Messages

1

23.7 Legacy Series / Re: [Solved] Redirected DNS to local DNS Servers unable to resolve

« on: January 03, 2024, 09:35:52 pm »

This seems like the best option cheers. Have a couple clients I want to send to different local DNS servers but looks like I can set that in the static DHCP mapping.

2

23.7 Legacy Series / Re: [Solved] Redirected DNS to local DNS Servers unable to resolve

« on: January 03, 2024, 09:13:04 pm »

Glad that it's resolved.

Only issue is that with this rule, all dns requests are showing as coming from the opnsense gateway ip. If I choose the "Do not NAT" option on the rule, I see the real IPs again but end up with the same problem. Should I be able to see the real client ip on the dns server?

3

23.7 Legacy Series / Re: Redirected DNS to local DNS Servers unable to resolve

« on: January 03, 2024, 12:48:09 pm »

Thank you very much, I needed Rule 3 from this link. It wasn't clear in any logs that I was getting unexpected source errors.

4

23.7 Legacy Series / Re: Redirected DNS to local DNS Servers unable to resolve

« on: January 03, 2024, 08:11:26 am »

Looks like the rule I have set up should be the same as described here. I have attached a picture of my rule along with what happens. I am directing all TCP/UDP requests on port 53 to my local DNS server (which is on 192.168.2.12). If I change this IP to anything external or to my opnsense address, the dns resolves properly. But once I set it to a DNS server which is locally on my network but not at the opnsense address, I see timeouts on the client side.



The requests definitely still get routed to my local dns server, and show up in the logs, but the client never receives the response from the dns server. There is definitely not a firewall block because the dns server can be used if configured manually.

5

23.7 Legacy Series / [Solved] Redirected DNS to local DNS Servers unable to resolve

« on: January 02, 2024, 11:55:26 pm »

I have a similar rule as described here to redirect any DNS request from my network to local DNS servers. : https://forum.opnsense.org/index.php?topic=9245.0

However this only works properly when the DNS is redirected to the gateway itself or to an external DNS server. If I provide an internal IP for my local DNS server, all of the DNS requests fail to resolve. In the DNS server log, it sees the requests and shows that it has responded, but the connection times out at the client side and it never resolves.

I tried both an Unbound DNS server and a Pi Hole, and both have the same behavior. If the client sets the local DNS manually and the firewall rule is disabled, the connection is fine, so it's definitely something with this redirection that is breaking it.

Is there any additional rule I would need to create?

6

23.7 Legacy Series / Trouble with Traffic Shaping

« on: November 10, 2023, 07:51:41 pm »

Hi there,

I'm trying to set up my traffic shaping to prioritize up/down traffic from my desktop and deprioritize everything else. My network speed is 1200Mbps/35Mbps. I have configured a 1200Mbps pipe down and 35Mbps pipe up, with a priority and nonpriority queue for each of them (priority weight = 10, nonpriority weight =1). I have also set up the rules for each of the clients to be sent to each queue correctly which I can see in the status.

However, when I run a speedtest with these queues and rules enabled, I can only pull about 600Mbps down (even as the only client downloading). If I increase the pipe to ~1800 down, then it pulls my full network speed but I'm assuming the shaping wouldn't work in this case. Is there anything obvious I'm missing?

7

Virtual private networks / Re: Can't create WG Gateway for selective routing

« on: August 15, 2023, 08:48:56 am »

Yeah, I have set the IPs on both Local and the Endpoint. Under "Status" I see the following

interface: wg1
  public key:  XXXXX
  private key: (hidden)
  listening port: 51821

peer: XXXXX
  endpoint: XXXXX
  allowed ips: 0.0.0.0/0
  latest handshake: 1 minute, 50 seconds ago
  transfer: 3.24 KiB received, 12.21 KiB sent
  persistent keepalive: every 25 seconds

If I set an IP address on the wireguard interface, then I am able to create the gateway, but the guide specifically says to set the IP configuration to "None".

EDIT: Never mind,  it now allows me to after fully toggling Wireguard off and on. I did a system restart as well as a restart through the widget but it seems like those two were not sufficient.

8

Virtual private networks / [SOLVED] Can't create WG Gateway for selective routing

« on: August 15, 2023, 08:03:20 am »

EDIT: Never mind,  it now allows me to after fully toggling Wireguard off and on. I did a system restart as well as a restart through the widget but it seems like those two were not sufficient.

Hello,

I am coming from pfSense and I'm following this guide to set up VPN routing: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

I've made it through to creating the gateway (Step 6) and I can see handshakes happening in the WG status. However I'm unable to assign an IP address to the gateway because the interfaces has IPv4 type set to "None" which the guide instructs to do. This is the error given when attempting creating the gateway:
The following input errors were detected:
    Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.

Am I missing something obvious? Any help would be appreciated very much.