Messages

thanks i found it.
i found a strange rule set to the floating rule allow anything from anywhere.
i delete this rule now my vlan are isolated.

Thanks for the support Guys

hi viragomann

how i  flush the states in opnsense

Hello All

my setup
Opnsense act as gateway
switch usw lite 8 poe
two unifi u6 pro wireless ap
From opnsense have setup a bunch of Vlan parent with my lan network
i have created the interfaces, dhcp server and firewall rules for every single Vlan.

on the firewall rules i have the rule which block the connection to internal private ip.So i should be isolated from the rest of my network.
That is strange because i can ping any other vlans and the firewall


this is something that i need to modify from the switch side? or i need to buy a unify switch that support the ACl capability.

Im confuse.

Anybody encore in this scenario.

please help

I resolve it adding a static route for each wireguards  VPN istances.from System -> Routes -> Contiguration then add my subnet

Thanks luckylinux

I hade the same problem creating multiple istances in Wireguard with no connection.

I hade connection only on one istance.

I resolve it adding a static route for each wireguards  VPN istances.from System -> Routes -> Contiguration then add my subnet

Best effort Mate.

You solve the issue.

Regards

Hello All

i have manged to setup wireguard instance with peers on my opnsense 25.1.9 which works on my local network with No access from the outside.(no rules for WAN).I did not include a new gateway, I follow the guide road warrior.

Everything works. i have connection and handshake.

Now i want to create new instances (wg1,wg2,wg3..)to fit in every Vlans.This because i like  to assign  different firewall rules in base on Vlans.

I recreate the same procedure as my first istance (new interface, new firewall rule, new istance, new peer) but i have no connection.I tested with tcpdump

Im stuck .What do i need to incorporate to my new interfaceI have tried to check the option in the interface "Dynamic gateway policy" to create a different  gateway but that want not work.

client do not comunicate with the wireguard server

Which log do I need to provide ?

Any help please..

Thanks

I got the rule fixed. Thanks Bob.Dig
you helped me fixed this

my VLAN10 rule was wrong

What is your rule fixed

Hi

i have setup wireguard on my opnsense virtualised inside proxmox.

Server and peer created as manual.

i have created an interface wireguard on opnsense as manual

i checked the gateway option so a new gateway for wireguard its created.

In proxmox into a vlan  Vm  (ubuntu machine) i have imported the tunnel.I can see the wg0 interface but i have no internet working


in the attachment i have the firewall rules for the wan and wireguard interface.

Do i need to create a routing between a vlan and wireguard interface.

In the manual there is an example on hot wo connect 2 vlan but from different location.

i only need internally.

Any help.

im stuck with this since days

hi

i explain my configuration
i have my main router that act as gateway and give me internet access (Bridge mode) 192.168.1.1

From my main router i have a cable from a lan port to my mini pc (wan port) which has proxmox and opnsense virtualised (which is vmbr0)


in proxmox i have configured
vmbr0 (management interface for proxmox and wan interface for opnsense) address 192.168.1.250/24 gateway 192.168.1.1

vmbr1 for my lan interface port 2 of my mini pc

vmbr2 vlan bridge port 3 which has all the vlan connected

proxmox Dns to point to my opnsense lan interface  192.168.11.1

Opnsense has internet access on the lan port and vlan port with  all the vlans accessing the internet.

i setup the firewall rules to accept internet access on port 53 to all the interface so i have internet access.All working fine

In opnesense i setup
An address for the wan which is 192.168.1.240/32 (same subnet of vmbr0)
lan address 192.168.11.1/24
vlan address 192.168.12.1/24



In proxmox if i change the gateway to be the opnsense lan(192.168.11.1) i dont have internet access

Hi DSEVEN

Opnsense is virtualised in proxmox
Opnsense manage all my vlan,routingand  dhcp
The wan management interface is an interface to manage proxmox and its used as a port wan for opnsense.
My lan and ther vlan have access to internet .It all working fine

My question was.From a vlan which is on the interface 2 can i ping the lan interface 1.
there is a way to create a vlan  that can access the lan intercace


 

no is not in the same subnet

In proxmox i have lan on a linux bridge enp3s0 with ip 192.168.2.1/24
                the interface i used to manage vlan on port enp4s0  is on a different subnet 192.168.3.1/24 there i create all the vlans interfaces

so your sugestion is to create in proxmox a vlan on the linux bridge enp3s0 (LAN port)instead on enp4s0  (VLAN port)?

Hi All

I have Opnsense virtualised in Proxmox on a mini pc intel celeron

In Proxmox i have

a wan management interface for proxmox
a Lan port (linux bridge) not vlanaware that managed all my VM
a Vlan port (linux bridge) vlanaware where i created all my sub vlans
a unifi switch 8poe lite
a unifi Ap where i stream part of my vlan

I managed to get all working

My concern is to access the Lan port 1  from a vlan (port 2) via the Unifi Ap as a standard wifi connection so i can manage proxmox and Opnsense.Those 2 are in two different fisical port

In Opnsense I have tried lan bridge but for some reason it seem to dont work and everything crash
i set the 2 tunables in opnsense as per manual but when i restarted the system proxmox crashed, because it cannot see the lan interface anymore as there is a new interface created which is the bridge

Any help

Thanks