Topics

1

Virtual private networks / routing wireguard traffic site-to-site behind OPNsense

« on: July 23, 2024, 11:39:51 pm »

Hello everybody!
I'm trying to configure a wireguard site-to-site setup with wg running on VMs behind OPNsense.
I'm running into issues with how to route properly in OPNsense.  (Routing is a weak point in my knowledge)
I'm using the following guide:  https://www.procustodibus.com/blog/2020/12/wireguard-site-to-site-config/#configure-routing
Can someone explain to me how to route this correctly...like I'm a 6yo?

Thank you!

2

24.1 Legacy Series / 24.1.2_1 Dnsmasq & Unbound not resolving WAN

« on: February 29, 2024, 02:02:14 am »

After updating to 24 this evening Dnsmasq (my default) and alternatively, Unbound are no longer able to resolve WAN locations.
I worked through fixing the gateway issue I was having (like some others), but this DNS issue has me stumped. Of course, if I bypass the local DNS and insert an external DNS IP in the DHCP settings it works.
Any ideas what is causing this and how to fix the issue?

Thanks!

3

General Discussion / Unbound stopped resolving

« on: April 03, 2023, 05:41:56 pm »

I posted this back on March 23rd in the 23.1 forum but since there were no replies, I thought I'd post it here.

This morning I started the day with 22.7.11 running on one of my proxmox servers.
We started noticing some webpages weren't accessible.  It progressively got worse so I start troubleshooting.  I quickly realized the OPNsense VM shell can ping external domain names, but any internal clients couldn't resolve external names.  I upgraded the VM to 23.1.4 in hopes it would solve the issue, but it did not.  I ended up restoring a VM backup to a known working state from 2.5 weeks ago and clients still couldn't resolve external names.
I then disabled Unbound and enabled Dnsmasq.  Clients started resolving correctly.
Why would 22.7.x and 23.1.x both have issues with internal clients resolving external names but as soon as I restored back to 22.7.x and then switched to Dnsmasq it started working?  Before moving to Dnsmasq I did check the logs and found nothing out of the ordinary for Unbound.
I see the current config as a workaround and not a fix.  Any ideas?
Thanks!!!

4

23.1 Legacy Series / Unbound stopped working

« on: March 23, 2023, 06:20:34 pm »

This morning I started the day with 22.7.11 running on one of my proxmox servers.
We started noticing some webpages weren't accessible.  It progressively got worse so I start troubleshooting.  I quickly realized the OPNsense VM shell can ping external domain names, but any internal clients couldn't resolve external names.  I upgraded the VM to 23.1.4 in hopes it would solve the issue, but it did not.  I ended up restoring a VM backup to a known working state from 2.5 weeks ago and clients still couldn't resolve external names.
I then disabled Unbound and enabled Dnsmasq.  Clients started resolving correctly.
Why would 22.7.x and 23.1.x both have issues with internal clients resolving external names but as soon as I restored back to 22.7.x and then switched to Dnsmasq it started working?  Before moving to Dnsmasq I did check the logs and found nothing out of the ordinary for Unbound.
I see the current config as a workaround and not a fix.  Any ideas?
Thanks!!!

5

19.1 Legacy Series / OpenVPN DNS what am I doing wrong?

« on: March 13, 2019, 10:12:00 pm »

Hey all,
I've configured an instance of OPNsense with a OpenVPN server instance in a lab.
I have the DNS Default Domain and the DNS Servers set and they do show up in the remote windows client NIC status.
For some reason I can only ping IP addresses and not hostnames.
I have Force DNS cache update checked and that doesn't help.
I went with the OpenVPN Wizard's firewall rules.  Could that be an issue?

Any help would be appreciated.
Thanks!

6

18.7 Legacy Series / multi openvpn servers with fw rules

« on: December 10, 2018, 01:30:32 am »

Hello all,
I'm trying to configure two openvpn servers on my opnsense box.
VPN1 = tunnels to the end point LAN-x and does connect to all on LAN-x.
VPN2 = I need it to only have access to 1 server in LAN-x.
I thought I could have VPN2 tunnel to LAN-y and set rules to only allow LAN-y to access the single LAN-x server, but I can not get this to work.
Anyone have any guidance to get a secondary VPN to only have access to a single server on the LAN?

Thanks!

7

18.7 Legacy Series / No internet after WAN change

« on: October 10, 2018, 10:14:23 pm »

Hey all,
I have a server running esxi 6.7 with a OPNsense 18.7.4 VM which has several interfaces.
The WAN interface was set to receive DHCP from my cable modem.  After some initial configuration and testing I changed the WAN to a dedicated IP.  Now I get no internet access on the LAN interfaces, but I can ping external IP/names from the OPNsense cli.
I don't see an issue, but I'm no firewall expert.

Any ideas?

Thanks!

8

Hardware and Performance / Qotom hardware

« on: May 03, 2018, 08:44:56 pm »

Anyone used Qotom Q310G4 hardware?  https://amzn.to/2JOmGP0
AliExpress:  https://bit.ly/2KtOSrz

Does the WIFI work well?

Thanks!

9

General Discussion / Stop foreign DNS - Have OpenDNS and PIA work together?

« on: May 12, 2017, 01:51:15 am »

I came from TomatoUSB on a router were there was a way to stop any "foreign" DNS entries from a client from getting past the router.  I'd like to figure out a way to do this same thing on OPNsense.

Then...I'd like to know if there's a way to configure OpenDNS to work in conjunction with PIA's VPN service.  I currently have OpenDNS working just fine, but I'd like to add a PIA VPN config so that my OpenDNS rules still work.

I need as much help as I can get on this one!

Thanks!

10

16.7 Legacy Series / DNS O Matic not updating

« on: January 10, 2017, 06:37:28 am »

Hello all,
I'm having issues with DNSOMatic updating.
http://myip.dnsomatic.com/ returns my proper WAN address.
For the HOST setting I entered:  updates.dnsomatic.com
This returns a Cached IP of 0.0.0.0
If I put anything else in the HOST field it returns N/A.

https://dnsomatic.com/wiki/api shows an "all.dnsomatic.com" which is supposed to update all accounts linked to the service.  But this also returns Cached IP of N/A.

Anyone have an idea of what's going on?

Thanks!

11

16.7 Legacy Series / Replacing Watchguard XTM2

« on: September 07, 2016, 06:10:40 pm »

Hello all,
I'm studying up on the best way to replace an EOL Watchguard Firebox.
I'm not much of an advanced IT guy, but I play the part for my small company.  When our Watchguard was originally installed an outside company did the integration.  When my company moved, I did most of the setup but hired a freelancer to remote in and finish up the new firewall config.

Now that it's been a few years since the XTM2 has been EOL'd I'm going to be replacing it.  I've been playing around with OPNsense for about a week and today I've ordered a Lenovo RS140.  I plan on ordering/installing a SYBA SY-PEX24045 4 Port NIC (Chipset: Intel I350-AM4).  I also need to order some storage for the server.  Do people recommend SSD or Flash?  If I go with SSD can OPNsense manage a software RAID1?

I'm betting this is a dumb question, but does anyone know a good way to reproduce the Watchguard config inside OPNsense?  I'm sure it's all manual, but thought I'd ask.

Thanks!
Todd