Topics

[Progress:]

I followed the instruction as per documentation.
https://wiki.opnsense.org/manual/how-tos/wireguard-client.html

Progress: Using Peer iPad, I am able to connect to WireGuard VPN successfully. (See iPad.log attached)
Issue: To route all the traffic using WireGuard VPN Tunnel only, I configured  0.0.0.0/0 in Allowed IPs. With that I see all the traffic coming to my OPNSense router. However, it's not going out. (See FW_Rule.png and FW_View.png attached)

I think that I have followed instructions correctly as documented in Step 2c - Assignments and Routing.

However, firewall live view suggests that traffic from the client is blocked.

Can someone please guide me on how to correct the firewall rule to allow internal and external access for WireGuard VPN users?

[root@OPNsense:~ # cat /var/log/acme.sh.log]

root@OPNsense:~ # cat /var/log/acme.sh.log
[Sun Mar 29 18:03:25 UTC 2020] HEAD
[Sun Mar 29 18:03:26 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 29 18:03:26 UTC 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g  -I  '
[Sun Mar 29 18:03:26 UTC 2020] _ret='0'
[Sun Mar 29 18:03:26 UTC 2020] POST
[Sun Mar 29 18:03:27 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 29 18:03:27 UTC 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sun Mar 29 18:03:27 UTC 2020] _ret='0'
[Sun Mar 29 18:03:27 UTC 2020] code='201'
[Sun Mar 29 18:03:27 UTC 2020] Le_LinkOrder=' https://acme-v02.api.letsencrypt.org/acme/order/81932777/2822543509'
[Sun Mar 29 18:03:27 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/81932777/2822543509'
[Sun Mar 29 18:03:27 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3637170129'
[Sun Mar 29 18:03:27 UTC 2020] payload
[Sun Mar 29 18:03:29 UTC 2020] POST
[Sun Mar 29 18:03:29 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3637170129'
[Sun Mar 29 18:03:29 UTC 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sun Mar 29 18:03:29 UTC 2020] _ret='0'
[Sun Mar 29 18:03:29 UTC 2020] code='200'
[Sun Mar 29 18:03:30 UTC 2020] d='*.homelabusa.com'
[Sun Mar 29 18:03:30 UTC 2020] Getting webroot for domain='*.homelabusa.com'
[Sun Mar 29 18:03:30 UTC 2020] _w='/var/etc/acme-client/challenges'
[Sun Mar 29 18:03:30 UTC 2020] _currentRoot='/var/etc/acme-client/challenges'
[Sun Mar 29 18:03:30 UTC 2020] entry
[Sun Mar 29 18:03:30 UTC 2020] Error, can not get domain token entry *.homelabusa.com
[Sun Mar 29 18:03:30 UTC 2020] The supported validation types are: dns-01 , but you specified: http-01
[Sun Mar 29 18:03:30 UTC 2020] pid
[Sun Mar 29 18:03:30 UTC 2020] No need to restore nginx, skip.
[Sun Mar 29 18:03:30 UTC 2020] _clearupdns
[Sun Mar 29 18:03:30 UTC 2020] dns_entries
[Sun Mar 29 18:03:30 UTC 2020] skip dns.
[Sun Mar 29 18:03:30 UTC 2020] _on_issue_err
[Sun Mar 29 18:03:30 UTC 2020] Please check log file for more details: /var/log/acme.sh.log

I followed the direction from https://docs.opnsense.org/manual/how-tos/wireguard-client.html and I get the following entries in the attached log.

However, my internet traffic is not going via 76.117.73.5.
Also, I tried to connect to allowed traffic configured on the endpoint on OpenSense router and can't access it either.
Could you please suggest how do I go about fixing it?

I am unable to boot ESX VM using OPNsense-19.1.4-OpenSSL-vga-amd64.img file.
I even tried to rename .img file as .iso and it didn't help.
Can someone help me configure OpnSense VM for ESXi 6.5?

[Option#A]

Here is audit log.
=============================================================
***GOT REQUEST TO AUDIT***
vulnxml file up-to-date
curl-7.55.1 is vulnerable:
cURL -- out of bounds read
CVE: CVE-2017-1000254
WWW: https://vuxml.freebsd.org/freebsd/ccace707-a8d8-11e7-ac58-b499baebfeaf.html

1 problem(s) in the installed packages found.
***DONE***
=============================================================

As per https://vuxml.freebsd.org/freebsd/ccace707-a8d8-11e7-ac58-b499baebfeaf.html reference link in audit log, following are recommendations.

RECOMMENDATIONS
We suggest you take one of the following actions immediately, in order of preference:
A - Upgrade curl to version 7.56.0
B - Apply the patch to your version and rebuild
C - Switch off FTP in CURLOPT_PROTOCOLS

Option#A Because I am new to opnSense, I am not sure if will break anything else.
Option#B This something beyond my ability at this point. I think someone form OPNSense developer team can do this.
Option#C I do not know how to do it. So far this seem to be easy/safe option.

Can someone advice me if I am approaching this correctly?