Messages

Sorry for being a little bit off topic here, but in the original post it was said "Internal AmneziaWG service hosted in the LAN.", can you share some details about how did you implemented it? I'm very interested in having AmneziaWG running on my network.

So, I've got my OPNsense running as a VM on Proxmox (PVE). Alongside it, I spun up an Alpine LXC container right on PVE and compiled `amneziawg-go` and `amneziawg-tools` inside it. Boom—instant AmneziaWG server/client setup!

If you wanna tinker with deploying AmneziaWG yourself, you can check out the project over on GitHub: https://github.com/amnezia-vpn/amneziawg-go

[The Setup:]

Hey everyone,

I'm reaching out to see if anyone else is experiencing Multi-WAN routing issues on the new v26.1 release. I recently upgraded from v25.7, and while the rule migration to "Rule (new)" seemed successful, my inbound load balancing/failover logic is broken.

The Setup:
- OPNsense v26.1 (previously rock-solid on v25.7.11_9).
- Dual WAN setup using PPPoE (pppoe0 for WAN1, pppoe1 for WAN2).
- Internal AmneziaWG service hosted in the LAN.

The Issue:
Prior to the upgrade, external clients could handshake with the AmneziaWG service via either WAN1 or WAN2 public IPs without issue. Post-upgrade, WAN2 is effectively "dead" for inbound connections. WAN1 continues to work perfectly.

Packet Capture & Behavior:
I did some digging via shell packet captures, and the results are baffling:
1. When a client attempts to connect to the WAN2 IP, I see traffic hitting BOTH pppoe0 and pppoe1 simultaneously.
2. The source IP on both interfaces is identified as the WAN2 public IP.
3. Despite the traffic being visible, the handshake never completes.

Troubleshooting Steps Taken:
- Completely deleted and recreated the Port Forward (NAT) and Firewall rules for the service.
- Isolated the issue by disabling WAN1 rules entirely, but WAN2 still refused to pass the handshake.
- Followed the official migration guide to ensure rules were correctly mapped to the new architecture.

Workaround:
I've since rolled back to v25.7.11_9, and everything started working instantly without a single configuration change.

Is there a known regression in v26.1 regarding "Reply-to" behavior for PPPoE interfaces or Multi-WAN policy routing? It feels like the return path is being misrouted or the state is getting confused between the two WAN interfaces.

Any help or pointers on what to check in the new rule logic would be much appreciated!

I'm running the same setup for traffic splitting, and yeah, I've noticed that slight lag right when dnsmasq kicks the IP into the alias. It's a bit of a pain because you end up having to hit refresh on the client side once just to get everything to connect properly.

Quick update/mea culpa on this issue!

Turns out the v25.7.6 upgrade was a total red herring! My bad, everyone.

After some deep digging and going over my configs, I finally tracked down the real culprit: I messed with the NAT Outbound settings the day before yesterday, and that's what actually broke the IPv6 on WAN1.

It had absolutely nothing to do with the new version.

My sincere apologies for causing confusion and wasting anyone's time on this! Consider the "bug report" retracted. Thanks to those who looked into it!

Hey everyone, need some help troubleshooting a weird issue after the recent update.

I just upgraded my OPNsense firewall to v25.7.6, and immediately ran into a serious hiccup with my WAN setup.

The Problem:

WAN1 PPPoE is totally failing to get an IPv6 address. I checked the logs, and the system is spitting out "DHCPv6 permission denied" errors specifically for the IPv6 assignment process.

The Weird Part (It's a Dual WAN Setup):

I'm running a Dual-WAN setup with two separate PPPoE connections. The thing is, WAN2 is working flawlessly—it connects, authenticates, and gets its IPv6 address without any issues. Only WAN1 is affected.

My Setup & Temporary Fix:

    My OPNsense is installed as a VM on Proxmox (PVE). (Just giving full context, though I doubt it's the root cause.)

    I tried rolling back to the previous version, and everything went back to normal. WAN1 immediately got its IPv6 address again.

It really looks like a bug introduced in v25.7.6. Has anyone else with a dual PPPoE setup run into this? Any thoughts on where I should start digging besides the logs?

Thanks in advance for the help!

me too.is v25.1.9_2

So, on my OPNsense box, I'm running dual PPPoE connections. When I enable Router Advertisements (RAs) via dnsmasq, clients seem to get their IPv6 addresses just fine. However, in actual use, IPv6 frequently drops or just won't connect. But if I disable the dnsmasq RAs and switch to Services: Router Advertisements (which is basically radvd), then everything works perfectly fine.

Correct. MSS clamping fixed the problem. Thanks.

Thank you so much for sharing, it solved a problem that has been bothering me for months

I set up exactly according to this document, and I can access the LAN resources of the server, but the Internet cannot be accessed through the server. I have tested using Openwrt or Windows Wireguard to connect to the server and everything is normal, but there is a problem with OPNsense as a client accessing Internet through the server. This problem plagues me. It's been a long time, can anyone help me? Thanks

I follow the document settings, but I can't Passing Traffic. I have tested many settings, but the problem still exists.