Messages

Is this the same configuration as PPPoE? Will the authentication be handled automatically?

Yes. The server will negotiate the authentication protocol with the client (OPNsense). All of this is automatic.

Thank you for your response.
I've got it configured, and it seems to be working well. I'm in the process of switching 10 firewalls from pfSense to OPNsense.

Thank you for your quick response.

Is this the same configuration as PPPoE? Will the authentication be handled automatically?
I ask because I don't see any option to select the protocol during the PPPoE setup—will this be managed behind the scenes?

Hi everyone,

We're planning to migrate a customer from pfSense to OPNsense and are currently validating compatibility for their setup.

We've successfully tested PPPoE on OPNsense, but we need to confirm if PAP (Password Authentication Protocol) is supported and working reliably in this context.

This is important for us before moving forward with the migration.

Has anyone used PAP authentication on OPNsense? Any known issues or limitations?

Thanks in advance!

If you need WireGuard VPN access to your network you obviously need to open the matching ports with an allow rule on WAN.  ;) This or I did not understand your question.

thank you for your answers.
your first answer has point me to the right direction. on the firewall WAN i had the wireguard ports on the destination port to any. i specified the incoming port too.

Thank you for your answer, I appreciate it!

Good catch—it's something I hadn't paid attention to.

Would it be smarter to limit the incoming ports for WireGuard, or should I leave them open?

Please find the attached.
the rule has been disabled for now.

Hi All,

I hope you're doing well.

We've encountered an issue with port forwarding for our cameras. After enabling port forwarding (NAT port to the camera recorder), it causes our WireGuard VPN and external access to the GUI to stop working. However, when we disable the NAT ports, everything starts working again.

Could you advise who might be able to help resolve this issue? Additionally, is it necessary to port forward or NAT the camera port to maintain all services functioning properly, or is there an alternative configuration we should consider?

Looking forward to your guidance.

Hello everyone,

I received two /29 subnets from our ISP. Currently, I'm using the first /29 as the uplink, with the other 7 IPs functioning as virtual IPs, which is working well.

The second /29 subnet has its own gateway, which has been added as well, with those IPs also set up as virtual. However, our Layer 3 switch is having trouble routing this second subnet because we need to configure a static route in OPNSense.

Could someone advise on how to set up the static routing for the second subnet?

Your support is greatly appreciated.

Thank you!

Yup, after the upgrade DOT DNS couldn't resolve in order to load Wireguard.
I've tried lowering DNSSEC standards and it helped, at least the BOGUS or NXDOMAIN responses lasted "only" 10sec, so the boot was fast, and WG successful.
I will not use IPs. IPs change.
I just hope Adguard will move to the early part of the boot sequence, so I don't need to use Unbound just to satisfy (unreliably) the boot process.

i have resolve it before with change the dns name of the extern site to the ip, after the last update OPNsense 24.1.7_4-amd64 has crashes it.
i am using DOT too.

Edit: ive got it resolved. Make sure to check the wireguard plug in. Somehow it disappeared. Reinstall it

Hi everyone,

We are using WireGuard as a site-to-site VPN between four offices. These offices are connected to site A, so sites B, C, D, and E are connected to site A.

I want to allow RDP and ICMP from sites B and C, and allow all traffic from sites D and E. Can you please advise how to set this up? I appreciate any support.

I managed to resolve this issue. Most of the S2S VPN connections were using the DNS name of the peer instead of the IP address. I am using DNS over TLS, which somehow didn't resolve these two VPN sites correctly. I changed their DNS names to IP addresses, and they started working. I thought I'd share my resolution here.

Sorry guys for my late reaction due to some health issues.

In some situations, when I have a DMZ, it forwards every port to OPNsense. Do you mean that even if OPNsense is behind a DMZ, it still needs port forwarding? I've noticed that OPNsense doesn't handle double NAT well.

I am experiencing the same issue. After updating to OPNsense 24.1.6, my WireGuard setup stopped working. I have multiple sites, and I'm concerned because some sites work, while others do not.

The error message I'm getting on both sites is:

Code Select Expand


/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: not a valid opt3 interface

Solved it!

Don't ask why but the gateway was gone and on the interface it was set to "automatic".

I had to recreate the gateway and reconfigure it on the interface and things started working again.

i am facing a similar issue, do you mean the Site to Site Gateway was Gone?

If there is another router in front you need a port forward rule on that other router, too.

There is a router in front of the OPNsense. We're dealing with double NAT. Are you asking if I should still forward the port on the ISP router even if there's a DMZ set up for the OPNsense?