Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - llek

Pages1

25.1, 25.4 Production Series / WireGuard client on opnsense cannot connect to the server after 25.1

January 30, 2025, 12:07:55 PM

Hello, apart from many other broken things, such as the temperature sensors on my install.
The WireGuard client is completely broken, and is unable to connect to the server. I am able to connect to the server behind the firewall from my PC, but opnsense is not.

There is nothing in the logs, and apparently WireGuard is sending packets, but the server is not responding. This is not the case on my PC, with the same exact config. And no, I am not trying to connect from my PC and from OPNsense at the same time.

Here are wireguard logs:

Code Select

2025-01-30T12:04:45	Notice	wireguard	wireguard instance AT-VIE2 (wg0) started	
2025-01-30T11:57:55	Notice	wireguard	wireguard instance AT-VIE2 (wg0) started	
2025-01-30T11:57:55	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (execute task : dpinger_configure_do(,[AT-VIE2v6,AT-VIE2v4]))	
2025-01-30T11:57:55	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (,[AT-VIE2v6,AT-VIE2v4])	
2025-01-30T11:57:55	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: setting inet6 default route to fddd:2c4:2c4:2c4::1	
2025-01-30T11:57:55	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: configuring inet6 default gateway on opt1	
2025-01-30T11:57:55	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: setting inet interface route to 10.7.0.1 via wg0	
2025-01-30T11:57:55	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: entering configure using opt1	
2025-01-30T11:57:55	Notice	wireguard	wireguard instance AT-VIE2 (wg0) can not reconfigure without stopping it first.	
2025-01-30T11:56:05	Notice	wireguard	wireguard instance AT-VIE2 (wg0) started	
2025-01-30T11:46:35	Notice	wireguard	wireguard instance AT-VIE2 (wg0) started	
2025-01-30T11:46:35	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (execute task : dpinger_configure_do(,[AT-VIE2v6,AT-VIE2v4]))	
2025-01-30T11:46:35	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (,[AT-VIE2v6,AT-VIE2v4])	
2025-01-30T11:46:35	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: setting inet6 default route to fddd:2c4:2c4:2c4::1	
2025-01-30T11:46:35	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: configuring inet6 default gateway on opt1	
2025-01-30T11:46:35	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: setting inet interface route to 10.7.0.1 via wg0	
2025-01-30T11:46:35	Notice	wireguard	/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: entering configure using opt1	
2025-01-30T11:46:35	Notice	wireguard	wireguard instance AT-VIE2 (wg0) can not reconfigure without stopping it first.	
2025-01-30T02:00:19	Notice	wireguard	wireguard instance AT-VIE2 (wg0) started

General Discussion / Debian 12 DHCPv6 issues

September 07, 2024, 05:37:39 PM

I do not know if this is the correct forum for this, please let me know if it's not.

Hello, I have a slightly complicated setup, basically my ISP only gives me an IPv4. I then have a VPN client setup to a VPS that gives me "fddd:2c4:2c4:2c4::1/64" this all works fine.
I have the LAN static IPv6 set to 2001:db8::1/64 and the DHCP range to "2001:db8::2 - 2001:db8::ffff:ffff:ffff:ffff". Now Windows devices work fine, they seem to grab the IPv6 from the DHCP server, as I can see it in the DHCPv6 server leases - and I can access local devices like cisco access points, other windows devices and also WAN.
The problem is with Linux devices, now I've had Linux devices setup with "iface enp4s0 inet6 auto" - this has worked fine, but I was not able to see the devices in DHCPv6 leases as I think it was using stateless config.
When I set it to "iface enp4s0 inet6 dhcp" I only get one /128 IPv6 and I am not able to ping either anything on the local network or anything on WAN side.

I am completely out of ideas now, yes, I could use stateless, but I would like to see the devices in DHCPv6 leases if it's possible.
Sorry for the very confusing explanation, I've been trying to get this to work for about 7 hours now.

Thank you for any help!

Virtual private networks / Re: WireGuard - Port forwarding to VPN wireguard host.

June 15, 2024, 10:20:58 PM

So an update, this has to do with asymmetric routing, basically, I have two gateways, the WAN and the VPN. I want all of my traffic to be routed out the regular WAN gateway and I want the requests that come in through the VPN gateway to go out the VPN gateway. I could apparently do this on pfsense just fine, but I cannot get it to work here.

Any help with this is really appreciated. Thanks!

Virtual private networks / Re: WireGuard - Port forwarding to VPN wireguard host.

June 15, 2024, 12:53:33 PM

Sorry for the late answer, yes, the rule gets created (when choosing "Add associated filter rule") under the ATVIE2 interface and I can see it.

Virtual private networks / Re: WireGuard - Port forwarding to VPN wireguard host.

June 14, 2024, 09:29:14 PM

Yes, I have it on 8443. I did not have the redirects disabled, but I tried to disable them just now and still nothing.

It's also good to mention that this webserver is already forwarded to my native WAN - this IP is for services that can be proxied via cloudflare and and the direct connection was to handle websites that cannot be proxied by cloudflare and also some non-website services.

Virtual private networks / Re: WireGuard - Port forwarding to VPN wireguard host.

June 14, 2024, 07:42:26 PM

Please ignore the previous post, these are the real logs, however, on port 80 - but it's setup exactly like port 443.

Maybe there is a problem with the reply from the webserver?

Virtual private networks / Re: WireGuard - Port forwarding to VPN wireguard host.

June 14, 2024, 07:01:06 PM

So an update, it seems that the firewall does let it through as seen in the attached screenshot. However I do not get anything either when I scan the port, or when I try to load the website on that web server.

Virtual private networks / Re: WireGuard - Port forwarding to VPN wireguard host.

June 14, 2024, 06:08:06 PM

Thank you for the very quick response!

I changed the "Filter rule assosciacion" to "Pass" however the port is still unreachable.

Virtual private networks / WireGuard - Port forwarding to VPN wireguard host.

June 14, 2024, 05:58:53 PM

Hello, I've just come to OPNsense from PFsense. Everything went smoothly apart from this.
Now I had this setup on pfsense for about 2 years now so I know that the port forwarding to the wireguard client on the server is setup correctly.

I've managed to setup "Host -> OPNsense -> Wireguard server -> Internet" configuration just fine however I am struggling to setup "Internet -> Wireguard server -> OPNsense -> Host" basically said port forwarding to the VPN interface.

I am attaching my current port forward config (HTTPS). If I need to attach anything else, please let me know!

The port is not open for some reason.

I am right now stuck and I really don't know what to do next. Any help is appreciated.
Thank you!

Pages1