Messages

And this is my Windows Config.

I am adding more screenshots of my config.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.

[2025-07-03 19:27:42.550: [TUN] [My_Wireguard] Handshake for peer 1 (<edited>:57394) did not complete after 5 seconds, retrying (try 2).]

Hi,

I configured Wireguard in my OPNSense following these instructions:

https://docs.opnsense.org/manual/how-tos/wireguard-client.html

using IPv4 only. For Normalization, I set 1372.

I defined two peers using the Peer Generator. I use one with my Android phone, and the second is for Windows. In Windows, I copy-pasted the config from the peer generator, so there is no reason to suspect keys or anything.

And now, the Android client works, but the Windows client keeps showing

2025-07-03 19:27:42.550: [TUN] [My_Wireguard] Handshake for peer 1 (<edited>:57394) did not complete after 5 seconds, retrying (try 2).

Under the transfer counters, the Rx stays always at 0.

I've read some posts online that suggested modifying the MTU in the Windows peer. I tried several values, but none of them had any effect.

I am adding screenshots with part of my config to this post. I am not able to add more because of attachment limits. I will try to add the rest to a reply to this post.

Any ideas?


You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.

Thank you both for the help. I had a crazy week and only managed to try this stuff today.

Indeed, the suggestion from @viragomann did the trick. I wish I understood better why, but sometimes it's like this. :)

@ricardolanes  Indeed, that doesn't apply to me because I run dhcp from pihole, not opnsense. But I truly appreciate your support regardless.

You need to add an outbound NAT rule for this to work. Otherwise you will run into asymmetric routing issues.

You have to enable the hybrid outbound NAT mode and add a rule:
interface: LAN
source: LAN subnet
destination: 10.0.0.10/32
destination port: 53
translation: interface address

This lead into loosing the information about the origin clients source IP on the pihole for redirected traffic. If you need this information you have to put the pihole into different network segment.

Thanks for the hint. And I use this rule in addition to the port redirection?

[Firewall: NAT: Port Forward]

Hi all!

I have a network where opnsense is the LAN gateway at 10.0.0.1. Pi-hole is the DHCP and DNS server at 10.0.0.10.

I am trying to redirect all DNS queries from LAN to pihole. I have tried so many combinations, but none of them work and it's driving me crazy. I've read various instructions online and even tried with ChatGPT (which is mostly horrible at this, btw), but now I feel lost.

The challenge here is to redirect traffic from all LAN IPs to any IP and port 53 to 10.0.0.10:53, while at the same time allowing 10.0.0.10 to access its upstream DNS.

I've tried two different paths, with many permutations in between.


1. A single port forwarding rule under Firewall: NAT: Port Forward where

• Interface LAN
• TCP/IP Version IPv4
• Protocol TCP/UDP
• Source / Invert  is ENABLED
• Source is Single host or network 10.0.0.10/32
• Source port range is ANY
• Destination / Invert  is ENABLED
• Destination is Single host or network 10.0.0.10/32
• Destination port range is DNS
• Redirect target IP is Single host or network 10.0.0.10/32
• Redirect target port is DNS

2. Two rules where:
  Rule 1 is under Firewall: Rules: LAN and allows DNS traffic from 10.0.0.10

• Action PASS
• Quick is ENABLED
• Interface LAN
• Direction IN
• TCP/IP Version IPv4
• Protocol TCP/UDP
• Source / Invert  is DISABLED
• Source is Single host or network 10.0.0.10/32
• Destination / Invert is DISABLED
• Destination ANY
• Destination port range DNS

  Rule 2 is under Firewall: NAT: Port Forward and redirects all traffic from LAN net to 10.0.0.10

• Interface LAN
• TCP/IP Version IPv4
• Protocol TCP/UDP
• Source / Invert  is DISABLED
• Source is LAN NET
• Source port range is ANY
• Destination / Invert is ENABLED
• Destination is Single host or network 10.0.0.10/32
• Destination port range is DNS
• Redirect target IP is Single host or network 10.0.0.10/32
• Redirect target port is DNS

Then, under Firewall: Rules: LAN Rule 1 is above Rule 2.

Unfortunately, none of these work. Like, I said, I tried various permutations in between, but I either get that DNS doesn't work at all, or that it's not redirected to pi-hole and just goes out to (for example) 8.8.8.8.

I would greatly appreciate some guidance here.

Your issue may be RAM related.

Thanks for the reply. I also suspected that, but then I remembered that I had an old PC once that used to beep once on every boot. And that got me thinking.

I connected the device to a monitor via DisplayPort and voila. It boots.

It just doesn't output anything on HDMI, which is terribly misleading and quite annoying.

Unfortunately, now I hit another bump, because it doesn't recognize the SSD.

When I try to install opnsense, it shows it in the list, but I can't do anything with it. I tried several options in the install menu with the same result. I don't remember their exact names, but I tried both unattended and manual options.

In Ubuntu, it shows under lsblk as /dev/sdb, but it shows as 0B and I also can't do anything with it. GParted doesn't even list it.

I tried diskpart under a Windows installer and it's the same. It shows as 0B but can't do anything with it. I tried to create a GPT table on it and got an error.

I've connected the SSD to two different M.2 slots and got the same.

Any ideas?

Hi!

This is not strictly opnsense related, but it is the OS I am planning to install, and I can't think of a better place to ask this. I'm hoping someone here can help.

So I bought this device, barebone:
https://amzn.eu/d/21CumzH

And I installed in it two pieces of this RAM:
https://amzn.eu/d/6Ip5o7X

And a piece of this storage:
https://amzn.eu/d/bKKWgA6

But the device doesn't boot. A few seconds after power up it emits one beep and that's it.

I connected an HDMI monitor to it and at boot nothing is displayed. The interface is not even initialized, as the monitor continuously displays "No connection".

If I remove the SSD, the error is the same, which makes me think it's related to the RAM. I tried using just one of the RAM pieces and it's the same.

Any idea what it my be? Or where I could find out what that one beep means? I would investigate the RAM more, for example by buying another model, but I wouldn't want to spend too much time and money investigating the in the wrong direction.