's DNS resolution.

I tried deleting Mullvad's DNS server address but still cannot access the internet through my browser. When I ssh into OPNsense appliance, I can access my lan computers and can ping www.google.com.

My setup is Modem --> Protectli (OPNsense) --> Netgear R7000 access point.

Any help would be much appreciated.

Bill Dika

EDIT: I got a working install of OPNsense and Mullvad using this link https://imgur.com/gallery/JBf2RF6 , Thanks to all that helped me below. Thanks to them, I realized it wasn't a DNS problem.