Messages

https://amnezia.org/blog/amnezia-vpn-no-connection-what-to-do

https://amnezia.org/blog/amneziawg-2-0-available-for-self-hosted

I've checked everything again, and I believe all of the settings are configured correctly.
There were definitely no issues up to version v26.1.8.
The issue started occurring after updating to v26.1.9.

- no wireguard group
- set(check) Disable routes

Before v26.1.9, everything was working normally. The only difference is that I had configured one OPNsense native WireGuard instance and one selective routing setup.

In v26.1.10, the OPNsense WireGuard tunnel still works properly even after a reboot, but the selective routing configuration does not work.

This is not an issue with the VPN server or the configuration file.

The issue also occurred in version v26.1.9

You cannot view this attachment.


You cannot view this attachment.


An error occurs on the WireGuard peer configured for selective routing, and it does not start after boot. If the service is restarted manually, it works correctly.

Currently, mullvad selective routing is configured to connect to only one server, and it is working correctly.

I would like to add several more countries to the configuration.

However, because the tunnel address is identical, it seems that only a single instance is being utilized.

After adding peer settings for another country, it appears that routing is performed only through the newly configured country's server, rather than the server that was originally in use.

Mullvad allows a maximum of five devices.

Is it possible to use multiple country endpoints simultaneously while using the same WireGuard private key?

I have currently opened only port 443 and the Wireguard port for my web service.

I'm also blocking inbound traffic from the WAN using several DB aliases, such as AbuseIPDB and Firehol.

Would it be a good idea to block outbound wan traffic as well?

I'm also curious whether applying the floating rule might be a better approach.

Code Select Expand

Installed packages to be UPGRADED:
opnsense: 26.1.7 -> 26.1.7_2 [OPNsense]

Number of packages to be upgraded: 1

6 MiB to be downloaded.
[1/1] Fetching opnsense-26.1.7_2.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/1] Upgrading opnsense from 26.1.7 to 26.1.7_2...
[1/1] Extracting opnsense-26.1.7_2: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
[OPNsense\WazuhAgent\WazuhAgent:general.server_address] A value is required.{}
Model OPNsense\WazuhAgent\WazuhAgent can't be saved, skip ( OPNsense\Base\ValidationException: [OPNsense\WazuhAgent\WazuhAgent:general.server_address] A value is required.{}
 in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:822
Stack trace:
#0 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(947): OPNsense\Base\BaseModel->serializeToConfig()
#1 /usr/local/opnsense/mvc/script/run_migrations.php(69): OPNsense\Base\BaseModel->runMigrations()
#2 {main} )
*** OPNsense\WazuhAgent\WazuhAgent migration failed from 0.0.0 to 1.0.3, check log for details
Flushing all caches...done.
Writing firmware settings: OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
=====
Message from opnsense-26.1.7_2:

--
One step ahead, one step behind it, now you gotta run to get even
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/opnsense-26.1.7_2.pkg
/var/cache/pkg/opnsense-26.1.7_2~0c703ebe71.pkg
The cleanup will free 6 MiB
Deleting files: .. done
Nothing to do.
Flushing temporary package files... done
Starting web GUI...done.
***DONE***

check cpu clock

Admins and developers who don't prioritize privacy or censorship resistance may not find this significant.

However, government and ISP censorship is intensifying not only in Russia and the EU but across many other nations as well.

I earnestly hope that os-amneziawg will be developed and implemented as an official OPNsense plugin, just like os-wireguard.

The update from v26.1.5 to v26.1.6 was completed successfully. Post-reboot, all systems are functioning normally as of now.

https://www.netgate.com/blog/pfsense-software-embraces-change-a-strategic-migration-to-the-linux-kernel

.

wg1: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 1420
        description: Mullvad
        inet 10.x.x.x netmask 0xffffffff
        groups: wg wireguard

Selective routing has been configured, and traffic from specific hosts (192.168.10.0/24) is successfully being routed through Mullvad WireGuard.
vm(192.168.10.5) -> curl ifconfig.co -> show mullvad ip


However, it seems that traffic from the OPNsense machine itself through the wg1 interface is not going through Mullvad.
curl --interface wg1 ifconfig.co
> show wanip


How can I enable Mullvad routing from OPNsense (local)?