"
This seems like the best option cheers. Have a couple clients I want to send to different local DNS servers but looks like I can set that in the static DHCP mapping.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
23.7 Legacy Series / Re: [Solved] Redirected DNS to local DNS Servers unable to resolve
January 03, 2024, 09:35:52 PM #2
23.7 Legacy Series / Re: [Solved] Redirected DNS to local DNS Servers unable to resolve
January 03, 2024, 09:13:04 PMQuote from: doktornotor on January 03, 2024, 01:45:24 PM
Glad that it's resolved.
Only issue is that with this rule, all dns requests are showing as coming from the opnsense gateway ip. If I choose the "Do not NAT" option on the rule, I see the real IPs again but end up with the same problem. Should I be able to see the real client ip on the dns server?
#3
23.7 Legacy Series / Re: Redirected DNS to local DNS Servers unable to resolve
January 03, 2024, 12:48:09 PM
Thank you very much, I needed Rule 3 from this link. It wasn't clear in any logs that I was getting unexpected source errors.
#4
23.7 Legacy Series / Re: Redirected DNS to local DNS Servers unable to resolve
January 03, 2024, 08:11:26 AM
Looks like the rule I have set up should be the same as described here. I have attached a picture of my rule along with what happens. I am directing all TCP/UDP requests on port 53 to my local DNS server (which is on 192.168.2.12). If I change this IP to anything external or to my opnsense address, the dns resolves properly. But once I set it to a DNS server which is locally on my network but not at the opnsense address, I see timeouts on the client side.
The requests definitely still get routed to my local dns server, and show up in the logs, but the client never receives the response from the dns server. There is definitely not a firewall block because the dns server can be used if configured manually.
The requests definitely still get routed to my local dns server, and show up in the logs, but the client never receives the response from the dns server. There is definitely not a firewall block because the dns server can be used if configured manually.
#5
23.7 Legacy Series / [Solved] Redirected DNS to local DNS Servers unable to resolve
January 02, 2024, 11:55:26 PM
I have a similar rule as described here to redirect any DNS request from my network to local DNS servers. : https://forum.opnsense.org/index.php?topic=9245.0
However this only works properly when the DNS is redirected to the gateway itself or to an external DNS server. If I provide an internal IP for my local DNS server, all of the DNS requests fail to resolve. In the DNS server log, it sees the requests and shows that it has responded, but the connection times out at the client side and it never resolves.
I tried both an Unbound DNS server and a Pi Hole, and both have the same behavior. If the client sets the local DNS manually and the firewall rule is disabled, the connection is fine, so it's definitely something with this redirection that is breaking it.
Is there any additional rule I would need to create?
However this only works properly when the DNS is redirected to the gateway itself or to an external DNS server. If I provide an internal IP for my local DNS server, all of the DNS requests fail to resolve. In the DNS server log, it sees the requests and shows that it has responded, but the connection times out at the client side and it never resolves.
I tried both an Unbound DNS server and a Pi Hole, and both have the same behavior. If the client sets the local DNS manually and the firewall rule is disabled, the connection is fine, so it's definitely something with this redirection that is breaking it.
Is there any additional rule I would need to create?
#6
23.7 Legacy Series / Trouble with Traffic Shaping
November 10, 2023, 07:51:41 PM
Hi there,
I'm trying to set up my traffic shaping to prioritize up/down traffic from my desktop and deprioritize everything else. My network speed is 1200Mbps/35Mbps. I have configured a 1200Mbps pipe down and 35Mbps pipe up, with a priority and nonpriority queue for each of them (priority weight = 10, nonpriority weight =1). I have also set up the rules for each of the clients to be sent to each queue correctly which I can see in the status.
However, when I run a speedtest with these queues and rules enabled, I can only pull about 600Mbps down (even as the only client downloading). If I increase the pipe to ~1800 down, then it pulls my full network speed but I'm assuming the shaping wouldn't work in this case. Is there anything obvious I'm missing?
I'm trying to set up my traffic shaping to prioritize up/down traffic from my desktop and deprioritize everything else. My network speed is 1200Mbps/35Mbps. I have configured a 1200Mbps pipe down and 35Mbps pipe up, with a priority and nonpriority queue for each of them (priority weight = 10, nonpriority weight =1). I have also set up the rules for each of the clients to be sent to each queue correctly which I can see in the status.
However, when I run a speedtest with these queues and rules enabled, I can only pull about 600Mbps down (even as the only client downloading). If I increase the pipe to ~1800 down, then it pulls my full network speed but I'm assuming the shaping wouldn't work in this case. Is there anything obvious I'm missing?
#7
Virtual private networks / Re: Can't create WG Gateway for selective routing
August 15, 2023, 08:48:56 AM
Yeah, I have set the IPs on both Local and the Endpoint. Under "Status" I see the following
If I set an IP address on the wireguard interface, then I am able to create the gateway, but the guide specifically says to set the IP configuration to "None".
EDIT: Never mind, it now allows me to after fully toggling Wireguard off and on. I did a system restart as well as a restart through the widget but it seems like those two were not sufficient.
Quote
interface: wg1
public key: XXXXX
private key: (hidden)
listening port: 51821
peer: XXXXX
endpoint: XXXXX
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 50 seconds ago
transfer: 3.24 KiB received, 12.21 KiB sent
persistent keepalive: every 25 seconds
If I set an IP address on the wireguard interface, then I am able to create the gateway, but the guide specifically says to set the IP configuration to "None".
EDIT: Never mind, it now allows me to after fully toggling Wireguard off and on. I did a system restart as well as a restart through the widget but it seems like those two were not sufficient.
#8
Virtual private networks / [SOLVED] Can't create WG Gateway for selective routing
August 15, 2023, 08:03:20 AM
EDIT: Never mind, it now allows me to after fully toggling Wireguard off and on. I did a system restart as well as a restart through the widget but it seems like those two were not sufficient.
Hello,
I am coming from pfSense and I'm following this guide to set up VPN routing: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
I've made it through to creating the gateway (Step 6) and I can see handshakes happening in the WG status. However I'm unable to assign an IP address to the gateway because the interfaces has IPv4 type set to "None" which the guide instructs to do. This is the error given when attempting creating the gateway:
The following input errors were detected:
Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.
Am I missing something obvious? Any help would be appreciated very much.
Hello,
I am coming from pfSense and I'm following this guide to set up VPN routing: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
I've made it through to creating the gateway (Step 6) and I can see handshakes happening in the WG status. However I'm unable to assign an IP address to the gateway because the interfaces has IPv4 type set to "None" which the guide instructs to do. This is the error given when attempting creating the gateway:
The following input errors were detected:
Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.
Am I missing something obvious? Any help would be appreciated very much.
Pages1
