Topics

1

20.1 Legacy Series / Wireguard

« on: March 10, 2020, 06:41:21 pm »

Hi!

I've read somewhere that wireguard in 19.7 won't allow you to add a Gateway with "dynamic" in the ip address. Will it work in 20.x?

Trying to setup a firewall rule to force a client through a wireguard connection, and not having much luck so far since there's no way to add a gateway to be used in firewall rules, unless there's another way?

Thanks for any help.

2

20.1 Legacy Series / Wireguard Clients Disconnected

« on: January 31, 2020, 02:53:51 pm »

Hello!

This might not be the right place for this, but I don't know a better place.

Using Wireguard on opnsense at remote sites, and a main server with a static.

When we add a new peer into the main server, some of the remote sites don't automatically reconnect. We have to go into the remote sites, and hit save inside the wireguard interface to get them to reconnect.

Is this a bug or misconfiguration?

Thank you for your assistance!

3

19.7 Legacy Series / IPSec Tunnel Established but no routes

« on: November 12, 2019, 10:35:53 pm »

I have an IPSec setup which is established. The routes necessary for it aren't put in place correctly. It keeps adding them when the tunnel comes up, but assigning them to the WAN interface.

I can delete the route (which allows the opnsense itself to ping through the tunnel), but nothing behind it works.

Is this a bug? Most documentation says to add a gateway selecting the IPSEC interface, but I can't find it.

Jeff

4

19.7 Legacy Series / NAT Rules relating to Wireguard Interfaces

« on: August 26, 2019, 04:44:58 pm »

Hi!

I've setup wireguard with two clients, one being 172.20.1.1. I put in some NAT rules to allow this client out to the internet, however, the traffic is going out the WAN interface without being NAT'd first.

--

10:40:54.680981 IP 10.20.1.1.37352 > 8.8.8.8.53: 10996+ A? audio-sv5-t1-1-v4v6.pandora.com. (49)
10:40:54.681100 IP 10.20.1.1.45138 > 8.8.8.8.53: 28973+ A? android-tuner.pandora.com. (43)
10:40:54.681178 IP 10.20.1.1.42111 > 8.8.8.8.53: 12703+ A? clients4.google.com. (37)
10:40:54.681264 IP 10.20.1.1.42743 > 8.8.8.8.53: 18097+ A? clients4.google.com. (37)
10:40:54.681343 IP 10.20.1.1.5269 > 8.8.8.8.53: 1405+ A? clients4.google.com. (37)
10:40:54.681747 IP 10.20.1.1.32947 > 8.8.8.8.53: 60937+ A? clients4.google.com. (37)
10:40:55.011681 IP 10.20.1.1.47250 > 8.8.8.8.53: 25109+ A? sirocco.accuweather.com. (41)
--

I've tried moving the rule, changing the ip address, etc. to no change.

Any help would be appreciated :-)

Jeff

5

19.1 Legacy Series / OpenVPN Export Options

« on: March 07, 2019, 07:37:30 pm »

What happened to all the openvpn export options?

How do I make a mobile config from the files presented? :-/

6

18.7 Legacy Series / LAN Carp with two different WAN providers, OPENVPN clients and redundancy

« on: October 18, 2018, 04:32:56 pm »

so I'm trying to use CARP on a LAN to keep clients able to access the internet through 1 of 2 opnsense gateways.

One is connected via traditional methods, other uses a 4G router.

I want the LAN to have a CARP address on it, so clients in the LAN can always hit the internet. These two devices would be physically seperate locations (sometimes seperated by radios) and using VLANs to do a WAN carp on the two devices wouldn't work out very well.

Both of these devices connect back to the main office, where they each receive an ip address respective of their COMMON NAME.

The questions are as follows:

1) Can I set this up where the two boxes will change between slave and master based upon WAN status. Doesn't appear so.

2) How can I set up the 'iroute's at the main office so that it'll fail over or should I go with openvpn tap and use OSPF across it?

3) Any other suggestions?