Messages

Is it possilble to use ISC and DNSMASQ at the same time, to facilitate a migration one VLAN interface at a time?

My setup is simple with
3no [VLAN] > ISC > Unbound
1no [VLAN] > ISC > AdGuardHome > Unbound
2no WireGuard > ISC > Unbound

Would be nice to move each VLAN individually

DNS-based endpoints would be my guess. Can always break.
Cheers,
Franco

That would make sense, I am using a DNS record for the WireGuard interface. I'm using DynamicDNS to keep my IP Address updated with Cloudflare. The IP was correct based on the Cloudflare dash and the value reported on the WAN interface.

Is there something I can do to clear/reset that if this happens agan?

The Internet suggests disable/enable the wireguard interface?

TL;DR: I fixed it by rebooting the firewall 4 (four) times.

Spent the evening digging into WireGuard/Firewall/Instance configuration and looking at logs.

Noticed no incoming traffic on the WireGuard interface, checking the client logs (on my Android phone) showed the error: "Handshake did not complete after 5 seconds".

Tried to enable/disable the WireGuard interface and/or restart the WireGuard service but nothing seemed to work.

Switched between the 25.1.2 and 25.1.4 snapshots a few times checking what logs/connections were made each time.

After the 4th swap to 25.1.4 it started working.

Not much help to debug the underlying issue I'm afraid.

Was running 25.1.2, where WireGuard was working fine (setup in a road warrior config, I think...).

Following the update a client device reports it is connected but the OpnSense dash doesn't show that client online and the client doesn't have connectivity to LAN or WAN networks.

I rolled back to the 25.1.2 snapshot and it worked again.

I had a similar issue when going from 25.1.0 to 25.1.2, but that resolved itself after restarting the WireGuard service.

I'll try and get some logs but I only have a single system and it's in use