"
I get this while I'm trying to configure HomeAssistant integration that tries to access the OPNSense API
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.7, 24.10 Legacy Series / Re: Should I be concerned about this repeated error in my logs regarding xmlrpc ?
September 10, 2024, 04:42:37 PM #2
Web Proxy Filtering and Caching / Re: [HAPROXY] websocket upgrade
May 08, 2024, 10:55:43 AM
@Bunch thanks a lot.
With your instructions it worked immediately.
With your instructions it worked immediately.
#3
Virtual private networks / Re: Routing between local network and Wireguard
September 15, 2023, 11:38:47 AM
It is it working.
I just had the AllowedIPs completely backwards.
I thought it's what is allowed destination on the source, but it's allowed source on the destination ::)
I just had the AllowedIPs completely backwards.
I thought it's what is allowed destination on the source, but it's allowed source on the destination ::)
#4
Virtual private networks / Routing between local network and Wireguard
September 14, 2023, 05:10:13 PM
I tried to get OPNSense work with Wireguard and among others tried this tutorial
- https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
- https://forum.opnsense.org/index.php?topic=27449.0https://forum.opnsense.org/index.php?topic=27449.0.
I try to connect to my home network from my phone.
I also looked at the RoadWarrior tutorial, but my situation is different because of CGNAT.
I have Wireguard installed on a VPS because of CGNAT (Starlink).
OPNSense and my phone connect to it.
I configured it as split tunnel, so that the phone only routes access to 192.168.2.0/24 over Wireguard
and the local network only routes 10.7.0.0/24 over Wireguard.
Direct internet access is still working fine on the local network and the phone when connected to Wireguard.
The Wireguard peers can ping each other (10.7.0.1, 10.7.0.2, 10.7.0.3),
but nothing from 192.168.2.0/24 can reach any of the other peers and my phone also can not reach anything from 192.168.2.0/24.
So for example a ping to the phone (10.7.0.2) from a local PC (192.168.2.1) or OPNSense itself (192.168.2.254) seems to never pass anything to 10.7.0.3 (OPNSense Wireguard gateway).
Ping from the local PC (192.168.2.1) to OPNSense Wireguard gateway (10.7.0.3) works though.
I added a Route to 10.7.0.0/24 over the OPNSense Wireguard gateway.
My networking and OPNSense knowledge is limited and I try to get a few confusing things out of the way.
1) When I have firewall rules to allow anything in and out, do I need the firewall rules from the tutorial to make routing work?
I assume that firewall rules are only to prevent traffic, not to redirect it, except perhaps to resolve ambiguity.
I think OPNSense should pass between 192.168.2.0/24 and 10.7.0.0/24 without any of the firewall rules in the tutorial. Is that correct.
2) Is NAT actually required to connect between phone and local network?
I assumed that this use case should work without NAT, but all tutorials include a NAT section.
I assumed this would be only be required for internet access from private addresses or in case of networks with overlapping private addresses.
Any hints on what misconceptions I'm falling for?
What also kills me is the "AllowedIPs" in Wireguard.
For split tunnel it's stated that "10.7.0.3/32" should be used.
I have this in the VPS Wireguard ("/etc/wireguard/wg0.conf"),
but on the other peers I need to use "10.7.0.3/24" and "10.7.0.2/24", otherwise the peers can not ping each other.
I probably should ask about that in a Wireguard forum instead.
- https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
- https://forum.opnsense.org/index.php?topic=27449.0https://forum.opnsense.org/index.php?topic=27449.0.
I try to connect to my home network from my phone.
I also looked at the RoadWarrior tutorial, but my situation is different because of CGNAT.
I have Wireguard installed on a VPS because of CGNAT (Starlink).
OPNSense and my phone connect to it.
I configured it as split tunnel, so that the phone only routes access to 192.168.2.0/24 over Wireguard
and the local network only routes 10.7.0.0/24 over Wireguard.
Direct internet access is still working fine on the local network and the phone when connected to Wireguard.
The Wireguard peers can ping each other (10.7.0.1, 10.7.0.2, 10.7.0.3),
but nothing from 192.168.2.0/24 can reach any of the other peers and my phone also can not reach anything from 192.168.2.0/24.
So for example a ping to the phone (10.7.0.2) from a local PC (192.168.2.1) or OPNSense itself (192.168.2.254) seems to never pass anything to 10.7.0.3 (OPNSense Wireguard gateway).
Ping from the local PC (192.168.2.1) to OPNSense Wireguard gateway (10.7.0.3) works though.
I added a Route to 10.7.0.0/24 over the OPNSense Wireguard gateway.
My networking and OPNSense knowledge is limited and I try to get a few confusing things out of the way.
1) When I have firewall rules to allow anything in and out, do I need the firewall rules from the tutorial to make routing work?
I assume that firewall rules are only to prevent traffic, not to redirect it, except perhaps to resolve ambiguity.
I think OPNSense should pass between 192.168.2.0/24 and 10.7.0.0/24 without any of the firewall rules in the tutorial. Is that correct.
2) Is NAT actually required to connect between phone and local network?
I assumed that this use case should work without NAT, but all tutorials include a NAT section.
I assumed this would be only be required for internet access from private addresses or in case of networks with overlapping private addresses.
Any hints on what misconceptions I'm falling for?
What also kills me is the "AllowedIPs" in Wireguard.
For split tunnel it's stated that "10.7.0.3/32" should be used.
I have this in the VPS Wireguard ("/etc/wireguard/wg0.conf"),
but on the other peers I need to use "10.7.0.3/24" and "10.7.0.2/24", otherwise the peers can not ping each other.
I probably should ask about that in a Wireguard forum instead.
Pages1
