1
Virtual private networks / Re: trying to get Sonos running in my VLAN
« on: August 31, 2023, 05:11:40 pm »
also enable mdns repeater
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
23.7 Legacy Series / Re: WireGuard 2.0 connection down
« on: August 31, 2023, 05:10:22 pm »
I fixed the bug, by updating line 91
3
Development and Code Review / Wireguard Bug (develop stream)
« on: August 31, 2023, 05:09:18 pm »
BUG:
Unable to add route when disable routes is checked, however a gateway IP is provided in the config.
ERROR:
file in question:
Location in file: line 91
BAD CODE
FIX
Unable to add route when disable routes is checked, however a gateway IP is provided in the config.
ERROR:
Code: [Select]
2023-08-31T14:39:40 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'-4' '10.64.0.1' -iface 'wg4'' returned exit code '64', the output was 'route: bad keyword: -4 route: usage: route [-46dnqtv] command [[modifiers] args]'
file in question:
Code: [Select]
/usr/local/opnsense/scripts/Wireguard/wg-service-control.phpLocation in file: line 91
BAD CODE
Code: [Select]
mwexecf('/sbin/route -q -n add -%s %s -iface %s', [$ipprefix, $server->gateway, $server->interface]);
FIX
Code: [Select]
mwexecf('/sbin/route -q -n add %s %s -iface %s', [$ipprefix, $server->gateway, $server->interface]);
4
23.7 Legacy Series / Re: WireGuard 2.0 connection down
« on: August 31, 2023, 04:54:56 pm »
There seems to be a bug when adding a route in the latest opnsense code.
in /usr/local/opnsense/Wireguard/wg-service-control.php
line 87
[/code]
in /usr/local/opnsense/Wireguard/wg-service-control.php
line 87
Code: [Select]
} elseif (!empty((string)$server->gateway)) {
/* Only bind the gateway ip to the tunnel */
$ipprefix = strpos($tunneladdress, ":") === false ? "-4" : "-6 ";
mwexecf('/sbin/route -q -n add [b]-%s[/b] %s -iface %s', [$ipprefix, $server->gateway, $server->interface]);
}
the line mwexecf has a bug in it, causing the ip prefix to have an extra [b]-[/b] in it.
I fixed the bug by changing the line to:
[code]
mwexecf('/sbin/route -q -n add [b]%s[/b] %s -iface %s', [$ipprefix, $server->gateway, $server->interface]);
[/code]
5
Virtual private networks / Re: trying to get Sonos running in my VLAN
« on: September 07, 2022, 05:14:51 am »
UDP broadcast relay
host: 239.255.255.250
port: 1900
source address: 1.1.1.2
Firewall rule is applied on 20_devices net. This is the network containing the sonos speakers.
Action: Pass
Direction: In
Apply: Immediately
Protocol: UDP
From: 20_devices net
To: 20_devices address
Port: 1900
host: 239.255.255.250
port: 1900
source address: 1.1.1.2
Firewall rule is applied on 20_devices net. This is the network containing the sonos speakers.
Action: Pass
Direction: In
Apply: Immediately
Protocol: UDP
From: 20_devices net
To: 20_devices address
Port: 1900
6
22.1 Legacy Series / Re: NAT reflection woes...
« on: June 08, 2022, 12:50:33 am »
I had the same problem. Port forwarding rules were failing when I implemented them myself (anti-lockout rules).
This is what I changed to make them work (it's the firewall rules, not the port forward).
Create port forwarding rule (no redirect). (no tricks)
Create firewall rule, however add the following ->
1. Make the rule as you would.
2. Check allow options
3. Checkmark `SYN` in the `set` column
4. Checkmark `SYN` and `ACL` in the `out of` column.
5. Ensure `Keep State` is checked.
Without those additional elements
PROFIT. This took me ages to work out.
This is what I changed to make them work (it's the firewall rules, not the port forward).
Create port forwarding rule (no redirect). (no tricks)
Create firewall rule, however add the following ->
1. Make the rule as you would.
2. Check allow options
3. Checkmark `SYN` in the `set` column
4. Checkmark `SYN` and `ACL` in the `out of` column.
5. Ensure `Keep State` is checked.
Without those additional elements
PROFIT. This took me ages to work out.
Pages: [1]