Messages

1

Virtual private networks / Re: wireguard tunnel don't come up after restart

« on: July 19, 2022, 08:46:31 am »

I have the same problem with the latest Business Edition 22.4.2. After reboot only wg0 kind of comes up, meaning handshake is established but zero traffic through the tunnel. After manually restarting the service both the interfaces wg0 and wg1 come up and start working.

2

Virtual private networks / Re: Weird WG firewall/NAT problems, behavior differs from docs howto

« on: July 19, 2022, 08:20:45 am »

Since upgrading to 22.4 I'm experiencing the exact same problem. Did you find a solution?

I just restarted the wireguard-go service from dashboard and it started working. Maybe the service does not initialize correctly (noticed that wg1 was missing before the restart)?

3

21.7 Legacy Series / Re: [SOLVED] WAN cannot connect

« on: February 03, 2022, 07:25:53 pm »

Took me a while to understand that, too.

You need to edit your original post and change the title to "[SOLVED] blabla" :-)

There is no such functionality in this forum as such.

4

21.7 Legacy Series / Re: WAN cannot connect

« on: February 02, 2022, 10:15:17 pm »

I upgraded to 22.1 then deleted OpenVPN/WireGuard configs and did a fresh start. Now it is working... no idea why.

5

21.7 Legacy Series / [SOLVED] WAN cannot connect

« on: February 02, 2022, 08:17:39 pm »

I just configured an OPNsense firewall with a WAN interface behind another router. All ports are forwarded to the OPNsense.

I setup WireGuard with wg0 as Server (dial in) and an OpenVPN Server. Both interfaces come up and are running on their respective interface and ports.

However, I cannot connect to wg0 or OpenVPN as client. A packet capture on WAN shows my requests arriving but there is no reply. The weird thing is, that there is NOTHING in the firewall log. I started with allowing relevant ports on WAN (logging enabled) then allowing all on WAN (logging on) or allowing nothing at all. In all scenarios there is nothing in the firewall logs, nothing.

This is not the first OPNsense I setup but the first time I experience this behaviour. Any ideas?

6

Virtual private networks / Re: OpenVPN - Client Specific Overrides - Routes not applied

« on: February 02, 2022, 01:47:53 am »

I have exactly the same issue. Routes are only added to the routing table randomly even though the do show in "OpenVPN: Connection Status".

7

21.7 Legacy Series / Re: IPsec: remote network is routet through WAN-gateway

« on: January 10, 2022, 02:39:07 pm »

Solved it with the help of this post:

https://administrator.de/contentid/539060#comment-1421754

8

21.7 Legacy Series / Re: IPsec: remote network is routet through WAN-gateway

« on: January 10, 2022, 02:17:52 pm »

No dice. The firewall just does not route the packets through to the other LAN. Your setup just leads to TTL exceeded in transit for me...

9

21.7 Legacy Series / Re: IPsec: remote network is routet through WAN-gateway

« on: December 11, 2021, 04:04:01 pm »

And you have a routed IPsec or policy-based?

10

21.7 Legacy Series / Re: IPsec: remote network is routet through WAN-gateway

« on: December 11, 2021, 03:30:40 pm »

Thanks for your input but if I do this I cannot route between the remote networks...

11

21.7 Legacy Series / [SOLVED] IPsec: remote network is routet through WAN-gateway

« on: December 11, 2021, 12:45:55 am »

I configured two S2S IPsec tunnels (policy). LAN and IPsec interface feature an allow all rule.

Both remote sites connect and clients in the remote LAN's successfully ping the firewall.

However, the firewall cannot ping any host nor the gateways or the remote sites. It seems like the tunnels are one way only. I looked at the routing table and was surprised to see that the remote LAN's (10.52.10.0/24, 10.62.10.0/24) are added to the default gateway (172.31.1.1).

Any idea where I could have gone wrong?

12

German - Deutsch / Re: Wireguard Multiwan

« on: September 28, 2021, 06:56:36 pm »

D. h. für RoadWarriors alles mit sprt 51280 (als Beispiel) über Gateway X routen in der Firewall? Frage deshalb, weil ich es damals nicht hinbekommen habe...

13

German - Deutsch / Re: Wireguard Multiwan

« on: September 28, 2021, 11:32:49 am »

So habe ich es verstanden, ja. WireGuard nimmt immer die default-Route.

14

Hardware and Performance / Re: Poor Throughput (Even On Same Network Segment)

« on: September 21, 2021, 11:24:41 am »

I also did some testing after I noticed on a customer site that even on a 10G uplink I would max out at 600Mbps. Since then I roughly tested this on all other sites where we run OPNsense and the result is the same everywhere. OPNsense runs everywhere on either ESXi or Proxmox and on Thomas Krenn servers with the following specs:

Supermicro mainboard X10SDV-TP8F
Intel Xeon D-1518
16 GB ECC DDR4 2666 RAM

I now testet on 3 VMs, 2 running Debian Bullseye and 1 OPNsense (latest 20.1 and latest 21.7). The results are quite poor.

Debian -> Debian
> 14Gbps

Debian -> OPNsense 20.1 -> Debian
< 700Mbps

Debian -> OPNsense 21.7 -> Debian
< 900Mbps

Both OPNsense installs are using default settings, hardware offloading disabled and updated to latest version.

I tried setting the following tunables:

net.isr.maxthreads=-1
I also noticed that net.isr.maxthreads always returns 1 but when setting to -1 it reports the correct threads. However, the network throughput does not change.

hw.ibrs_disable=1
This made a significant impact and throughput increased to 2.6Gbps which is still too low but a lot better than before.

15

21.1 Legacy Series / Re: Gateway not working anymore in routed IPsec (Azure)

« on: August 28, 2021, 10:48:37 pm »

Wow, thanks a lot for you persistence in this matter. I hope they fix it soon!