"
Hello!
I'm installing AmneziaWG on OPNsense.
I've compiled the AmneziaWG packages for OPNsense:
https://www.freshports.org/net/amnezia-tools/
https://www.freshports.org/net/amnezia-kmod/
https://www.freshports.org/net/amneziawg-go/
With some modifications, I've compiled a plugin package:
https://github.com/antspopov/opnsense_amnezia_plugin
I plan to create a PR for this in opnsense/plugins in the future.
I'm currently experiencing a routing issue.
If the VPN server doesn't provide the gateway IP (meaning we only know the IP on the interface), then the standard routing mechanism of adding routes and/or setting the gateway in firewall rules stops working.
I decided to try using a second routing table.
I set net.fibs=2, configured AmneziaWG to use routing table 1, and got the following routes:
To test, I configured the LAN interface to use fib 1:
All LAN traffic is correctly routed through the tunnel.
Next, I tried to replicate this using pf, manually adding a rule immediately after "# [prio: 1]":
I loaded all the rules into pf, but the new rule didn't work. Traffic isn't being redirected. I don't see the captured packets in the log. I can't figure out what the problem is.
pf sees the following rule:
Please tell me how to use pf to capture traffic based on the "to $to_awg" condition so that it sets rtable to 1. I want to capture both LAN traffic and OPNsense process traffic, such as Unbound.
I'm installing AmneziaWG on OPNsense.
I've compiled the AmneziaWG packages for OPNsense:
https://www.freshports.org/net/amnezia-tools/
https://www.freshports.org/net/amnezia-kmod/
https://www.freshports.org/net/amneziawg-go/
With some modifications, I've compiled a plugin package:
https://github.com/antspopov/opnsense_amnezia_plugin
I plan to create a PR for this in opnsense/plugins in the future.
I'm currently experiencing a routing issue.
If the VPN server doesn't provide the gateway IP (meaning we only know the IP on the interface), then the standard routing mechanism of adding routes and/or setting the gateway in firewall rules stops working.
I decided to try using a second routing table.
I set net.fibs=2, configured AmneziaWG to use routing table 1, and got the following routes:
Code Select
# netstat -rn -F 1
Routing tables (fib: 1)
Internet:
Destination Gateway Flags Netif Expire
default link#7 US awg0
Internet6:
Destination Gateway Flags Netif Expire
default link#7 US awg0
To test, I configured the LAN interface to use fib 1:
Code Select
ifconfig em1 fib 1
All LAN traffic is correctly routed through the tunnel.
Next, I tried to replicate this using pf, manually adding a rule immediately after "# [prio: 1]":
Code Select
pass in log on em1 inet from {(em1:network)} to $to_awg no state rtable 1
I loaded all the rules into pf, but the new rule didn't work. Traffic isn't being redirected. I don't see the captured packets in the log. I can't figure out what the problem is.
pf sees the following rule:
Code Select
# pfctl -s rules | grep rtable
pass in log on em1 inet from (em1:network) to <to_awg> no state rtable 1
Please tell me how to use pf to capture traffic based on the "to $to_awg" condition so that it sets rtable to 1. I want to capture both LAN traffic and OPNsense process traffic, such as Unbound.
