Messages

I updated to the latest OPNsense and Tailscale does not automatically start like it used to.
To get it going again I have to SSH into OPNsense open shell and enter the command 'tailscale login' which presents an authentication link clicking on it then it works as it should. Only works until you reboot.

OK I have tested the setup with the TailNet IP  in the DNS management page overriding the default 100.100.100.100 for the OPNsense TailNet IP and I can now reach my server from my phone with a valid SSL certificate so no warnings :-)

What do I do with the floating rule? I am guessing I have opened up my network to the whole Internet?

Many thanks

Edit: I forgot to add the local IP address  for my LAN DNS and got locked out of the WWW lol. Anyway I took TS down added the required 192.168.1.1 and TS up and it has started to work  without the need of the floating rule!

Problem solved :-)

Thanks, I added a Floating rule for IPv4 TCP In and I now get

LibreWolf detected a potential security threat and did not continue to 100.93.210.79. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

Changing the protocal to ICMP and I can ping the TailNet IP

Ignoring the warning and I get the OPNSense log in screen. Progress! :-)

The SSL certificate is one issued by OPNsense which does not appear to be valid for TailNet IP. Would this effect a DNS lookup?

How do I find the interface rule that is blocking OPNsense from connecting?

Thank you so much for your advice!

ICMP echo requests from Think Broadband are now working again without me doing anything, very strange!

Still can't ping OPNsense or access the Web GUI via Tailnet.

Thank you for your reply.

I followed you instructions but it still does not work.

I have discovered that I am unable to reach OPNSense web GUI using the TailScale IP from my browser!

This might be why I am not able to filter traffic through Unbound DNS if nothing is able to connect.

What could be responsible for this? The only thing I have changed from default is the Override to give my server a DNS name.

Many thanks

Pinging my OPNSense Tailnet IP results in 100% paccket loss
Pinging my TrueNAS Tailnet IP results in 0% packet loss.

Something that might be related at around 8pm last Saturday  my OPNSense firewall stopped responding to ICMP echo requests from Think Broadband to my WAN2 connection. WAN1 was not effected.  It may have been when I updated OPNSense to the latest build.

I need some help. I have set up a VPN at home using TailScale for all of my devices.

Due to the necessity of having an SSL Certificate to be able to run Vaultwarden on my local server I have used the Unbound DNS Overrides function to give the server the correct Hostname.domain.uk etc matching my SSL Cert.

When my phone is connected directly to the local network everything works fine pointing to hostname.domain.uk:30032 works great no issues.

However If I take my phone off the network (cellular Data) hostname.domain.uk:30032 does not resolve to the Tailnet IP address.

I can still ping the Tailnet IP just fine, access SMB shares on the Tailnet, and  I can reach web GUI's by using the Tailnet IP's. I can reach the internet via the OPNSense exit node just fine. For some reason the DNS is not acting on the overrides function of Unbound DNS.

This causes Vaultwarden to refuse to connect outside my local network because the SSL Cert is only valid for my domain not IP address.

I would just like to say I am very new to this so please don't hold it against me if I am overlooking something simple.

Many thanks in advance.

I am very new to networking and I don't know the difference between a interface and a gateway. Its been a very interesting journey!

I have DNS Server options unticked and it still does it.

I have found a how to on another part of the forum https://forum.opnsense.org/index.php?topic=9245.msg41626#msg41626 So I will try and work through that.  Ultimately it does not matter which DNS its using as long as it works.  It just doesn't seam to work as I expected.

Thanks all for the help. I will probably be back for more help soon.

I decided to start over and reset to defaults. 

It appears I had used the wrong gateway for my primary WAN.  OPNsense created 2 WAN interfaces, one called WAN which has my external IP address and another called WAN_GW with a slightly different IP address.

The interface called WAN no longer shows in the WAN Gateway as an option so I had to use WAN_GW.  And low and behold everything seams to work now with one exception... 

When I use DNS leak test it still shows my ISP's DNS servers and not the Cloudflare 1.1.1.1 and 1.0.0.1 that I have specified in System : General :  for both WAN Gateway connections.

Can anyone advise why that would be?

Thanks for the reply, I have checked that I have DNS set up for both WAN's. I did not see the bit where you have to edit the LAN firewall rules.  I have now done that but I am getting an error in my browser as follows:

A potential DNS Rebind attack has been detected.
Try to access the router by IP address instead of by hostname. You can disable this check if needed under System: Settings: Administration.

It looks like the DNS is doing something new but I do not know how to proceed.

Can anyone help?

I disabled DNS Rebind check and now all my internet traffic is diverted to 192.168.1.1 which is my OPNsense log in address (not in a good way every website is directed to the OPNsense log in page).

First of all, I am a complete noob to OPNsense and Networking . I have only been using it for a couple of weeks. My aim is to have two WAN networks for failover. WAN 1 is a HFC DHCP connection. The second is a PPPoE FTTP. Both are within a Gateway Group with WAN 1 being the Primary gateway (tier 1).

My problem is when the Primary connection is disabled WAN 2 takes over and works great, but when WAN 1 recovers it appears to loose DNS functionality.   I can ping google.com no problem but anything that needs DNS does not work.
When this happens, I have to run the System Wizard to fix it with default settings in order to get WAN 1 working again.

I have also found that when I try different settings within interfaces and save that also breaks DNS on WAN 1. Even if I change a setting save and then undo the setting changed, WAN 1 does not work with DNS.
Another thing I have noticed is that despite setting the DNS IP addresses 1.0.0.1 and 1.1.1.1 in System: Settings: General, all DNS queries go to the default ISP DNS servers. Could this be the problem?