Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - jf5876

#1
Hello,

I've blocked the kids network range with a schedule in the firewall schedules. What happens is that they are playing a game, the schedule goes off and they continue playing.

The options and reading I've done so far indicate this should work the way it was intended but does not seem to do so. I've seen others use Cron entries to drop those states or schedule a reboot when that timing goes off.

Am I doing something wrong?

Thanks,

JF
#2
20.1 Legacy Series / Wireguard
March 10, 2020, 06:41:21 PM
Hi!

I've read somewhere that wireguard in 19.7 won't allow you to add a Gateway with "dynamic" in the ip address. Will it work in 20.x?

Trying to setup a firewall rule to force a client through a wireguard connection, and not having much luck so far since there's no way to add a gateway to be used in firewall rules, unless there's another way?

Thanks for any help.
#3
20.1 Legacy Series / Wireguard Clients Disconnected
January 31, 2020, 02:53:51 PM
Hello!

This might not be the right place for this, but I don't know a better place.

Using Wireguard on opnsense at remote sites, and a main server with a static.

When we add a new peer into the main server, some of the remote sites don't automatically reconnect. We have to go into the remote sites, and hit save inside the wireguard interface to get them to reconnect.

Is this a bug or misconfiguration?

Thank you for your assistance! ;D
#4
I have an IPSec setup which is established. The routes necessary for it aren't put in place correctly. It keeps adding them when the tunnel comes up, but assigning them to the WAN interface.

I can delete the route (which allows the opnsense itself to ping through the tunnel), but nothing behind it works.

Is this a bug? Most documentation says to add a gateway selecting the IPSEC interface, but I can't find it.

Jeff
#5
Hi!

I've setup wireguard with two clients, one being 172.20.1.1. I put in some NAT rules to allow this client out to the internet, however, the traffic is going out the WAN interface without being NAT'd first.

--

10:40:54.680981 IP 10.20.1.1.37352 > 8.8.8.8.53: 10996+ A? audio-sv5-t1-1-v4v6.pandora.com. (49)
10:40:54.681100 IP 10.20.1.1.45138 > 8.8.8.8.53: 28973+ A? android-tuner.pandora.com. (43)
10:40:54.681178 IP 10.20.1.1.42111 > 8.8.8.8.53: 12703+ A? clients4.google.com. (37)
10:40:54.681264 IP 10.20.1.1.42743 > 8.8.8.8.53: 18097+ A? clients4.google.com. (37)
10:40:54.681343 IP 10.20.1.1.5269 > 8.8.8.8.53: 1405+ A? clients4.google.com. (37)
10:40:54.681747 IP 10.20.1.1.32947 > 8.8.8.8.53: 60937+ A? clients4.google.com. (37)
10:40:55.011681 IP 10.20.1.1.47250 > 8.8.8.8.53: 25109+ A? sirocco.accuweather.com. (41)
--

I've tried moving the rule, changing the ip address, etc. to no change.

Any help would be appreciated :-)

Jeff
#6
19.1 Legacy Series / OpenVPN Export Options
March 07, 2019, 07:37:30 PM
What happened to all the openvpn export options?

How do I make a mobile config from the files presented? :-/
#7
so I'm trying to use CARP on a LAN to keep clients able to access the internet through 1 of 2 opnsense gateways.

One is connected via traditional methods, other uses a 4G router.

I want the LAN to have a CARP address on it, so clients in the LAN can always hit the internet. These two devices would be physically seperate locations (sometimes seperated by radios) and using VLANs to do a WAN carp on the two devices wouldn't work out very well.

Both of these devices connect back to the main office, where they each receive an ip address respective of their COMMON NAME.

The questions are as follows:

1) Can I set this up where the two boxes will change between slave and master based upon WAN status. Doesn't appear so.

2) How can I set up the 'iroute's at the main office so that it'll fail over or should I go with openvpn tap and use OSPF across it?

3) Any other suggestions?