Messages

Hi everyone,

I'm having an issue accessing my DLNA server over a WireGuard VPN.

Here's my setup:

•     I have a DLNA server running on LAN1.
•     I can successfully access the DLNA server from LAN2 using the UDP Broadcast Relay plugin, and everything works as expected.

However, when I add a WireGuard interface to the mix, the DLNA server becomes inaccessible. Additionally, I notice that the highlight color in the plugin changes from green to yellow.




Has anyone encountered a similar issue or have any ideas on how to resolve this?

Any help or guidance would be greatly appreciated!

Thanks in advance!

Thank you for your answer. The MAC was in capital letters so I changed it and worked.

I'm currently using OPNsense version 24.7.4, and I've encountered an issue with the Wake on LAN dashboard. It incorrectly reports that my computer is offline, even though it is actually online.

I have verified the connectivity by pinging the computer from the OPNsense command line, and it responds as expected. Additionally, the magic packet is successfully sent and works as intended. However, the dashboard status remains inaccurate.

Any guidance on resolving this issue would be appreciated.

Finally solved Unbound DNS Overrides, on the client side I put the DNS pointing to 192.168.1.1

did you create the wireguard interface ... its needed to create the "Automatic outbound NAT rule"

Thank you, it partially solved my problems. I've followed this guide https://docs.opnsense.org/manual/how-tos/wireguard-client.html and now, I can access to the internet but the Unbound DNS Overrides are not working.
Any ideas?

What does your network look like?  What FW rules do you have configured?  What do you mean by Unbound DNS Override working with nginx?

My home network consists in 3 interfaces, WAN, LAN1 (192.168.1.XXX) and LAN2 (192.168.2.XXX).
I have a firewall rule in LAN1 and LAN2 that allows traffic between LAN1 and 2 and since in WireGuard it's configured that peers had an IP like 192.168.10.XXX there is a similar firewall rule but changing the source.
I attach some pictures below:
LAN1

LAN2 

WireGuard

Port Forward


By Unbound DNS Override working with nginx, I mean that I run applications like docker portainer on 192.168.1.10:8080, but I've configured a custom domain home.com that redirects all traffic that has home.com to my nginx and the nginx redirect docker.home.com to the docker host.


To sum up the problem:
From LAN1/2 IP I can reach the WireGuard peer with IP 192.168.10.XXX.
From WireGuard peer with IP 192.168.10.XXX I can reach LAN1 and LAN2.
From WireGuard peer I can't reach any home.com domain (but I can reach the IP hosts because they are in LAN1 or 2).
From WireGuard peer I can't reach google.com

I configured WireGuard in the past and it worked properly, but at some point, maybe I misconfigured something, and now, the peers can't access to the internet.
When I connect to the VPN, I can see the handshake in VPN>WireGuard>Diagnostics also the peers can ping and access to internal IP, but it can't reach anything outside my LAN.
Other think to mention is that I have an Unbound DNS Override (a custom domain redirection) configured working with nginx, and it isn't working through the VPN.
I've tried to read logs, but I can't find anything strange.
I'm quite new to OpnSense and this forum and maybe someone can help.
Thank you.

Thank you, after the explanation I realized that I had wrong IP on the client.

Thank you for all your answers, I've set WireGuard clients to 192.168.10.0/24 and enabled KeepAlive to 25 but same result.
CJ, what do you mean with: "Additionally, you have the client set to only allow access to a single IP."

Hello,
I'm trying to set up WireGuard with a simple configuration, but I can't figure out what I'm doing wrong. Simply can't get internet access when in the client, WireGuard is turned on.
My topology is simple, I have 2 interfaces LAN1 192.168.1.1 and LAN2 192.168.2.1, and I would like that clients which connected to WireGuard have a LAN2 IP.
I created these firewall rules.
WAN
   Protocol: IPv4 UDP    
   Source: *
   Port: *
   Destination: WAN address    
   Port: 51820    
   Gateway: *
   Schedule: *
WG1 interface
        Protocol: IPv4 *
   Source: WG1 net
   Port: *
   Destination: *
   Port: *
   Gateway: *
   Schedule: *
So after installing the plugin and configured the client I configured instances WireGuard this way
        Name: wg1   
        Device: wg1   
        Tunnel Address: 192.168.2.1/24
        Port: 51820   
        Peers: DEMO-Peer
        Commands:
And Peers
        Name DEMO-Peer
        Endpoint address WAN IP
        Endpoint port 51820   
        Allowed IPs 192.168.2.50
        Commands

When I enable the WireGuard connection from my Demo Peer I can see that the handshake was sent in the tab diagnosis
        Public key: Public key of the peer's interface
        Name: DEMO-Peer
        Port / Endpoint: IP of DEMO-Peer:8020
        Handshake: Connection date
        Send: 1.09 KB   
        Received: 1.20 KB
       
I hope someone could help

         

Thank you for your reply.
In fact, it is in OPNsense GUI where I'm bridging the two bridges, not in Proxmox. Maybe is not the best approach.
What would be the way to configure OPNsense to be able to use all my ports and also being able to access Proxmox from any of them?

I attach some screenshots to clarify.
These are my bridges:

bridge1 pretends to act as a switch, and it's assigned to LAN. Bridge0 is to be able to access to proxmox server IP: 192.168.1.200


What I can't understand is why if I disable bridge1 and I associate the LAN to igb1 the bridge0 works, and I'm able to reach 192.168.1.200 but not with bridge1 associated to LAN

Hi everyone, this may be a dumb problem, but I keep hitting roadblocks.
I'm running OPNsense as a Proxmox VM. I have 5 NIC (vtnet0, igb0, igb1, igb2, igb3) vtnet0 is a bridge that Prxmox creates by default to access to its control panel.

Inside OPNsense the WAN is associated to igb0. I would like to configure the igb1, igb2, igb3 to be the LAN and also to be able to control Proxmox, that's why I created bridges.

My first approach was to associate igb1 to the LAN and then, create a bridge called bridge0 between LAN and vtnet0. The LAN worked, and I was able to communicate with Proxmox but, as is expected, only by the port igb1.

To solve this, I decided to create a bridge with igb1, igb2, igb3 (bridge1) and I assigned it to the LAN, but I noticed that the previous bridge, bridge0, wasn't working, so that I had lost the access to Proxmox.

What I'm doing wrong?

Thank you in advance.