"
Thanks, I've seen a lot of guides. IMO, the plugin is not very intuitive to use, I prefer text configs and was wondering if I need to bother with the GUI at all to make it work.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
21.7 Legacy Series / Re: Wireguard-kmod and Interface/Routing questions
January 01, 2022, 04:46:34 PM #2
21.7 Legacy Series / Wireguard-kmod and Interface/Routing questions
January 01, 2022, 04:15:33 PM
Hi Everyone,
I've been trying to setup wireguard(-go/-kmod) and have a few questions about the way Opnsense deals with interfaces and routes.
If I install wireguard manually, do I need the gui plugin? This is going to be a site to site VPN so I am fine with configuring manually. Will wireguard work without the plugin?
Second, most tutorials online direct you to add a wireguard interface in the gui. When I install wireguard and bring up the interface (i.e. wg0) I see it exists by running ifconfig. What benefit does adding an 'interface' in the gui provide? Is it required?
Similar question for gateways and static routes. In opnsense land, whats the difference between a Gateway and a static route?
Can I add a static route using the route command without doing anything in the gui?
Thanks!
I've been trying to setup wireguard(-go/-kmod) and have a few questions about the way Opnsense deals with interfaces and routes.
If I install wireguard manually, do I need the gui plugin? This is going to be a site to site VPN so I am fine with configuring manually. Will wireguard work without the plugin?
Second, most tutorials online direct you to add a wireguard interface in the gui. When I install wireguard and bring up the interface (i.e. wg0) I see it exists by running ifconfig. What benefit does adding an 'interface' in the gui provide? Is it required?
Similar question for gateways and static routes. In opnsense land, whats the difference between a Gateway and a static route?
Can I add a static route using the route command without doing anything in the gui?
Code Select
route add -net etc..Thanks!
#3
21.7 Legacy Series / Re: Always hitting the Default deny rule.
January 01, 2022, 04:01:42 PM
Unfortunately I updated to the latest release and I can no longer ssh into opnsense.
#4
21.7 Legacy Series / Re: Always hitting the Default deny rule.
December 29, 2021, 07:16:58 PM
Sorry, yes I did also try TCP/UDP.
#5
21.7 Legacy Series / Re: Always hitting the Default deny rule.
December 29, 2021, 06:45:29 PM
Fixed it by disabling firewall rules on the same interface. I am not sure what the downside of this is, however.
#6
21.7 Legacy Series / Re: Always hitting the Default deny rule.
December 29, 2021, 06:41:35 PM
Yes, I tried setting the port to 80 or 'any' and the packets were still being dropped.
I wonder if its dropping due to some connection state issues.
I wonder if its dropping due to some connection state issues.
#7
21.7 Legacy Series / Always hitting the Default deny rule.
December 28, 2021, 10:50:45 PM
Hi Everyone, I'm hoping to figure out whats going on here.
I want to allow http traffic from one subnet 192.168.2.0/24 to another 192.168.10.0/24.
The OPNSense firewall is part of 192.168.10.0/24
The gateway to 192.168.2.0 is 192.168.10.5
I can ping host 192.168.10.10 from 192.168.2.15 successfully. There's a floating rule for ICMP that allows this.
When I clone/modify the ICMP floating rule to allow http, the firewall log shows the packets as dropped by the default deny rule (see attachment).
I've tried creating rules that match the info in the log, but it always gets denied. I cant understand what makes port 80 special in this case.
Any help would be appreciated.
I want to allow http traffic from one subnet 192.168.2.0/24 to another 192.168.10.0/24.
The OPNSense firewall is part of 192.168.10.0/24
The gateway to 192.168.2.0 is 192.168.10.5
I can ping host 192.168.10.10 from 192.168.2.15 successfully. There's a floating rule for ICMP that allows this.
When I clone/modify the ICMP floating rule to allow http, the firewall log shows the packets as dropped by the default deny rule (see attachment).
I've tried creating rules that match the info in the log, but it always gets denied. I cant understand what makes port 80 special in this case.
Any help would be appreciated.
Pages1
