Messages

Can anyone advise please?

Hi, I've setup a WG VPN as per https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html including the kill switch step suggested, which works fine but I noticed if I disable the WG gateway that I've created as part of those steps the traffic goes out the default route. I assume this wouldn't normally happen so the kill switch would stop it but I wanted to prevent this, so I added a block rule, see attached with the yellow arrow. This seems to work however if I have continous ping running from a machine in the VPN_Hosts group the ping continues to respond although internet access is blocked as expected. If I start a new ping thats blocked so why wouldn't it block ICMP that was already in progress?

I need to ensure that the VPN kill switch is solid. It mentions in the above instructions that there is a couple of ways to do this, what are these?

I would appreciate any recommendations on ensuring there is no scenario where the VPN Hosts could access the internet directly (even by ICMP etc).

Thanks

Thanks for your help, found it

Use

Code Select Expand

tcpdump -i <interface> -n -e icmp

to find the source MAC address and look up the vendor prefix here:

https://www.macvendorlookup.com

That should give you a hint about the device. You have a misconfigured $something connected to your network.

Thanks for reply, what am i doing wrong here? it's on the LAN interface...

root@OPNSense:~ # tcpdump -i LAN -n -e icmp
tcpdump: LAN: No such device exists
(No such device exists)
root@OPNSense:~ # tcpdump -i "LAN (bridge0)" -n -e icmp
tcpdump: LAN (bridge0): No such device exists
(No such device exists)

I tried lowercase etc as well

Hi, I've noticed according to the firewall log an internal address is trying to ping itself constantly! This is very strange. See attached

My network is 192.168.0.1/24. I've checked ARP table and it only shows 192.168.0.x addresses as expected. Also checked routes and there is nothing for anything 10.x.x.x.

I wondered if it was something to do with VPNs, so I actually disabled both the OpenVPN and WireGuard services and its still continuing.

I downloaded the config XML and searched for 10.67.28.140 and 10.67 in and there is nothing found.

I don't have many plugins just ntopng.

Any ideas?

Thanks

Yes i've done that, I called it WG_Home, see attached...

Also I'm on 24.7.4_1

Hi, I've been through the instructions https://docs.opnsense.org/manual/how-tos/wireguard-client.html several times and think I have set it up exactly the same but when a client/peer connects they can't access the internet or any local resources.

In the firewall log there is blocks so the rule to allow WG_Home isn't working for some reason, I don't understand why?

Also there is some errors in the WireGuard log file. See attached screenshots.

Any ideas?

Thanks

Which destination field? It is in that in the rule

Hi, I want to block certain website domains for the whole network. I've setup bbc.co.uk as an alias and created an alias with it added called Blocked_Internet_Sites. I've created the rule in LAN above the other rules but its not being blocked. FIREWALL: DIAGNOSTICS: ALIASES shows the bbc.co.uk IP addresses.

Please see attached screenshots. What have I done wrong?

Thanks