"
Hi Martin, change mirror in "Settings"
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Re: Unbound returns IPs of all interfaces OPNsense
August 03, 2024, 08:02:03 PMQuote from: myradon on April 18, 2020, 06:49:02 PM
@stefanpf Thanks a lot! It works great :)
Maybe for someone else comes in handy; Add to field "Custom options";Code Select
#Access control for remote IP Range
access-control-view: 192.168.130.128/25 bridgelan
access-control-view: 192.168.131.128/29 wirelessguest
access-control-view: 192.168.132.1/24 bridgeiot
access-control-view: 192.168.133.128/29 dmz
#View to return for external range only defined ip for firewall, assumed 192.168.100.254 is the IP of opnsense
view:
name: "bridgelan"
local-zone: "myradon.net" transparent
local-data: "opnsense.myradon.net A 192.168.130.129"
local-data: "opnsense A 192.168.130.129"
#view-first Unbound will try to use the view's local-zone tree, and if there is no match it will search the global tree.
view-first: yes
view:
name: "wirelessguest"
local-zone: "myradon.net" transparent
local-data: "opnsense.myradon.net A 192.168.131.129"
local-data: "opnsense A 192.168.131.129"
#view-first Unbound will try to use the view's local-zone tree, and if there is no match it will search the global tree.
view-first: yes
view:
name: "bridgeiot"
local-zone: "myradon.net" transparent
local-data: "opnsense.myradon.net A 192.168.132.1"
local-data: "opnsense A 192.168.132.1"
#view-first Unbound will try to use the view's local-zone tree, and if there is no match it will search the global tree.
view-first: yes
view:
name: "dmz"
local-zone: "myradon.net" transparent
local-data: "opnsense.myradon.net A 192.168.133.129"
local-data: "opnsense A 192.168.133.129"
#view-first Unbound will try to use the view's local-zone tree, and if there is no match it will search the global tree.
view-first: yes
Hey, have you found a better option? I was thinking of adding an override to have just 1 IP
#3
21.7 Legacy Series / Re: Wireguard service not starting at boot
March 20, 2022, 06:15:24 PMQuote from: mimugmail on March 18, 2022, 08:26:35 PM
So you dont have to use fqdn if resolver cant start to work
I guess so, if there's no solution...
#4
21.7 Legacy Series / Re: Wireguard service not starting at boot
March 18, 2022, 06:15:08 PMQuote from: mimugmail on March 03, 2022, 07:37:13 PM
Can you have a look at the console during startup?
This is what I've found (see attached pic).
#5
21.7 Legacy Series / Re: Wireguard service not starting at boot
February 03, 2022, 05:27:25 PM
bump
my idea is that the wireguard service should be started later during the boot
in the meantime I scheduled a cronjob to start the service every 30 minutes :-\
my idea is that the wireguard service should be started later during the boot
in the meantime I scheduled a cronjob to start the service every 30 minutes :-\
#6
21.7 Legacy Series / Wireguard service not starting at boot
January 30, 2022, 04:45:12 PM
I have Wireguard installed on my OPNsense, it's working fine, but the service is not starting up automatically at boot.
Looking at the logs I've found this:
And on dmesg, the following
os-wireguard: version 1.10
opnsense version: 21.7.8
When I start it manually, it works.
Looking at the logs I've found this:
Code Select
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: plugins_configure openvpn_prepare (,wg0)
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: plugins_configure openvpn_prepare (execute task : openvpn_prepare(,wg0))
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' inet '10.6.0.4'/'24'' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' inet6 -accept_rtadv' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' -staticarp' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'And on dmesg, the following
Code Select
tun0: link state changed to UP
tun0: changing name to 'wg0'
wg0: link state changed to DOWN
WARNING: attempt to domain_add(netgraph) after domainfinalize()
tun0: link state changed to UP
tun0: changing name to 'wg0'
arp: 192.168.1.99 moved from 5c:3a:45:b0:b0:1f to 54:a0:50:58:62:24 on vtnet0
arp: 192.168.1.99 moved from 54:a0:50:58:62:24 to 5c:3a:45:b0:b0:1f on vtnet0
arp: 192.168.1.99 moved from 5c:3a:45:b0:b0:1f to 54:a0:50:58:62:24 on vtnet0
arp: 192.168.1.99 moved from 54:a0:50:58:62:24 to 5c:3a:45:b0:b0:1f on vtnet0
pid 87946 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 7483 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 55579 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 5568 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 39078 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
[HBSD SEGVGUARD] [syslog-ng (39078)] Suspending execution for 600 seconds after 5 crashes.
-> pid: 39078 ppid: 52292 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
[HBSD SEGVGUARD] [syslog-ng (52292)] Preventing execution due to repeated segfaults.
-> pid: 52292 ppid: 1 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
wg0: link state changed to DOWN
Waiting (max 60 seconds) for system process `vnlru' to stop... done
Waiting (max 60 seconds) for system process `syncer' to stop... fsync: giving up on dirty (error = 35) 0xfffff80003b21000: tag devfs, type VCHR
usecount 1, writecount 0, refcount 130 rdev 0xfffff80003c5c200
flags (VI_ACTIVE)
v_object 0xfffff80003a8c800 ref 0 pages 4066 cleanbuf 127 dirtybuf 1
lock type devfs: EXCL by thread 0xfffff80003abe5e0 (pid 95591, syncer, tid 100126)
dev gpt/rootfs
os-wireguard: version 1.10
opnsense version: 21.7.8
When I start it manually, it works.
Pages1
