1
24.7 Production Series / Re: os-wireguard (missing); but working?!
« on: August 27, 2024, 09:56:09 pm »
thank you both for taking the time to respond 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
24.7 Production Series / os-wireguard (missing); but working?!
« on: August 27, 2024, 09:23:17 pm »
My wireguard plugin shows up as missing (in red).
When I click the + to install I get this 'warning': "Third party software
This software package is provided by an external vendor, for more information contact the author?"
When ignoring that warning and clicking install it doesn't appear to have anything to install:
Strang thing is though.. wireguard seems to be working. My client is able to connect and pass traffic.
So how do I get my system to show up correctly? Rebooting did not help unfortunately.
Code: [Select]
Name
Version Size Tier Repository Comment
os-wireguard (missing) N/A N/A N/A N/A N/AWhen I click the + to install I get this 'warning': "Third party software
This software package is provided by an external vendor, for more information contact the author?"
When ignoring that warning and clicking install it doesn't appear to have anything to install:
Code: [Select]
***GOT REQUEST TO INSTALL***
Currently running OPNsense 24.7.2 at Tue Aug 27 21:19:10 CEST 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'os-wireguard' have been found in the repositories
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***Strang thing is though.. wireguard seems to be working. My client is able to connect and pass traffic.
So how do I get my system to show up correctly? Rebooting did not help unfortunately.
3
24.7 Production Series / Re: New Dashboard
« on: July 29, 2024, 11:27:20 am »
After tinkering around with the new dashboard, I run into the following 'issues'.
1) can't seen to enlarge (vertically) the interfaces to show them all at once. Needing to scroll to see them is less than ideal.
2) both announcements and services tile will not remember their vertical size.
1) can't seen to enlarge (vertically) the interfaces to show them all at once. Needing to scroll to see them is less than ideal.
2) both announcements and services tile will not remember their vertical size.
4
24.1 Legacy Series / Re: Automatically generated rules - allow any to any?
« on: March 28, 2024, 10:39:17 am »Sorry if IU am being a bit dense here somewhere, but I'd love to actually understand this now.
Anyone understand this and willing to explain? Pretty please?
5
24.1 Legacy Series / Re: Automatically generated rules - allow any to any?
« on: March 25, 2024, 07:10:57 pm »Nope. The "allow all out" rule is for traffic that did never come in anywhere. Like outbound DNS requests or NTP requests originating on the firewall itself. Download of updates. ICMP echo requests from gateway monitoring. These.
Hence the description: "let out anything from firewall host itself"
Mmm, then why do I see client<>server DNS traffic hitting this rule/label?
For example my client requesting DNS resolving from the server (not the FW).
In FIREWALL: LOG FILES: LIVE VIEW this shows up twice even though the FW should just pass the traffic:
client_vlan OUT 2024-03-25T19:04:53 <client IP>:64696 <server IP>:53 udp let out anything from firewall host itself
server_vlan IN 2024-03-25T19:04:53 <client IP>:64696 <server IP>:53 udp My DNS rule
Sorry if IU am being a bit dense here somewhere, but I'd love to actually understand this now.
6
24.1 Legacy Series / Re: Automatically generated rules - allow any to any?
« on: March 25, 2024, 05:56:07 pm »What exactly is concerning you about those rules? I believe it's required for NAT functionality. Also, did you happen to notice the rule direction?
No, I did not notice the direction.
Direction is OUT, whereas 'normal' rules are IN. Much appreciate to point this out.
So basically my FW rules block/allow INcoming traffic and once allowed the FW needs a rule to let this traffic back OUTgoing to the destination VLAN?
Or do I still misunderstand this rule?
7
General Discussion / Re: UDP Broadcast Relay
« on: March 25, 2024, 05:24:06 pm »
Any ideas to debug this?
2024-03-25T17:21:11 Notice root /usr/local/etc/rc.d/os-udpbroadcastrelay: WARNING: failed to start osudpbroadcastrelay
2024-03-25T17:21:11 Notice root /usr/local/etc/rc.d/os-udpbroadcastrelay: WARNING: failed to start osudpbroadcastrelay
2024-03-25T17:21:11 Notice root /usr/local/etc/rc.d/os-udpbroadcastrelay: WARNING: failed to start osudpbroadcastrelay
2024-03-25T17:21:11 Notice root /usr/local/etc/rc.d/os-udpbroadcastrelay: WARNING: failed to start osudpbroadcastrelay
8
24.1 Legacy Series / Automatically generated rules - allow any to any?
« on: March 25, 2024, 04:54:47 pm »
For every VLAN, including WAN, my FW has automatically created the following rule (hidden under "Automatically generated rules" pulldown menu.
I would understand if the source would be VLAN_address, but not an allow any to any.
Since it is autogenerated, I can not simply delete or adapt this rule either.
Hopfully I am misinterpreting this rule? If not, where does it come from and how do I get rid of it?
Code: [Select]
Protocol Source Port Destination Port Gateway # Schedule Description
IPv4+6* * * * * * * * let out anything from firewall host itself
I would understand if the source would be VLAN_address, but not an allow any to any.
Since it is autogenerated, I can not simply delete or adapt this rule either.
Hopfully I am misinterpreting this rule? If not, where does it come from and how do I get rid of it?
9
23.7 Legacy Series / Re: Wireguard selective routing to external VPN stopped working
« on: December 21, 2023, 06:36:37 pm »
Check https://homenetworkguy.com/how-to/configure-wireguard-opnsense/ for a (working) way to set this up without interface IP addresses. (The IP address is taken directly from the wireguard portion of the setup)
If going from the os-wireguard-go to the os-wireguard plugin (like me), the config of the first is still there after uninstalling the first and installer the latter.
If going from the os-wireguard-go to the os-wireguard plugin (like me), the config of the first is still there after uninstalling the first and installer the latter.
10
22.7 Legacy Series / Re: Rename interface
« on: December 08, 2022, 07:46:18 pm »
I do, hence I want them to match. I actually only noticed from the default lockout rules where they shouldn't have been.
'Swapping cables' or simply re-assigning interfaces will mess up my rules etc no doubt.
Guess I'll be trying my backup restore idea or will be doing the config from scratch to get this fixed.
'Swapping cables' or simply re-assigning interfaces will mess up my rules etc no doubt.
Guess I'll be trying my backup restore idea or will be doing the config from scratch to get this fixed.
11
22.7 Legacy Series / Rename interface
« on: December 08, 2022, 04:50:18 am »
So I understand we can name interfaces and the likes, but for reasons unknown I have the following interfaces:
My_actual_LAN (opt2, vtnet3)
NOT_my_actual_LAN (lan, vtnet1)
So yes, I have already changed the 'lan' into something to my liking (i.e. NOT_my_actual_LAN) but I'd like these to match regardless.
So far, my idea is to go into a backup and change any 'opt2' into 'lan' and vice versa and then restoring that new config.
So first question: will this do what I think it does and not mess anything up if I do it correctly?
And secondly, is there an easier fix to make the system understand that vtnet3 is the actual LAN interface instead of vtnet1? Because the backup looks pretty daunting.
My_actual_LAN (opt2, vtnet3)
NOT_my_actual_LAN (lan, vtnet1)
So yes, I have already changed the 'lan' into something to my liking (i.e. NOT_my_actual_LAN) but I'd like these to match regardless.
So far, my idea is to go into a backup and change any 'opt2' into 'lan' and vice versa and then restoring that new config.
So first question: will this do what I think it does and not mess anything up if I do it correctly?
And secondly, is there an easier fix to make the system understand that vtnet3 is the actual LAN interface instead of vtnet1? Because the backup looks pretty daunting.
Code: [Select]
Line 272: <interfaces>opt2,lan</interfaces>
Line 412: <opt2>
Line 422: </opt2>
Line 484: <opt2>
Line 517: </opt2>
Line 585: <network>opt2</network>
Line 1243: <network>opt2</network>
Line 1669: <interface>opt2</interface>
Line 1677: <network>opt2</network>
Line 1696: <interface>opt2</interface>
Line 1704: <network>opt2</network>
Line 1723: <interface>opt2</interface>
Line 1730: <network>opt2</network>
Line 1748: <interface>opt2</interface>
Line 1755: <network>opt2</network>
Line 1774: <interface>opt2</interface>
Line 1781: <network>opt2</network>
Line 1800: <interface>opt2</interface>
Line 1808: <network>opt2</network>
Line 1827: <interface>opt2</interface>
Line 1835: <network>opt2</network>
Line 1854: <interface>opt2</interface>
Line 1862: <network>opt2</network>
Line 1881: <interface>opt2</interface>
Line 1889: <network>opt2</network>
Line 1908: <interface>opt2</interface>
Line 1916: <network>opt2</network>
Line 1935: <interface>opt2</interface>
Line 1944: <network>opt2</network>
Line 1963: <interface>opt2</interface>
Line 1969: <network>opt2</network>
Line 1988: <interface>opt2</interface>
Line 1995: <network>opt2</network>
Line 2014: <interface>opt2</interface>
Line 2040: <interface>opt2</interface>
Line 2066: <interface>opt2</interface>
Line 2092: <interface>opt2</interface>
Line 2119: <interface>opt2</interface>
Line 2125: <network>opt2</network>
Line 2618: <interface>opt3,opt2,opt1,lan</interface>
Line 2626: <interfaceslistfilter>opt3,opt2,opt1,lan,wan</interfaceslistfilter>
Line 2628: <traffic_graphs_interfaces>opt2,opt1,lan,wan</traffic_graphs_interfaces>
Line 3587: <opt2>
Line 3612: </opt2>
Line 3707: <iface_array>opt2</iface_array>
12
Virtual private networks / Re: OpenVPN oddities?
« on: November 07, 2022, 11:15:36 pm »
Thank you for the reply and clarification why nobody responded
All I did was configure the CA certificate of the VPN provider (protonVPN) and then configured an OpenVPN client as explained at https://protonvpn.com/support/pfsense-2-5-x-vpn-setup/ up to step 4. Seemed to be pretty standard stuff.
in short:
step 1: add ProtonVPN rootCA
step 2: configure OpenVPN client
step 3: assigned ovpnc1 network port to interface ProtonVPN (opt5)
step 4: noticed that I had 2 FW rule interfaces and that my clients internet traffic was cut of.
and here we are .. hoping this bit info can help explain my VPN oddities?
All I did was configure the CA certificate of the VPN provider (protonVPN) and then configured an OpenVPN client as explained at https://protonvpn.com/support/pfsense-2-5-x-vpn-setup/ up to step 4. Seemed to be pretty standard stuff.
in short:
step 1: add ProtonVPN rootCA
step 2: configure OpenVPN client
step 3: assigned ovpnc1 network port to interface ProtonVPN (opt5)
step 4: noticed that I had 2 FW rule interfaces and that my clients internet traffic was cut of.
and here we are .. hoping this bit info can help explain my VPN oddities?
13
Virtual private networks / Re: OpenVPN oddities?
« on: November 07, 2022, 03:35:58 pm »
Nobody to comment if I am being an idiot or if this is expected behavior, where it is coming from?
14
Virtual private networks / OpenVPN oddities?
« on: November 05, 2022, 05:10:17 pm »
I am halfway through setting up a ProtonVPN connection (using OpenVPN) to route a specific VLAN through this VPN.
So far I have configured the ProtonVPN/OpenVPN and am able to connect.
What I don't understand is:
1) if this VPN is connected, my other traffic fails/gets interrupted before I even configured any rules to use this VPN. To post this message I had to disconnect the VPN.
Looking at gateways, 2 OpenVPN gateways (IPv4 en IPv6) have been created automatically, but both have preference 255 while my normal WAN has 254 which should have preference, right?
2) With this VPN active I get 2 Firewall: Rules: OpenVPN options. Adding rules to one does not influence the other so they are not the same. It seems the system has automatically created one of these 'interfaces'? Giving my interface another description changing one of these.
Even after disabling my OpenVPN interface 1 Firewall: Rules: OpenVPN remains.
Where is the other -default one(?)- coming from? I only have a single OpenVPN interface (opt5, ovpnc1).
So far I have configured the ProtonVPN/OpenVPN and am able to connect.
What I don't understand is:
1) if this VPN is connected, my other traffic fails/gets interrupted before I even configured any rules to use this VPN. To post this message I had to disconnect the VPN.
Looking at gateways, 2 OpenVPN gateways (IPv4 en IPv6) have been created automatically, but both have preference 255 while my normal WAN has 254 which should have preference, right?
2) With this VPN active I get 2 Firewall: Rules: OpenVPN options. Adding rules to one does not influence the other so they are not the same. It seems the system has automatically created one of these 'interfaces'? Giving my interface another description changing one of these.
Even after disabling my OpenVPN interface 1 Firewall: Rules: OpenVPN remains.
Where is the other -default one(?)- coming from? I only have a single OpenVPN interface (opt5, ovpnc1).
15
22.1 Legacy Series / Re: Intrusion Detection service stops
« on: March 04, 2022, 01:40:39 pm »
anyone?
Pages: [1] 2