Messages

1

24.7 Production Series / Re: Unbound SERVFAIL - Local Domain is added to external requests

« on: September 21, 2024, 05:09:23 pm »

It seems like that indeed, since only a few specific clients are behaving like this.
Doesn't seem to be a problem at all, since I discovered no issues so far on my clients.

2

24.7 Production Series / Unbound SERVFAIL - Local Domain is added to external requests

« on: September 21, 2024, 01:21:10 am »

Hello,

my OPNsense is configured as a DNS upstream server and the domain "home.arpa" was added in General System Settings.

I have an issue where the domain is applied external requests.
When DNS requests are answered by Unbound, the "home.arpa" domain is added as a suffix.

Example:
cloud-jobs.linkplay.com
is changed to
cloud-jobs.linkplay.com.home.arpa

That happens not with all, but with many domains and results in a SERVFAIL error.
Unbound is set in transparent mode, to resolve local requests (for DHCP static leases) and external requests

Could someone tell me how this can be fixed?

3

24.1 Legacy Series / Re: Automatic Firmware Updates

« on: April 07, 2024, 10:48:18 am »

I configured a cronjob to run firmware updates every day at 4 AM.
It seems that minor updates are installed but major updates are only triggered when searching manually for updates. Not sure if my cronjob is correctly set. So far no stability issues with this setting.

My cronjob:

Code: [Select]

0 4 * * * Automatic firmware update
There also seem to be more options regarding automatic firmware updates:

• Custom Firmware Update Check
• Custom Firmware Update Install
• Firmware Update Check

Not sure if multiple options need to be combined, thus multiple cronjobs are required.
Do we have a best practice how to set automatic updates per cronjob?

4

24.1 Legacy Series / Re: Wireguard not working after reboot

« on: April 06, 2024, 11:00:32 am »

After following this thread: https://forum.opnsense.org/index.php?topic=32232.0

I enabled a Cron job with action "Renew DNS for WireGuard on stale connections" that runs every minute.
After rebooting my OPNsense multiple times, the connection worked every time.
Let me check if this fixes my issue on a long run, gonna report back.

5

24.1 Legacy Series / Re: Wireguard not working after reboot

« on: April 05, 2024, 07:47:04 pm »

The endpoint is configured via DNS entry.
I'm not sure how I could replace it with IPs, since the domain resolves multiple IP adresses via nslookup.

Is there some workaround for this specific issue, where a DNS entry can be used as endpoint?

6

24.1 Legacy Series / Re: Wireguard not working after reboot

« on: April 04, 2024, 10:13:56 pm »

The issue happened in earlier versions and was fixed:
https://forum.opnsense.org/index.php?topic=34949.0
https://forum.opnsense.org/index.php?topic=18956.0

Is it possible the issue came back with 24.1.5?
The issue is reproducable in my case, my WireGuard link does not go up after a reboot until I click "Apply".

7

24.1 Legacy Series / Wireguard not working after reboot

« on: April 04, 2024, 07:32:07 pm »

Hello,

since a few OPNsense versions now, I discovered that my Wireguard VPN tunnel is not coming up after a reboot automatically. After restarting my OPNsense shows no active connection via "VPN -> WireGuard -> Status"

Workaround:
To solve the issue until the next reboot, I have to manually disable and enable the WireGuard instance via "VPN -> WireGuard -> Instances"

My guess:
The issue might be related to my WAN uplink, probably the service tries one connection only and it fails since my WAN link is not up yet. The service does not seem to try it again after the WAN link is up and the WireGuard instance keeps being down.

Does someone have an idea how to fix this?
I'm running the latest OPNsense 24.1.5_1 version.

Kind regards

8

General Discussion / Re: Default route gets deleted with Wireguard VPN

« on: January 22, 2024, 09:57:58 pm »

Guess I found the right configuration after following this guide:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

I had to disable "Dynamic gateway policy" on the Wireguard Interface.
Instead a gateway IP has to be added to the Wireguard VPN instance.
Afterwards a new gateway needs to be configured on System settings as mentioned above.

Seems to work even after a restart now.

9

General Discussion / Default route gets deleted with Wireguard VPN

« on: January 22, 2024, 09:27:34 pm »

Hello,

today I discovered my whole network went offline today after making changes days ago.
After troubleshooting and resetting my whole OPNsense install, I discovered the reason for the issue.

I have 3x interfaces configured (LAN, WAN, Wireguard).
LAN and WAN are running with default settings.
Wireguard is an interface I added after successfully configuring a Wireguard config, which is policy based and only meant for specific clients with specific source IPs.

The VPN setup worked great, until my Firewall was restarted than everything went offline.
After checking my routing table I discovered the default route was deleted.

This happens when on my Wireguard interface following option is configured:


Everything works when this option is enabled, until my router gets restarted.
Then the VPN still works but internet traffic from other devices is not sent out anymore since the default route gets deleted. Disabling this option makes everything work again for my Non-VPN Clients.

Could someone help me to fix this?