Messages

I added a new WG interface to the existing one.

WG1 is the new WG interface. I've done everything exactly as I did for my original interface, WG0.

In gateway monitoring, WG0 works correctly, 0% loss. However, WG1, posts 100% loss no matter what monitoring IP I use.

Both WG interfaces are up and have successful handshakes. I know for a fact there should not be a 100% loss on WG1 but it is showing 100% loss.

Anyone has any ideas why this is happening?

Only thing that sucks is on AdGuard the queries only show 127.0.0.1, ::1, and the Fe80 IPv6 addresses. Instead of the actual client name (hostname). Is there a way around this? Some setting within OPNsense?

You set the IP for Adguard DNS in your DHCP DNS settings.

Rollback to an earlier version.

Run in shell;
opnsense-revert -r 21.7.5 suricata

It has not been fixed in 21.7.7 for me.

Also I have only enabled suricata on my WAN interface which has no virtual interfaces, so I don't understand why I am impacted.  For now disabling suricata has solved the issue.

Did you try rolling back the suricata version to the one before 21.7.6? It works wonderfully for me after a rollback.

The issue is most likely Suricata. Disable intrusion detection. See if that helps.

Create a firewall ALIAS. Put those IPs for WAN2 in the ALIAS and use a firewall rule to forward that ALIAS to WAN2.

Check your MTU and adjust it.

You can set per device settings. Per device restrictions, etc.

Also adguard home beta now has optimistic caching. Which works fantastic. My DNS requests average 2ms now.

Hi,

We checked the order and manually approved it. You should be getting a token via mail within the next hour.


Cheers,
Franco

Hi Franco,

Unfortunately, I still haven't received an email with the token. I've also checked my spam folders.

Cheers!

Thanks! :D

Hi!
I have the same error. About one time a day the network communication stops working. Then i have to restart the suricata service and then it works again. i found nothing in the logs which could explain this problem. The machine is a Xeon e5-2620 with 32 GB Ram and 600 GB HDD, so there should be no problems. I use dual-WAN and IPS on WAN side and Sensei on LAN-side. So maybe it is a problem in the last release?
Greetings
Rudolf

I have the same problem but no errors in the logs. Can't even SSH in and GUI unresponsive. Needs a reboot for everything to come back up.

Disabled suricata IPS and it's ok in IDS mode. Only enabling IPS mode causes this issue.

I tried to order ETPRO telemetry edition from the shop but was declined with the following;

Your order has been declined due to inconsistencies in your application, within a couple of days we will manually inspect the order to see if the automated checks were correct.

I wonder what went wrong. Anyone else encountered this error?

Managed to figure it out.

Used 'Network Group Aliases' to put the whole network as forwarded to WG and another list for exclusions.

Hi all,

I followed, https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html and got my OpnSense to connect to AirVPN and all is working well.

ProTIP for those new to this: Adjust the MSS to 1300 or you will get slow speeds and dropouts.

Anyway, I want to do the opposite of selective routing. I want all LAN devices to default to being routed over Wireguard and have a list of IPs in an Alias that must have traffic go directly to WAN.

I tried selecting "Source / Invert" on the Alias but it isn't working as I expected. Anyone care to provide any hints?

Thanks.