Messages

1

23.1 Legacy Series / Re: fw update check stuck or very slow (> 5 minutes)

« on: April 05, 2023, 04:20:08 am »

Same issue here, however I have noticed there is a rather massive downtime alert for Cloudflare noting increased latency.

That could be causing it?

2

High availability / Re: BGW320 ATT Modem PFSync question.

« on: January 29, 2023, 10:10:38 pm »

TheGreatBellend,

Do you need the modem?  Sounds like its normally a router that NATs and you are just bypassing its normal functionality by putting it into bridge mode.  Can you connect the ATT circuit directly to your own gear?  Or is the modem doing some conversion like coax to ethernet?

If you can remove the modem, and the circuit is larger than a /30 (255.255.255.252), you can just hook the circuit up to a switch (or even a vSwitch on the R740XD if both opnsense boxes are running inside it) and place the WAN interface of each opnsense box in the same vlan...and you are done.

If you can't, the only other thing I can think of (and I've never seen this functionality before...) is if the modem can assume two public IP addresses and bridge each IP address to a different opnsense MAC address.

Yeah the ISP requires the Modem. I want to use a VM on the R730XD as a backup in carp for the r210ii running opnsense dedicated.

Im trying to see if theres a way to do this without a L3 switch between the modem/router and the 2 devices

3

High availability / BGW320 ATT Modem PFSync question.

« on: January 29, 2023, 02:39:54 am »

I have an ATT Modem, specifically the BGW320.

To get an external IP address I need to set it to ip-passthrough with a fixed mac to the WAN port on my r210II that has opnsense on it.

I am working on getting a VM setup on my r740xd with 2 dedicated ports also running opnsense and setting up CARP on it.

Unfortunately this makes it so if I plug in the other device, I cant get passthrough so it cant get a wan ip address.

Has anyone done this before? Any ideas on how you got it to work?

4

22.1 Legacy Series / Re: Interesting issue

« on: May 02, 2022, 08:10:08 am »

found the issue. was zenarmor.

5

22.1 Legacy Series / Re: Interesting issue

« on: April 29, 2022, 11:56:11 pm »

The way I would go about it is to spend some more time trying to determine what it is that is preventing your wife's laptop from connecting. Also, what exactly do you mean by that? Is her laptop unable to obtain an internal IP address from OPNsense? And presumably you have a WiFi access point behind the OPNsense box that she is connecting to?

Her work is. Its something with their configuration. Literally every other device I have on the network works perfectly. I have 3 different webservers, and a bunch of other things with absolutely no issues.

And when she uses her phone to hotspot connect using the same wifi, that works fine as a relay.

I’m doing something similar for my guest wi-fi network. A separate dedicated wireless router in AP mode. It’s on its own VLAN and then firewall rules to only allow internet access.


Sent from my iPad using Tapatalk

I have a guest network with this setup and working fine as well, with a captive portal and everything. I just dont want to bandwidth limit her.

start with watching
UnIFi & pfsense Deployment, Setup and Planning with WiFi, VLAN & Guest Network ->  https://www.youtube.com/watch?v=LNAAfja_ZOY

This obviously is not the issue, as i noted, every other of my over 100 devices work fine.

A separate network can be made of course but part of the setup of it is most likely what is not working right now.
DNS, DHCP, etc.
In other words once you find what the problem actually is, you'll see that you need to set that up too on the separate network.
Or the other way around, if you setup that other network, you'll notice there what is not working now.
To setup a different network can depend on what hardware you have an its capabilities.
For instance if you have a VLAN capable switch, you can create a separate VLAN on your LAN OPN interface, configure the switch for it, setup dhcp & dns resolver for it and then firewall rules to isolate that's at high level it.

As stated in my first response, It is not a me problem. I just want to do this to basically just have it completely out of my hair.

6

22.1 Legacy Series / Interesting issue

« on: April 29, 2022, 05:28:09 am »

So my wife's work laptop absolutely CANNOT connect to the network, however every other device in the entire home works perfectly.

I want to create a work network for her with just all security turned off(i know this is a terrible idea, but she is demanding it), and for obvious reasons I don't want her to be able to access ANYTHING on the more secure part of the network...basically her own private little DMZ, where she can do absolutely whatever.

Unfortunately as I tend to follow best practices, and have never even conceived of doing such a thing...I actually have no idea how to do it..

I have nextdns going and unbound, as well as suricata and zenarmour.

I setup a vlan and her own wifi using unifi... however I have absolutely no idea where to go from here...Any assistance would be greatly appreciated...

7

General Discussion / Docker container cant connect to PIA VPN

« on: February 21, 2022, 06:47:42 pm »

So i run a set of docker containers on a home server, one of them I run through a VPN, i receive this error when trying to connect to it:

[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'

I have opened DNS to the docker container to rule that out, unblocked private networks to rule that out, I have gotten to the point where I almost want to just open it to the world and call it a day, but for obvious reasons am uncomfortable with that.

It worked just fine when I was on Unifi, so the only network difference is running OPNsense, which causes me to believe this is the issue...

Has anyone else had this issue, or have any ideas on fixing it?

8

22.1 Legacy Series / Re: DHCP not working for VLANS

« on: February 20, 2022, 04:59:25 am »

Taking the unifi AP controllers out of the equation i.e. assuming they don't attempt to give out dhcp addresses, the in OPN, on Services > DHCPv4 > {VLAN name} > At the top select "Enable DHCP server on the {VLAN name} interface". This is for ipv4 of course, and chose your options.
Then you need to have firewall rules to allow dhcp (udp 67 and 68). Creating the VLAN, I think with OPN default options it creates them automagically. Check they're there. If not, you can copy it from the LAN.

This fixed it.

The rules were not created automagically. I rebuilt all of them and then they did show up. That's an interesting bug.

Thank you for the help!

Have you tried rebooting after setting up the new VLANs ?

Recently had the case where I added a new VLAN.
Everything seemed (and turns out was) set up fine, but I couldn't get DHCP to work. Spent a few hours eliminating everything else and finally decided to reboot.

Et voila, everything worked as expected after the reboot.

I work in IT hahaha, the first thing i tried was a reboot. Sadly as stated above I believe it was a bug. Not sure how to replicate it, or I would report it =(

9

22.1 Legacy Series / DHCP not working for VLANS

« on: February 19, 2022, 10:08:48 pm »

So I watched ton's of youtube videos, everyone from random indian blokes to Lawerence Systems, and for the life of me I cannot get this working.

So here is my network config

LAN 1, 192.168.1.1/24
Servers 2, 192.168.2.1/24
Home Wifi 10, 192.168.10.1/24
IotWifi 20, 192.168.20.1/24
WifeWifi (no security per wife request) 30, 192.168.30.1/24
Guest Wifi 40, 192.168.40.1/24

I have 4 Unifi AP's and have a Unifi controller built on docker(running on Unraid on a host setup, so it has its own IP address), The Unifi config is correct with all wifi network connections being routed to their specific VLANs.

I set up firewall rules(for setup purposes) for all/any for inter-VLAN communication.

I configured interfaces and DHCP for each VLAN with static and their IP addresses above.

If I remove the VLAN's, they can get 192.168.1.x IP's but it seems as though the DHCP absolutely refuses to work on any of the VLAN's, I even made new gateway's on each VLAN to see if that would fix it, it did not. All I get is 169 IP's from the devices attempting to use a VLAN, which means it cant talk to the DHCP server.

Any advice would be greatly appreciated as I am trying to get rid of my Unifi UDM due to their utterly terrible Suricata implementation.