Messages

1

24.1 Legacy Series / Port forward on WG fails after reboot

« on: February 11, 2024, 02:16:34 pm »

Hello,

Would love to get some help on the following:

Using OPNsense as a VPN box, it only has a WAN (uplink to local network) and a WireGuard interface for connectivity to the other site. This works fine and as expected.
However, due to subnet overlap the local site is configured with outbound NAT and a port forward to a local machine for backups. The outbound NAT seems to work fine too.
However, after each reboot, the 2 port forwards from the WireGuard network to the local network does not work. It just doesn't respond. Manually disabling 1 of these rules and enabling it again fixes the problem for both port forwards. It seems to me a re-apply is the fix.

How does this happen and how can I fix this? We rely on the port forward for data replication and should always automatically work after a reboot of OPNsense.

Any insight is appreciated, if more info is required feel free to request.
Thanks in advance.

2

23.7 Legacy Series / Re: Strange WebUI issue, jQuery HTTP2 Protocol error

« on: January 11, 2024, 11:32:55 am »

So, 5 days later and it suddenly works again.

I still have no clue what caused this to happen and fix, no changes have been made to the OPNsense and I am the only one with access. I don't like this situation at all as it's seemingly not deterministic and random.

Will keep an eye on if this happens again, in the meantime if anyone has any suggestion at all, I'm all ears!

3

23.7 Legacy Series / Strange WebUI issue, jQuery HTTP2 Protocol error

« on: January 07, 2024, 07:13:35 pm »

Hello,

Recently I tried login onto the WebUI on OPNsense 23.7.6 to adjust some VPN settings but after login in I get nothing more than the navigation pane showing up. I can click everything in the navigation pane but I get no content at all.

From the developer console I can see the following errors:
GET https://router.my.domain/ui/js/jquery-3.5.1.min.js net::ERR_HTTP2_PROTOCOL_ERROR
GET https://router.my.domain/ui/js/d3.min.js?v=99b262916edee21c net::ERR_HTTP2_PROTOCOL_ERROR
GET https://router.my.domain/ui/js/nv.d3.min.js?v=99b262916edee21c net::ERR_HTTP2_PROTOCOL_ERROR

I guess this blocks the content from being shown on page.
Browsing these manually will give the same error in the browser:

Code: [Select]

Hmmm… can't reach this page
It looks like the webpage at https://router.my.domain/ui/js/jquery-3.5.1.min.js might be having issues, or it may have moved permanently to a new web address.
ERR_HTTP2_PROTOCOL_ERROR

Logging into SSH I can find the files present in the www folder.

What's going on here? It just magically stopped working, no changes have been made since before the last time I logged on to check some VPN statistics and it still worked.

Any pointers would be much appreciated!

4

20.7 Legacy Series / Re: Updates not working / plugins list empty - ipv6 issues

« on: December 10, 2021, 09:51:40 pm »

I can see a list of auto-generated IPv6, however, the destinations only seem to be link-local addresses.
As soon as I disable the firewall rule I've added myself I lose IPv6 connectivity to all non link-local IPv6 addresses from OPNsense and lose updating+plugin capabilities.

5

20.7 Legacy Series / Re: Updates not working / plugins list empty - ipv6 issues

« on: December 10, 2021, 06:02:40 pm »

Hello,

I'm not sure why nobody replied to this thread with a solution. Even though this thread is over a year old, it came up as top result on Google when trying to find a solution for this problem.
I recently started with OPNsense to try it for WireGuard VPN and ran into the same updating problem and also not having a plugin list. Also seeing exactly the same with the enabling/disabling IPv6.

After doing a quick search and not finding anything, I figured to go troubleshoot myself as it must be something stupid I missed with IPv6 since disabling/enabling it temporarily fixes it.
One of the main drivers of IPv6 connectivity is ICMP and after taking a look at my firewall rules, guess what, there is no IPv6 ICMP rule by default.
Since ICMP is required for correct IPv6 connectivity, and it's being blocked, no chance it will work, hence no updates, no ping, no plugins.

Add the following rule to the Floating rule base to solve the problem (for OPNsense and all clients you may have connected on IPv6 in the future, for clients don't forget the internal interface too!):
PASS, Interface: WAN, Direction: ANY, TCP/IP: IPv6, Protocol: ICMP, Type: ANY, Source: ANY, Destination: ANY

That should do it, hope it helps for everyone being frustrated in the future (as more and more people get IPv6)