Messages

Wow this is amazing!
thanks for creating and sharing this tool. I'll Give it a try.

[Thank you so much everyone!!]

@xXHelperXx, I think you misunderstood the meaning of "here". The problem with using an image service is it is more likely to disappear, leaving this thread largely incomprehensible to anyone who might have a similar problem in the future. Is there any particular reason you are unable to post images here, within your replies, rather than as links?

Regarding your further comment, are you filtering on the interfaces or on the bridge? https://docs.opnsense.org/manual/how-tos/lan_bridge.html (see Step Six, System Settings Tunables)

You are totally right. I'm sorry.
Next time I will stick to uploading the photos to the post.

and regarding the issue, You nailed it!!! Many many thanks!!!
Now I realized that 2 months ago I restore the default values for the all the tunable. mis that 2 tunable settings for bridge.
I made the change and Walla all back to work.


Thank you so much everyone!!

Not really sure why it still block and why especially on LAN and not on VPN.

Different rules, most likely. LAN and Wireguard are not the same subnets.

If you publish your rules here, I will look at them to see whether I can help. Using imgur is not publishing here.

Thanks man!!
See here:
WG rules + the auto generated: https://imgur.com/a/E5v6qZ4
BridgeLAN + Auto generated: https://imgur.com/a/WGDmaz7

The block log you've posted, shows the source IP is 192.168.11.38 and destination is 192.168.11.66. If it is a /24 subnet the devices would be within the same subnet. And as mentioned, traffic between these shouldn't go to the router, except if they are connected to different interfaces of a bridge. If it does anyway the network settings of the source is wrong.

Correct the source is ...11.38 or any other machine.. and the destination is ...11.66 but before it was work and somethings changed. not sure what?!
The Opnsense appliance have 6 ports in total. 4 of them I created under 1 bridge call BridgeLAN.
They must go throughout the Opnsense/Router.

The subnet is same as before I'm using /24 and it work before.
Not really sure why it still block and why especially on LAN and not on VPN.

["Default Deny"]

Hi People, maybe yo can help me on this.

Not sure when it started, but the NAS on the LAN is blocked from any device that trying to access it.
And while disconnected from the the LAN, and Connect to WireGuard VPN I'm able to access this NAS without issues.

Tried to search in the logs and found that the request was blocked by "Default Deny" Rule.
- I test it with WIFI/Cable on different port on the appliance.
- Tried to create brand new Pass all LAN Firewall rule
- There is Firewall rule on the bridge with Pass Rule for that LAN to Any for IPv4+6
- Tried to change the Firewall Optimization from Normal to Conservative
- Change the Firewall NAT Outbound: to Hybrid and Automatic 
- Disabled the crowdsec (No related but no impact)

Things that worth to mention:
- There is Firewall Normalization that set for the WireGuard connection.(Explain why the VPN can access?!)
- I recently moved from ISC DHCP to Dnsmasqm the issue was before the move.
- This spesifc NAS have 2 ports connect to LAN (NO LAGG, One with Static IP from the Opnsense + DHCP on the NIC and the second Static IP from the NAS OS.

I'm not really sure what is the problem.
Any kind of help will be pleased.
Thanks!

Screenshot from the Firewall log: https://imgur.com/a/wqLk3DO

[Netsh int tcp set global autotuning=normal]

I have to post here after some digging and blaming the OPS version.

The issue for me, was a configuration in windows on PC (Client).
At first I tried to connect using my phone with the same way and I managed to obtained the full speed.
So tried to test everything in windows environment.

Somehow the issue was relegated to the TCP global option that was disabled.
When run it to default: "Netsh int tcp set global autotuning=normal" The performance back to full speed.

Cheers!

I think this is something with the recent version.
2 weeks ago I noticed a slow connection from my end.

The connections is:  NAS > OpnSense > wireguard > Remote Client.
and the System is with i3-1215U that handle everything.

At First I though it's the NAS, but apparently this is something with OPS.
Iperf between the NAS > OPS I getting 2.74 GBytes.
Between OpnSense > wireguard > Remote Client I'm getting average of 53.0 MBytes |  44.5 Mbits/sec.

Before the update to 27.5.x I managed to received 200+ MB with Iperf and transfer files around 22mb/s with the same system and same configuration, nothing changed.
I also try to disable firewall, CrwordSec, IDS, IPS, change MTU, paly with offload settings and add some configuration to the Tunables.
Unfortunately nothing help to solve it.

I believe It's a deeper issue.

Wowwwww man!!!
this is insane, thank you for this sharing info. this is the issue I'm facing right now.

Any suggestion please?

[Manage everything from Opnsense]

Hello folks!
I'm new to OPNs and recently I finish install the OS.
Everything works lovely and I'm really satisfied.

My main goal to move to Opnsense was to protect my TrueNas server with revers proxy for Emby outside the network without opening ports while the traffic go through Mullved VPN AND make sure I can still access it from LAN/WG_VPN home.

I think of two options, and I really need help to decide which one is better or maybe hear another one better.

1.Manage everything from Opnsense - My OPNs using Bridge on all the LAN ports, So I thought to setup Mullved VPN only for the TrueNas port (port 3), then Install the HA proxy and configure it to work with the Emby port. But I'm not sure if it will impact the app connectivity for other apps like qbittorent with ports open.

2.Split the work - TrueNas allows to use wiregard and theoretically connect to Mullved and install the HA proxy on the OPS. Or maybe otherwise, Install the VPN from the OPS side and then configure with one of the apps from Truenas docker the revers proxy.

The things that is really important to achieve:
- Best secure way to get it done!

- Still able to access the NAS and his apps locally.

- To choose the best way to implement this in terms of troubleshooting in case I needed.

- To get the best performers. I personally think that running this OPNs will reduce no need stress from the TrueNAS.

What do you think?
I really like to hear your opinion.

Thank in advance!