Messages

I am experiencing the same issue when WG client gets disconnected. Unable to reconnect until I restart the WG service on OPNSense. Happy to help troubleshoot if anyone has ideas for a fix.


Update 3/27/2024: I have ZenArmor running on my FW. I disabled it on the roadwarrior WG interface that I was experiencing WG reconnect issues and the issue seems to have gone away for now. I will update if anything changes.

Documenting for completeness in the event this helps someone else.

After changing the default gateway for my existing allow_all firewall rule on my guest vlan, DNS to unbound was not working, getting no response from the DNS server. In troubleshooting I discovered I needed to add a specific rule to allow DNS (TCP/UDP port 53) to the firewall itself. DNS resolution started working and traffic routed through the verizon default gateway as expected.

@pmhausen Thank you again for time and help!

The gateway in the interface settings is for the OPNsense system itself and outside of rather special situations it's like Highlander - there can be only one.

Settings for clients that pass traffic through OPNsense go into rules.

Roger, that makes sense. I got the rule created and the client did show the correct public ip address of my verizon ISP. Only issue I have now is that the OPNSense Unbound DNS is not responding after I changed the default gateway? If I manually change the DNS setting on the client to a public DNS provider, it works great. So I need to figure that out. But this great and working as I had hoped. Thank you so much for your help and providing me guidance!

Oh I see now, the default gateway is specific on the firewall rule not the interface, just noting here in case it helps someone else.

Ok that makes me feel better that it is possible. I read about PBR, but I think it is something I need to dig into more and experiment with. Thank you for confirming this.

On the interface for the vlan, i see an option to select a default gateway but the only option that appears is auto-detect. I guess I am missing what the gap is to allow to select a specific gateway? I must still be missing something there...?

I am newer to OPNSense so please bare with me if this is a very basic question/scenario. I have a single OPNSense device, two ISPs (Comcast and Verizon Cellular). I have multiple vlans (guest, IoT, Work, Personal, etc). I would like to have all IoT traffic used my Verizon WAN as a default Gateway and other vlans use Comcast WAN as their default Gateway. Is this possible?

I read about support for multi-wan, but it seems to be for fail-over (grouping gateways) not having two active default gateways? Apologies if I am mixing up some terminology here and appreciate any advice and assistance.