Messages

Hi,
I upgraded my OPNSense router a few days before Christmas.  I have been using PNSense for a year. It has been brilliant.
Although my experience has been IT apps, I have been learning slowly about network - newbie.

I configured the box for root and 1 user. In both cases, they both have long PWD and I have enabled TOTP.
SSH is also enabled.

The network runs and I can connect any to site as usual. However, it seems over time the network slows down (especially the later releases) - I am using the network now. A reboot solves this for approx 2 week period.

I have just rebooted and I cannot login via browser console OR ssh.  This was the case just before the reboot as well.
I use KeepassXC with browser plugin usually and have had no problems.  I have attempted manually but no go.
<---EDIT---->
Well, I eventually killed it off and rebuilt the installation - now seemingly works -  well almost - the TOTP part is all over the place and unreliable.   CLOSED

I looked at GUI crashed? "SSH unavailable. Can I restore from backup?"  post - seems almost a dup. He cannot SSH either but can access GUI -  I cannot as it times out

Any help appreciated (as I am not an expert)

@dseven I have followed the guide explicitly.

The VPN tunnel connects from the internet.  I have connected via my iPhone and the VPN states connected. ;D

As stated: Add the Outbound NAT Rule (Required if Not Creating WireGuard Interface) - I have the Wireguard Interface defined, thus ignored this section of doc.

The section you referred to re: With these two rules, you will have access to your home's Internet while connected remotely but no other access to your internal network(s). If you simply want a secure VPN for public WiFi hotspots, you do not need to add more rules.
I have implemented these exactly as per the doc, BUT my browser does not pick up the internet and times out.

Any ideas here?

@dseven
Thanks for the reply.
I have been following this guide: https://homenetworkguy.com/how-to/configure-wireguard-opnsense/
and I can connect via wireguard to my server BUT through my local network.
When I attempt the connection via the internet side via my mobile -  Nope!  :o   (I scanned the 3-d code to ensure my config is right)

I suspect there is a "bridging requirement" to connect the wireguard from the LAN side to the Internet.
Any advice/pointers - anybody?

@dseven Thanks for the input.

Option 3 looks good.  My only concern is that I am not sure that the clients that are to connect will support wireguard.

Do you have any experience in that regard?

Hi all,
Warning! Non-expert here!

BTW I am using 24.7_1

I think I have configured the Noip end correctly.  It reflects my WAN ISP DHCP address so I like to believe it is right. 
Not sure how to test it?
Also, I am experimenting, so I am using a free account.   If this works, I will get a paid for account.

The way I see it, is that the DNS endpoint provided by Noip could be accessed by http//:XXXX.ddns.net. I do not have a cert yet, so it would be HTTP://   [Note: I would be using a proper domain reg. and add to noip, as per the service provided]

To get to the device (NVR) I need to define the mapping from the the the firewall to the device - thus a connection is made between the device and the firewall, and then it should be automatic to connect to the endpoint. 
The result being that I will be able to, via a browser, connect to the device and log in.

Assuming the device is on 192.168.40.1 (and OPNSense is 192.168.1.1) I am looking for advice as to where to provide the routing.   I am going to assume a firewall rule?

In the LAN pool?
Bidirectional I figure, as the device needs to validate itself ti the DDNS and secondly, allow for when I attempt to connect via http//:XXXX.ddns.net

Any guidance appreciated.

I found https://www.youtube.com/watch?v=i546YF91dHk to be somewhat useful but incomplete for 24.7_1

I found this guide (https://www.cctvcameraworld.com/port-forwarding-for-dvr-and-nvr/) and have enabled ports 80, 554, 37777 and 37778 but it still does not come through.
I have asked NVR manufacturer support for port recommendations to confirm these.

Hi,

consider following this https://kb.protectli.com/kb/opnsense-on-proxmox-ve/

In addition, do NOT unless you are doing a lab, run this combo (Proxmox and OPNSense) in a production or home network. Place OPNSense on metal. There is strong advice to not do this.  Your call but understand the risks.

Cheers.

Noob here.

It is unfortunate that you did not get any response.
Hopefully you have come good in your endeavours,

I tried the same thing but with a Mac mini.

What I found was that you had to ensure the ports were well defined in Proxmox and properly configured and tested.
Then you map the OPNSense ports to the Promox ports for WAN/LAN,

I realise that I had it working but had ISP infrastructure challenges.

Lastly, for the record there is a large body of evidence that using Proxmox/OPNSense combination is definitely not advisable.  In my case, I switch to OPNSense on the metal.  Simple to get started, I followed https://homenetworkguy.com/

Good luck

Hi,

may I suggest you have not permitted ICMP.
Check if you have a rule
    Action: Pass
    Protocol: ICMP
    ICMP subtypes: Echo request
    Source: any
    Destination: WAN
    Description: Allow ping on WAN

I had similar problem on a different platform but same solution

Hi,

Well, I went ahead with the Macmini (2012 & 8GB) as my OPNSense Router with eth and miniport eth 1Gb each)
Works like a dream.  I have configured my VLANs etc.  Good so far  :)

For the switch I have go ahead with the Mikotik CRS310-iG-5S-4S+ (10G box).  It turns out it is a router and a switch!  Nevertheless, I have implemented the switch side (SwitchOS) and it is snappy! Seems to be a great buy and is relatively cheap.

I run speedtest-cli at my own Mac Mini  and get numbers of 930Mb on a 1Gb WAN!  Brilliant!  ;D ;D

Now I am in the phase of implementing the VLAN at switch level and finalise the overall implementation. Hopefully with many glitches to overcome.

Thanks to all that provided input on options!

Hi,
Warning: Noobie here

I have been a recent Ubiquiti user re router and UniFi. 
The EdgeRouter has become redundant, and I have moved to OPNSense on a Mac Mini.  Works great and seems stable.  I also attach the UniFi onto the network, and it is transparent and works, first time!  ;D 8)

However, I want to implement vlans/QoS/etc. and my current Netgear smartswitch is NOT suitable (it is to be fair rather old).

The replacement must have at least 8 port of 1Gb or higher. Not fussed re POE as I have been using injectors.

Looking for suggestions please - other than ridiculous overprice switches from "some" vendors.
Any folks with experiences?

Hi,

OK got it. Next steps I have to do!  ::)

Thanks!  ;D

Hi,
Warning: Noobie here and learning.

I have 24.1.3_1 running, and it is petty good  :)  (Been a learning curve!)

I have a simple arrangement of ISP---- > OPNSense -----> netgear GS108T smart switch-----> with 1x Macminis and 1 PC

At the moment, everything is running as 192.168.1.x space
I have defined a number of VLANS.
Now I have taken the PC and assigned it a 192.168.20.x IP in the DHCP definition for the VLAN (i.e. moved PC to VLAN USERS)
I have included that the Firewall has a rule that allows access to the internet from the VLAN

Problem is, the PC cannot connect to the internet via the VLAN; (when the IP is 192.168.20.x) and defers back to an IP 192.168.1.y (I can manually force the IP to 192.168.20.x

So, can somebody confirm that I have to create VLAN definition in switch to enable PC to "bind" to VLAN or not? So that the PC can access the internet)

The corollary is that if I only had a simple switch (and not a smart switch) then I cannot have VLANs.

Is this correct?

Hi all,

well, it turns out the Macmini 2012 run OPNSense beautifully.  In the interim, I repurposed a PC with 2 eth ports and got it working. Now I have to get the VLANs sorted.

Good news is; moved it back to the Macmini and it is fine. Both eth ports as described are working at 1 Gb.

However the internet is slow from either Macmini or PC.  It turn out when testing with speedtest: it depends which server is attached to by speedtest. i.e when connecting to server in the next town I get up to 850Mb, whereas is I connect to server in another town adjacent I crawl at 5Mb max.    There is obviously a problem somewhere in the network as provided by my ISP

 Hi,
Thought so!  Appreciate the response!  :D

Hi,

noobie on networks here.
v24.1.3_1
Domestic deployment, macmini ---- > switch ------ > opnsense (PC with 1 buitin nic and 1 pci nic)  --- > ISP modem ---- > www
The docs are confusing wrt whether the dnsmasq DNS  vs. Unbound DNS.   ???
I take it that only one is to be configured.  Can someone confirm this please?

I figure both are not needed as both seem to want to use port 53 and a conflict arises. I change one to port 853 but I see no effect.

Advice please?