Messages

1

General Discussion / Re: Question on pppoe connection

« on: June 24, 2024, 04:14:55 pm »

I should have explained better in my first post. Sorry!

GPON ---eth---> Router (in bridge) ---eth---> OPNsense is working with PPPOE credentials enteren in OPNsense.

What I would like to do is:

GPON (ZTE) ---eth---> OPNsense

Tried it. But it doesn't work. Probably, it needs a VLAN configuration as you mentioned. I use VLANs in other settings but no idea about VLAN for this issue.

Do I need input from ISP for configuring VLAN? Or is it something straightforward so that I can do in OPNsense?

Thanks for helping me out.

2

General Discussion / Re: Question on pppoe connection

« on: June 23, 2024, 06:11:48 am »

But, there is RJ45 LAN port already available on GPON. It is connected to WAN port of the ISP supplied router by an ethernet patch cable. So, I don't think SFP is needed.

Here is a photo from ports side of the GPON. It is a small ZTE thing.

3

Virtual private networks / Feature request for WireGuard peer creation

« on: June 22, 2024, 03:22:09 pm »

The new Peer Generator is fantastic. I love it.

However, once it is saved, there is no way to get the peer connection details. If you miss copying before saving, they are gone.

It would be nice to get the connection file from the peers.

4

General Discussion / Question on pppoe connection

« on: June 22, 2024, 02:58:22 pm »

My ISP installed GPON and a router at home. If I use the router in bridge mode and enter the pppoe credentials in OPNsense, all work fine.

Is there a way to connect GPON directly to the wan interface of opnsense (without the router in bridge mode in between) with the same pppoe credentials in OPNsense? I tried many things to do this. But no way. Cannot get the Internet this way.

Thanks.

5

General Discussion / Re: WireGuard not working for me

« on: May 25, 2024, 01:44:25 pm »

I think I found the problem.

Checked IP of my phone. It is not in the tcpdump log. Probably due to CGNAT. However, even if there is CGNAT, the WG package should arrive at the WAN interface.

I suspected that WG client on my phone might be broken.

I tried to connect opnsense from another network, work LAN. WG client on my work PC connected. While my phone is on work LAN, it connected too. This means WG client on Android is also OK.

However, if my phone is on GSM network (Vodafone),  it won't connect. So the problem lies with GSM operator internet network.

Why is that? Do GSM operators block port 51820? Perhaps, I need to change the WG port on OPNsense.

Dear Patrick, I am grateful for all your support and hints. Thank you.

Edit: As soon as I change the default port number, my phone on the GSM network started working OK.

Hey Vodafone, what are you doing? What is your problem with port 51820?

6

General Discussion / Re: WireGuard not working for me

« on: May 25, 2024, 11:13:21 am »

Rules look good.

I'd do a tcpdump on WAN to watch if packets from the client arrive at all.

I run tcpdump while WireGuard client on my phone is on and the phone was on GSM network.
Thank you for your support.

Code: [Select]

root@OPNsense:~ # tcpdump -ni pppoe0  port 51820
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe0, link-type NULL (BSD loopback), capture size 262144 bytes
12:07:26.137477 IP xxx.xxx.125.156.32611 > 176.100.43.99.51820: UDP, length 104
12:07:26.138099 IP xxx.xxx.125.156.15678 > 45.134.79.164.51820: UDP, length 104
12:07:47.270672 IP 176.100.43.99.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:07:47.350462 IP 176.100.43.99.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:07:48.503440 IP 176.100.43.99.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:07:51.567716 IP 199.116.118.230.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:07:52.067593 IP xxx.xxx.125.156.33657 > 45.134.79.134.51820: UDP, length 104
12:08:05.209076 IP xxx.xxx.125.156.54695 > 45.134.79.159.51820: UDP, length 104
12:08:05.212933 IP xxx.xxx.125.156.24112 > 45.134.79.144.51820: UDP, length 104
12:08:05.212939 IP xxx.xxx.125.156.33657 > 45.134.79.134.51820: UDP, length 104
12:08:09.185267 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411564351 ecr 0,nop,wscale 9], length 0
12:08:09.213729 IP xxx.xxx.125.156.64473 > 146.70.211.145.51820: UDP, length 104
12:08:10.193015 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411565359 ecr 0,nop,wscale 9], length 0
12:08:12.241380 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411567407 ecr 0,nop,wscale 9], length 0
12:08:12.727806 IP xxx.xxx.125.156.31549 > 45.134.79.132.51820: UDP, length 104
12:08:12.727940 IP xxx.xxx.125.156.31074 > 45.134.79.147.51820: UDP, length 104
12:08:12.728195 IP xxx.xxx.125.156.56893 > 45.134.79.157.51820: UDP, length 104
12:08:16.273197 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411571439 ecr 0,nop,wscale 9], length 0
12:08:19.070671 IP xxx.xxx.125.156.20282 > 45.134.79.167.51820: UDP, length 104
12:08:20.353800 IP 199.116.118.230.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:08:24.465108 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411579631 ecr 0,nop,wscale 9], length 0
12:08:25.228771 IP xxx.xxx.125.156.18230 > 149.22.94.65.51820: UDP, length 104
12:08:30.689220 IP xxx.xxx.125.156.61161 > 149.102.252.46.51820: UDP, length 104
^C
23 packets captured
268461 packets received by filter
0 packets dropped by kernel


7

General Discussion / Re: WireGuard not working for me

« on: May 24, 2024, 03:22:37 pm »

What do your firewall rules on WAN look like? You did create a rule to allow the WG traffic to pass?

May I have your advise?

8

General Discussion / Re: WireGuard not working for me

« on: May 22, 2024, 11:37:34 am »

Outbound NAT and Normalization

9

General Discussion / Re: WireGuard not working for me

« on: May 22, 2024, 11:13:24 am »

Attached.

10

General Discussion / WireGuard not working for me

« on: May 22, 2024, 09:40:55 am »

My version of OPNsense is 24.1.7_4.

I tried almost all the how-to's under the Sun including OPNsense's own WireGuard Road Warrior Setup. Followed all the instruction to the point. But, no way. It won't work.

Is there a bug with WireGuard implementation? If yes, it is OK with me as I will devote my time to other tasks.

Problem is WG client cannot handshake. It sends data but receives nothing from OPNsense WG instance. It looks like OPNsense doesn't send any data outside to WG client.  If WG client (phone) joins the local network, handshake happens.

LAN IP : 192.168.2.0/24
OPNsense: 192.168.2.1
WG Tunnel: 10.10.100.1/24
Client: 10.10.100.2/32
Allowed IPs: 0.0.0.0/0,::/0
Public IP is static.

Attached is the relevant screenshots: 'VPN | WireGuard | Status' and Android Phone WG Client config.

I would appreciate any help.

11

General Discussion / Re: A question from a newbie

« on: May 21, 2024, 05:00:21 pm »

Thank you. Will work on it.

12

General Discussion / Re: pkg-static: Not enough space

« on: May 21, 2024, 04:58:33 pm »

Thank you.

13

General Discussion / Re: pkg-static: Not enough space

« on: May 21, 2024, 04:22:41 pm »

Unfortunately, I can't stop it.  I checked all the options re logging.

I can see them in Firewall | Log files | Plain View | Informational. It is flooding.

Could you please be so kind and direct this helpless newbie to the right switch? I believe it should be related WAN/PPPOE. But, couldn't find.

Edit:  Unchecked all loggings and disabled debugging in Firewall | Settings | Advanced fixed the problem. Thank you.

14

General Discussion / Re: pkg-static: Not enough space

« on: May 21, 2024, 02:24:25 pm »

I was able to open one of the filter logs. It is full of these lines:

Code: [Select]

<134>1 2024-05-21T00:00:00+00:00 OPNsense.localdomain filterlog 49948 - [meta sequenceId="22"] 4,,,02f4bab031b57d1e30553ce08e0ec131,pppoe0,match,block,in,4,0x0,,250,2577,0,none,1,icmp,84,101.44.223.5,212.xxx.xxx.156,datalength=64

15

General Discussion / Re: pkg-static: Not enough space

« on: May 21, 2024, 02:05:42 pm »

Code: [Select]

root@OPNsense:/ # du -skx * | sort -rn
11650353 var
2326812 usr
179801 boot
14600 lib
8164 sbin
3580 etc
3244 conf
1980 bin
188 tmp
160 libexec
40 root
8 COPYRIGHT
4 rescue
4 proc
4 net
4 mnt
4 media
4 home
4 entropy
4 dev
0 sys

Code: [Select]

root@OPNsense:/var # du -skx * | sort -rn
11609980 log
36344 db
5236 backups
505 unbound
116 run
112 etc
69 dhcpd
64 cache
36 lib
28 spool
16 cron
12 audit
12 at
8 tmp
8 crash
4 yp
4 rwho
4 preserve
4 netflow
4 msgs
4 mail
4 heimdal
4 games
4 empty
4 authpf
4 account

Code: [Select]

root@OPNsense:/var/log # du -skx * | sort -rn
11603556 filter
7008 installer.log
544 configd
536 system
384 audit
332 dhcpd
136 resolver
128 ntpd
84 ppps
16 lighttpd
12 wireguard
12 routing
12 dmesg.yesterday
12 dmesg.today
8 firewall
8 boot.log
4 utx.log
4 utx.lastlogin
4 userlog
4 suricata
4 setuid.today
4 pf.yesterday
4 pf.today
4 ntp
4 mount.today

Code: [Select]

root@OPNsense:/var/log/filter # du -skx * | sort -rn
5810144 filter_20240520.log
3138240 filter_20240519.log
2658240 filter_20240521.log
0 latest.log
Today is the 3rd day following OPNsense installation. How come I have so big filter logs?
What should I do? Delete all filter_* ? How can I limit on log size?

Thank you for your support.