"
.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Virtual private networks / Re: WG handshake not completing when using 2nd router behind opnsense
May 07, 2024, 09:44:49 AM #2
23.1 Legacy Series / Re: How to verify vlans working (like packets are actually tagged correctly)
May 17, 2023, 04:29:14 AMQuote from: sja1440 on May 08, 2023, 06:31:40 PM
In the example I would select as the capture interface igb3.
Do not select the vlan interface interface itself (igb3_vlan400 in the example).
This was it! Thank you so much - I was selecting the vlans interfaces directly before and wasn't getting the correct info!
(is it possible to close or lock a post on this forum?)
#3
23.1 Legacy Series / How to verify vlans working (like packets are actually tagged correctly)
May 07, 2023, 11:42:59 AM
Hi, new to opnsense. I've gotten it working for the most part; internet access is working. I'm looking to set up an iot wifi network using openwrt multi ssid -> switch -> opnsense. I have single ssid wifi working. My network map: https://imgur.com/zr7icLz
It suddenly occurred to me that I have no idea the vlans are actually being used, or if stuff is circumstantially giving me internet access.
Is there a way to audit some of the packets opnsense is receiving in order to verify that the incoming/outgoing data is in fact using vlans?
I guess my first objective is to see the packets with whichever vlan is being used for "My PC" (top right of the image) -> switch -> opnsense. Ultimately opnsense has all my firewall logic, so if I can verify that "My PC" is using vlan2 vs openwrt using vlan5, I'll be confident in my firewall rules.
Thanks for any help in advance! :)
It suddenly occurred to me that I have no idea the vlans are actually being used, or if stuff is circumstantially giving me internet access.
Is there a way to audit some of the packets opnsense is receiving in order to verify that the incoming/outgoing data is in fact using vlans?
I guess my first objective is to see the packets with whichever vlan is being used for "My PC" (top right of the image) -> switch -> opnsense. Ultimately opnsense has all my firewall logic, so if I can verify that "My PC" is using vlan2 vs openwrt using vlan5, I'll be confident in my firewall rules.
Thanks for any help in advance! :)
#4
Virtual private networks / WG handshake not completing when using 2nd router behind opnsense
March 17, 2023, 10:41:12 AM
Hi there, I'm new to opnsense and am slowly re-building my network. My setup currently works with normal internet. It uses two routers, one Opnsense for my homelab stuff, and one tplink for my roommate / general wifi use. This is a drawn image of my network: (see first attachment below)
I have managed to set up and correctly use WG with my phone using cell data. It also work if I tether my laptop to my cell data. However, when I connect either of them to the wifi, WG will fail to handshake, retrying every 5 seconds.
I've examined the logs and I'm not really sure where or why it's failing. I changed the dns on the wg client to use 8.8.4.4, and logs show it properly going out:
(see second attachment below)
Logs don't show anymore information, at least from what I can gather. The VPN -> Wireguard -> Status does show the transfer numbers increasing for both received and sent. So I'm thinking maybe for some reason the data is getting dropped?
Lastly here are my relevant interface firewall rules:
(see third attachment below)
Any advice would be appreciated! I've been trying most everything I can think of with no success, thanks!
I have managed to set up and correctly use WG with my phone using cell data. It also work if I tether my laptop to my cell data. However, when I connect either of them to the wifi, WG will fail to handshake, retrying every 5 seconds.
I've examined the logs and I'm not really sure where or why it's failing. I changed the dns on the wg client to use 8.8.4.4, and logs show it properly going out:
(see second attachment below)
Logs don't show anymore information, at least from what I can gather. The VPN -> Wireguard -> Status does show the transfer numbers increasing for both received and sent. So I'm thinking maybe for some reason the data is getting dropped?
Code Select
peer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
preshared key: (hidden)
endpoint: 10.121.4.7:49543
allowed ips: 10.120.2.7/32
transfer: 127.04 KiB received, 78.97 KiB sent
Lastly here are my relevant interface firewall rules:
(see third attachment below)
Any advice would be appreciated! I've been trying most everything I can think of with no success, thanks!
Pages1
