Messages

For any lost soul...

If your Wireguard "Instance" Name is e.g. "CB"

Code Select Expand



/usr/local/opnsense/scripts/Wireguard/wg-service-control.php restart $(pluginctl -S wireguard |jq -r '.[]|select(.description|endswith("CB"))|.id')



Does not seem to work as of OPNsense 24.7.8-amd64

sudo pkg install jq

Fatal error: Uncaught TypeError: flock(): Argument #1 ($stream) must be of type resource, bool given in /usr/local/opnsense/scripts/Wireguard/wg-service-control.php:243
Stack trace:
#0 /usr/local/opnsense/scripts/Wireguard/wg-service-control.php(243): flock(false, 2)
#1 {main}
  thrown in /usr/local/opnsense/scripts/Wireguard/wg-service-control.php on line 243

:-\ :( :'(

Hi :)

I have created a bridge (consisting of 4 ports) on a mini pc and there is an additional port for WAN
Created an alias for "home network" IP ranges 192../10../172...
On the bridge I created a rule:
   Action: Pass
   Interface: bridge
   Direction: in
   TCP/IP Version: IPv4 (I dont care about IPv6)
   Protocol: any
   Source: home network (alias)
   Destination: home network (alias)
   Log packets that are handled by this rule -> enabled

With that in place LAN connections are working fine, without it there was always something blocked (made me crazy), and I don't want to restrict LAN only communication (at least not yet).
My plan is if I want to block something on LAN I create a new rule for that specific case and put it above this rule on the bridge. Is this rule ok from safety point of view? Or does it pose some threat where I should pay extra attention to?

With that internet is still not working at all on anything in the LAN other than opnsense itself.
So I created a 2nd rule for the bridge
   Action: Pass
   Interface: bridge
   Direction: in
   TCP/IP Version: IPv4
   Protocol: any
   Source: home network (alias)
   Destination: any
   Log packets that are handled by this rule -> enabled

I tested on the Destination with "inverted home network alias" (works) the any (works) wan net (fails) wan address (fails) options. Which is the proper one to go with? I found this https://forum.opnsense.org/index.php?topic=18755.msg85870#msg85870 helpful info but still not sure :D
And again: Is this rule ok from safety point of view? :) Or should I place this on the WAN interface with an out Direction?

Thanks for the help :)

[No]

Hi All

Hope anyone can help me to shed some light on this.
Installed on XCP-NG 8.3 on a mini pc (i5-1245U / 16GB RAM / 6x2,5Gb NIC (5x pass-through to opnsense) 1 for xcp-ng management ) OPNSense and updated to the latest version: Version    24.7.7    Architecture    amd64
Made x number of config changes, all seems fine and dandy. Created bridges all of them work fine.
After some time I noted that the LAN Bridge is having "errors out" (did not see it before as i did not check).
Searched here and there and seems there is no clear conclusion what the cause might be and if it has any meaning but it "bugs" me

A few common questions I found:
Are you using VLANs? - No
Are you using virtual interfaces? - No (well the bridge)
Are you using a bridge which includes an unassigned interface? - No
Are those errors increasing? - Yes
If yes, on which interfaces? - Bridge only. Physical interface shows 0 error.
what is connected to these physical links? - 1 laptop only
What do the interface counters on these devices say? - All green no errors
Can you check on OPN > Interfaces > Diagnostic > NETSTAT if you see any drops, for example? - No drops on any port
Is your system suffering from possible interruptions? - No

Since I was thinking that its my wrong-doing i created a snapshot from the machine and reseted via System: Configuration: Defaults
After that only 1 Bridge has been created across 4 interfaces and changed for admin the password. No other change was made.
Now the tricky part: Same error still on the bridge however the bridge is not even enabled yet. I dont get it why the bridge is even showing up in the Interface statistics widget.

So i did another small test. This time in virtualbox, same basic setup, same error however the picture this time changed - interesting. The only connected port is LAN (not part of the bridge) and the bridge is still in not enabled.


Whats going on here? :)