Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jfenech

Pages: [1] 2

24.7 Production Series / Re: Possible WG Widget bug

« on: August 26, 2024, 08:14:25 pm »

That should be unique yeah. Or else just use the ${index} which just increments on every iteration.

Thanks again for all the replies and time on this.

24.7 Production Series / Re: Possible WG Widget bug

« on: August 25, 2024, 09:08:00 am »

Screenshot of the working widget

24.7 Production Series / Re: Possible WG Widget bug

« on: August 25, 2024, 08:55:25 am »

To put this to bed once and for all, in my specific case the problem was that I have two tunnels with the exact same public key so when this gets executed

Code: [Select]

super.updateTable('wgTunnelTable', [[header, row]], tunnel.publicKey);
The second instance, overwrites the first instance coz they have the same index (tunnel.publicKey).

My workaround I added an index to the forEach loop and the following :

Code: [Select]

let modifiedPublicKey = `${tunnel.publicKey}-${index}`;

    // Update the HTML table with the sorted rows
    super.updateTable('wgTunnelTable', [[header, row]], modifiedPublicKey);[/font]

So the full function would look like :

Code: [Select]

 tunnels.forEach((tunnel, index) => { // 'index' gives you the current position in the loop
    let header = `
        <div style="display: flex; justify-content: space-between; align-items: center;">
            <div style="display: flex; align-items: center;">
                <i class="fa ${tunnel.statusIcon} wireguard-interface" style="cursor: pointer;"
                    data-toggle="tooltip" title="${tunnel.connected ? this.translations.online : this.translations.offline}">
                </i>
                &nbsp;
                <span><b>${tunnel.ifname}</b></span>
            </div>
        </div>`;
    let row = `
        <div>
            <span><a href="/ui/wireguard/general#peers">${tunnel.name}</a> | ${tunnel.allowed_ips}</span>
        </div>
        <div>
            ${tunnel.latest_handshake_fmt
                ? `<span>${tunnel.latest_handshake_fmt}</span>
                   <div style="padding-bottom: 10px;">
                       <i class="fa fa-arrow-down" style="font-size: 13px;"></i>
                       ${tunnel.rx}
                       |
                       <i class="fa fa-arrow-up" style="font-size: 13px;"></i>
                       ${tunnel.tx}
                   </div>`
                : `<span>${this.translations.disconnected}</span>`}
        </div>`;

    // Add '-0', '-1', etc. to the public key using the index
    let modifiedPublicKey = `${tunnel.publicKey}-${index}`;

    // Update the HTML table with the sorted rows
    super.updateTable('wgTunnelTable', [[header, row]], modifiedPublicKey);
});

To further confirm, I have also restored my original configuration with the first interface called WG0, and the widget still works.

Will add this info to the ticket too

Thank you all for your help

J

24.7 Production Series / Re: Possible WG Widget bug

« on: August 24, 2024, 11:42:13 pm »

For the sake of completeness, I have changed WG0 to WG1, WG1 to WG2, and WG2 to WG3, by manipulating the config.xml as suggested above and rebooting. I also had to update the interface assignments from the UI after.

The name change was successful, all connections are up and routing traffic however the widget still shows 2 entries only.

I have deleted the widget and re-created it to no avail

Github ticket @doktonotor is nearly complete, with all the info. I do understand the concept btw. It was just that I did not want to open a ticket just in case, I had some remote case with a wrongly named interface for whatever reason which would not merit an investigation at all.

I will be linking the screenshots in this post in the ticket too.

Thank you all for your replies.

(https://github.com/opnsense/core/issues/7812)

24.7 Production Series / Re: Possible WG Widget bug

« on: August 24, 2024, 10:21:15 pm »

Hi Franco,

Was just gonna post that the header / row seem to be Generated correctly (console.log (header)) just before super.updateTable('wgTunnelTable', [[header, row]], tunnel.publicKey);

returns this :

<div style="display: flex; justify-content: space-between; align-items: center;">
<div style="display: flex; align-items: center;">
<i class="fa fa-exchange text-success wireguard-interface" style="cursor: pointer;"
data-toggle="tooltip" title="Online">
</i>
 
<span><b>wg0 (NordVPN_Instance_XX_1) </b></span>
</div>
</div>
<div style="display: flex; justify-content: space-between; align-items: center;">
<div style="display: flex; align-items: center;">
<i class="fa fa-exchange text-success wireguard-interface" style="cursor: pointer;"
data-toggle="tooltip" title="Online">
</i>
 
<span><b>wg1 (NordVPN_Instance_XX_2) </b></span>
</div>
</div>

<div style="display: flex; justify-content: space-between; align-items: center;">
<div style="display: flex; align-items: center;">
<i class="fa fa-exchange text-success wireguard-interface" style="cursor: pointer;"
data-toggle="tooltip" title="Online">
</i>
 
<span><b>wg2 (NordVPN_Instance_XX_3) </b></span>
</div>
</div>
}

So it seems to be related to the framework.

If WG0 is not permitted, should I just change my config, or do you still want to open a ticket to fix ?

24.7 Production Series / Possible WG Widget bug

« on: August 24, 2024, 09:44:20 pm »

Hi,

Just upgraded to OPNsense 24.7.2-amd64. Love the new controls on the widgets.

It seems though that the WireGuard widget is not showing WG0 in the status, see screenshot below.

It states correctly there are 3 tunnels (which are WG0, WG1, WG2) but is only showing status for WG1 and WG2

24.7 Production Series / Re: WureGuard issue after upgrade

« on: August 14, 2024, 07:17:52 pm »

Hi Check if you have

Firewall -> NAT -> Outbound.

Interface = The WG Interface

Translation / Target = Interface Address

(I had a similar issue here -> https://forum.opnsense.org/index.php?topic=42147.0)

24.7 Production Series / Re: Multiple Wireguard connections to Nordvpn

« on: August 12, 2024, 07:13:48 pm »

Answering my own question. I was missing a NAT rule allowing traffic to the WG gateway. Firewall -> NAT -> Outbound.

Interface = The WG Interface

Translation / Target = Interface Address

24.7 Production Series / Re: Multiple Wireguard connections to Nordvpn

« on: August 12, 2024, 08:44:47 am »

Just adding more screenshots of the config for context

24.7 Production Series / Multiple Wireguard connections to Nordvpn

« on: August 12, 2024, 08:43:14 am »

I have been banging my head with this one for a few weeks. I am setting up 3 Wireguard connections to nordvpn. Two of which will be used as failover Gatway for Vlan 200, this one works, and the 3rd connection will be used as a sole gateway for vlan 100.

I have setup the connections, and everything appears to be fine. The failover connection works, but the third connection refuses to route traffic, even though the gateway appears to be up. My hunch is that it has something to do with the tunnel address / gateway configuration.

I have setup 3 peers, as per screen shot using the information I obtained from my keychain access as per this https://www.reddit.com/r/WireGuard/comments/xqz102/extract_nordvpn_wireguard_config_with_macos_no/

I have setup 1 instance per peer, and setup the tunnel address and gateway as per screenshots

I have setup an interface and a gateway for each instance, all gateways appear to be up, and the MT gateways both work and speed is very very good (I am getting > 800Mb/s from a 1Gb/s connection, with minimal cpu usage unlike openvpn).

The US gateway simply refused route any traffic out (from either Vlan 100 or Vlann 200) even though it appears online. The RTT also appears to make sense. An openvpn connection used as gateway works fine.

Any ideas would be greatly appreciated.

24.7 Production Series / Re: Update from RC2 to Release

« on: July 25, 2024, 09:06:29 am »

Absolutely smooth here too. No issues with LAGG, Vlans, wireguard and openvpn. All working without a hitch. A big WELL DONE ! Not a single issue

24.7 Production Series / Re: LAGG Lan interface not working after upgrade to 24.7 RC2

« on: July 23, 2024, 10:48:38 am »

Apologies... IT IS WORKING, and did not require a reboot on my end, just needed to bring the interfaces down and back up

As you said LAGG0 still has blank MAC

lagg0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
   description: LAN (lan)
   options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
   ether a8:b8:e0:02:ea:cf
   hwaddr 00:00:00:00:00:00
   inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255
   laggproto lacp lagghash l2,l3,l4
   laggport: igc1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
   laggport: igc2 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
   groups: lagg
   media: Ethernet autoselect
   status: active
   nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

but igc1 and igc2 have proper mac addresses now even in the UI

24.7 Production Series / Re: LAGG Lan interface not working after upgrade to 24.7 RC2

« on: July 23, 2024, 10:32:08 am »

I confirm it is working !! Thank you for the super prompt reply

24.7 Production Series / Re: LAGG Lan interface not working after upgrade to 24.7 RC2

« on: July 23, 2024, 09:18:35 am »

Did some more digging this morning, so it seems that whenever two interfaces are selected for LAGG, their mac address becomes 00:00...:00 ?

lagg0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
   description: LAN (lan)
   options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
   ether 00:00:00:00:00:00
   inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255
   laggproto lacp lagghash l2,l3,l4
   laggport: igc1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
   laggport: igc2 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
   groups: lagg
   media: Ethernet autoselect
   status: active
   nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

-----

igc1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
   options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
   ether 00:00:00:00:00:00
   hwaddr a8:b8:e0:02:ea:cf
   media: Ethernet autoselect (1000baseT <full-duplex>)
   status: active
   nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igc2: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
   options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
   ether 00:00:00:00:00:00
   hwaddr a8:b8:e0:02:ea:d0
   media: Ethernet autoselect (1000baseT <full-duplex>)
   status: active

Not sure if this is normal, or a bug.

24.7 Production Series / LAGG Lan interface not working after upgrade to 24.7 RC2

« on: July 22, 2024, 11:05:11 pm »

A quick heads up, took the plunge today, and upgraded to 24.7 RC2. Upgrade went smoothly, howver after the final reboot my LAGG Lan. interface failed to come up. It showed the correct ip in console, but I could not ping it or route any traffic through the firewall.

I went back to 24.1, removed the LAGG interface and converted to a normal lan interface and upgrade went smoothly, everything is working as it should, openvpn, wg, and kea dhcp.

Just a heads up in case anyone has a LAGG lan interface it would be a good idea to switch it off before upgrading the beta.

Have not tried to re-enable lagg since, but will probably give it a try tomorrow if I find some time.

The new UI looks great. Super well done !

P.S. My Hardware is a ROUAFWIT Micro Firewall N100 12TH Gen Fanless Mini PC, DDR5 8GB RAM 128GB SSD Router Appliance Computer

Pages: [1] 2