Messages

Disregard, I don't know why but its all working fine now.

Thanks again for the tutorial

Hi @HellSite

I have followed your tutorial I believe exactly, and I have almost all of it working.
For all of my services I have real servers and matching backends.
The local and public map files are working great.
It redirects http to https just fine.
I get an A+ SSL rating

All of that works great (would have taken me forever without your tutorial)

However I do not seem to be able to access any services on my LAN from a VLAN via the fqdn.

I am more than happy to work things out myself I am really just looking to try and understand how it works a bit better and perhaps get a pointer to which part is not functioning properly.

Can you tell me if these assumptions are correct.
My laptop is on vlan B and all my services are on vlan A.

1) If I can access the services via the IP address successfully then my firewall rules are allowing the correct traffic through.
2) If I do an nslookup or ping from my laptop and I get the opnsense ip address on vlan A then unbound is working correctly as traffic should be sent to haproxy for it to work out where its really going.

So it seems to me that my issue must be haproxy is not giving the correct address back when I enter the fqdn on the laptop

I have intentionally not put my configs in here as after reading all the pages in this thread I see the enormous amount of work you put into this and I would like to understand/work things out myself.

Thanks

Thanks again for the response CJ, after furthering my config I have found it not Wireguard that's at fault here. I have internal DNS working on my LAN but not on any of my VLANS which includes Wireguard.

So I guess I need to solve that first afore I continue looking at Wireguard. I might however follow your suggestion and try it on my unraid server it has it built in now.

Thanks again

Sorry for the delay in getting back to you I have been away.

Thanks @Kinerg but both of them are not functioning whereas mine is totally functioning I just cannot access my internal services by fqdn.

Thanks for the reply CJ in answer to your questions

I am hosting a bunch of services that are served up from my UnRaid server in docker containers. I can access them all from my desktop using the fqdn for each one.

192.168.13.254 is the physical address of my opnsense box
10.0.0.1 I think is the address of the wireguard interface

I disabled the Wireguard ACL and the default action was already set to allow, restarted Unbound and its still the same no DNS to my internal services

Thanks

More config

Hi all,

I am quite new to opnsense moved over from pfsense.
So I followed this great guide for my setup https://forum.opnsense.org/index.php?topic=23339.0

And then followed the opnsense road warrior guide https://docs.opnsense.org/manual/how-tos/wireguard-client.html# for wireguard.

Wireguard is working I can connect to my home lan and access my services however its via ip address only I do not have DNS resolution that's what I am trying to fix.

I am using Unbound split DNS from the first tutorial listed to resolve internal addresses and it works great except for through wireguard

On the wireguard client on my phone I have 10.0.0.1 and 192.168.13.254 as my dns servers

I am not sure how proceed or debug it really.

Thanks

@TheHellSite, Just wanted to say thank you soooooo much for this tutorial. It has made a very complicated task much easier for me. I converted over from pfsense because this tutorial was exactly what I wanted to setup and I have not been disappointed. It turns out I like opnsense much better too!