"
Probably a stupid question, but I am looking for confirmation who is writing the code of the wireguard module used inside the opnsense.
Thank you
Thank you
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
Virtual private networks / who writes the code for wireguard module
September 10, 2025, 07:05:15 PM #2
Virtual private networks / Re: ProtonVPN no longer working after upgrading to 23.7
September 10, 2025, 07:04:00 PM
sometime proton change the IP entry point! Also, be aware you have to renew the configuration of the wireguard going on the proton vpn website (where you initially created the config file).
#3
25.7 Series / Cron - recursive job
August 15, 2025, 12:20:28 PM
Naive question: the cron implemented inside opnsense accept the timing in the format */2 (every 2 minutes/hours/etc...)?
Thanks
Thanks
#5
25.7 Series / firewall rules log on disk or ram
August 13, 2025, 10:40:01 AM
Hi,
activating the log option on a firewall rule write the record on the ram or on the disk?
Trying to understand if having that option se to ON could wear in advance the disk.
Thanks
activating the log option on a firewall rule write the record on the ram or on the disk?
Trying to understand if having that option se to ON could wear in advance the disk.
Thanks
#6
Virtual private networks / wireguard multiple question in order to debug issues
August 13, 2025, 09:51:52 AM
Hi,I am trying to figure out the origin of my randomic problem of "loss of handshake".
I created static routes and firewall rule (with log) to the VPN endpoint and one to the monitoring ping (og the gateway).
Now I am trying to log the handshake connection to understand what is wrong, but I am not able to get enything on the firewall live view.
I am assuming that the handshake connection goes through the WAN or the specific wireguard gateway.
Update: Using packet capture I am finally seeing these connections, but I have a few extra questions:
- considering that the wireguard gateway is remote, is it possible to log the connections going through as it would be for a local gateway,
- the handshake shall happen with which IP (endpoint pubblic IP through the WAN interface or maybe with an internal VPN IP through the wiregatud gateway)?
Thank you very much.
I created static routes and firewall rule (with log) to the VPN endpoint and one to the monitoring ping (og the gateway).
Now I am trying to log the handshake connection to understand what is wrong, but I am not able to get enything on the firewall live view.
I am assuming that the handshake connection goes through the WAN or the specific wireguard gateway.
Update: Using packet capture I am finally seeing these connections, but I have a few extra questions:
- considering that the wireguard gateway is remote, is it possible to log the connections going through as it would be for a local gateway,
- the handshake shall happen with which IP (endpoint pubblic IP through the WAN interface or maybe with an internal VPN IP through the wiregatud gateway)?
Thank you very much.
#7
Virtual private networks / Re: Wireguard goes stale
August 10, 2025, 05:03:38 PM
The cuase seems related to the WAN gateway that has the lowest priority (in order to route everything through VPNs).
During some test, I switched the WAN priotiry to the highest and the offline VPNs returned online.
Now I am trying to figure out what routing I should create in order to solve this.
I already have a static route for:
- each endpoint, in order to make it go through the WAN gateway;
each monitori IP, in order to make it go through its related VPN gateway.
I tried to monitor/log the connections to the monitoring IPs and endpoint IPs but I was not able to log anything.
I am no expert but:
- I assume the the handhskaes and monitoring pings are done at 127.0.0.1;
- these are going out through the interface addresses and then through the related gateway.
Trying log everything going through the gateways I have seen ZERO connections to monitor IPs and to endpoint IPs. The only way to see something is to perform a ping.
Any suggestion?
During some test, I switched the WAN priotiry to the highest and the offline VPNs returned online.
Now I am trying to figure out what routing I should create in order to solve this.
I already have a static route for:
- each endpoint, in order to make it go through the WAN gateway;
each monitori IP, in order to make it go through its related VPN gateway.
I tried to monitor/log the connections to the monitoring IPs and endpoint IPs but I was not able to log anything.
I am no expert but:
- I assume the the handhskaes and monitoring pings are done at 127.0.0.1;
- these are going out through the interface addresses and then through the related gateway.
Trying log everything going through the gateways I have seen ZERO connections to monitor IPs and to endpoint IPs. The only way to see something is to perform a ping.
Any suggestion?
#8
Virtual private networks / Re: Wireguard goes stale
August 08, 2025, 01:17:03 PM
Yes I tried.
The point is that, changing the ip on the wan port trigger the restoring of the connection (that is a good thing)
Instead, once it is stale and keeping the ip address on the wan port, even f manually I try to restart the wireguard service, it does nothing or from stale it goes offline.
I already tried to use wireguard dns restart but it had no effect. Or maybe you are referring to something different?
The point is that, changing the ip on the wan port trigger the restoring of the connection (that is a good thing)
Instead, once it is stale and keeping the ip address on the wan port, even f manually I try to restart the wireguard service, it does nothing or from stale it goes offline.
I already tried to use wireguard dns restart but it had no effect. Or maybe you are referring to something different?
#9
Virtual private networks / Re: Wireguard goes stale
August 08, 2025, 12:50:10 PM
Hi, anyone had the same experience and was avle to solve it? Thanks
#10
Virtual private networks / Wireguard goes stale
July 12, 2025, 02:05:07 PM
I have three vpn (connected to three different proton servers), used with a fail-over setting.
The very strange thing is that sometime the one actively used goes stale. It is not possible to restore the conection until I force somehow th change of the wan port.
Just restarting the services is not effective.
With the mobile phone I am constanly connected to the first vpn, and it never goes down permanently (maximum 10-20 seconds to restore the connection).
Is there a different method to fully re-initiate the wireguard connection?
Thanks
The very strange thing is that sometime the one actively used goes stale. It is not possible to restore the conection until I force somehow th change of the wan port.
Just restarting the services is not effective.
With the mobile phone I am constanly connected to the first vpn, and it never goes down permanently (maximum 10-20 seconds to restore the connection).
Is there a different method to fully re-initiate the wireguard connection?
Thanks
#11
General Discussion / Re: DNS plugin like adguard home
June 08, 2025, 12:40:13 PM
Yes, I am in fact interested to use adguard home, BUT i would like to be able to change the authoritative external dns server if I decide to do so.
#12
General Discussion / DNS plugin like adguard home
June 08, 2025, 12:04:38 PM
A plugin similar to adguard home, but with the chance to specify a different DNS server (i.e mullvad, nextdns, quad9, eu0, etc...) does exist?
I am intrested in a GUI that allows an easier management of white/black lists, both locally specified or adding the external links.
Thank you very much!
I am intrested in a GUI that allows an easier management of white/black lists, both locally specified or adding the external links.
Thank you very much!
#14
Virtual private networks / Re: Stale peers in Wireguard, v2
May 26, 2025, 07:16:41 PM
Hello, topic solved.
Solution:
- create a route to force the conenction towards the VPN IP (provided in the configuration file) to go through the WAN;
- set as monitoring IP an external IP (not the internal IP of the VPN);
- create a route to force the monitoring toward the IP to go through the correct VPN gateway (one for each vpn connection);
and here the problem that created me so much headache:
- DO NOT create firewall rules to try monitoring the routes toward the monitoring IP (in the floating rules section).
Finally the monitorings are always working /coming back online and the handshakes are restored in case of stale conenction.
Solution:
- create a route to force the conenction towards the VPN IP (provided in the configuration file) to go through the WAN;
- set as monitoring IP an external IP (not the internal IP of the VPN);
- create a route to force the monitoring toward the IP to go through the correct VPN gateway (one for each vpn connection);
and here the problem that created me so much headache:
- DO NOT create firewall rules to try monitoring the routes toward the monitoring IP (in the floating rules section).
Finally the monitorings are always working /coming back online and the handshakes are restored in case of stale conenction.
#15
Tutorials and FAQs / Re: Stop IP leaks on WAN (and secure modem UI) without touching NAT
May 25, 2025, 08:08:03 AM
The way I described makes everything going through the vpn gateways IF NOT routed manually, even dns queries.
The only traffic you should see on the wan is the initial handshakes to the VPN and something happening while the first vpn gateway become online.
The only traffic you should see on the wan is the initial handshakes to the VPN and something happening while the first vpn gateway become online.
