Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - andre_x

Pages: [1]

General Discussion / Satellite OPNsense don't reconnect to main via Wireguard

« on: November 23, 2024, 06:00:08 pm »

Hi all!
I have 2 remote OPNsense (1 at my parents and 1 at my sister) and one in my house that has a static public IP.
The 2 remotes connect to my own via Wireguard, but if I restart my OPNsense, the other 2 don't automatically reconnect to mine, they do only when I restart them.
Is there a way to have them automatically reconnect when the connection drops?
Thanks!

24.1 Legacy Series / Satellite OPNsense don't reconnect to main via Wireguard

« on: November 23, 2024, 04:44:01 pm »

General Discussion / Internet only works if I disable and enable WAN, after, it doesn't

« on: June 13, 2024, 08:08:07 am »

I've setup a new OPNsense instance.
The WAN is connected to a fiber ONT (PPPoE). It receives the IP and the default route is there.
Internet is not working. If I launch a ping to 8.8.8.8, it fails. Traceroute doesn't reach any hop.
If I leave the ping pending, disable the WAN and enable it back again, when I go into diagnostics I see that the ping works and keep working, but if I stop and start them again or if I launch a new one (always to 8.8.8.

, they don't work.
Whaaaat?
What could have I done wrong?

General Discussion / After restore Wireguard interface is not present

« on: June 03, 2024, 05:31:24 pm »

I've restored the configuration to a new hardware.
After I've uploaded it I've assigned the interfaces because the physical interfaces on the 2 hardware are different (I had to edit with no changes and save all the VLAN, then I could assign the interfaces), but in the interfaces there was not WG1.
I've rebooted, I've disable and enabled back the Wireguard instance, but nothing.
In the Wireguard instance I see that the device is WG1, but I can't find it.
How can I solve this problem?
Thanks!

General Discussion / Restore config to new HW -> no WebGUI access

« on: May 28, 2024, 10:57:19 am »

Hi all!
My OPNsense hardware is a Fujitsu Futro S920 with just 1 NIC, so I use VLANs to manage WAN/LAN.
I'm trying to restore the configuration into a new hardware that has multiple NICs, I've opened the config file, renamed the physical interface with the name of one in the new hardware, restored the configuration and I can see all the VLANs and the physical interface. I can assign a new IP to the interfaces, I can ping them, but I can't reach the WebGUI.
I've disabled the firewall with pfctl -d, but nothing.
What am I doing wrong?
Thanks!

Here is the interfaces config part:

Code: [Select]

  <interfaces>
    <lan>
      <if>re0</if>
      <ipaddr>192.168.20.251</ipaddr>
      <subnet>24</subnet>
      <ipaddrv6/>
      <subnetv6/>
      <media/>
      <mediaopt/>
      <gateway/>
      <gatewayv6/>
      <descr>LAN_fisica</descr>
    </lan>
    <lo0>
      <internal_dynamic>1</internal_dynamic>
      <descr>Loopback</descr>
      <enable>1</enable>
      <if>lo0</if>
      <ipaddr>127.0.0.1</ipaddr>
      <ipaddrv6>::1</ipaddrv6>
      <subnet>8</subnet>
      <subnetv6>128</subnetv6>
      <type>none</type>
      <virtual>1</virtual>
    </lo0>
    <opt1>
      <if>vlan01</if>
      <descr>LAN</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.20.251</ipaddr>
      <subnet>24</subnet>
    </opt1>
    <opt2>
      <if>vlan02</if>
      <descr>WAN</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>dhcp</ipaddr>
      <dhcphostname/>
      <alias-address/>
      <alias-subnet>32</alias-subnet>
      <dhcprejectfrom/>
      <adv_dhcp_pt_timeout/>
      <adv_dhcp_pt_retry/>
      <adv_dhcp_pt_select_timeout/>
      <adv_dhcp_pt_reboot/>
      <adv_dhcp_pt_backoff_cutoff/>
      <adv_dhcp_pt_initial_interval/>
      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
      <adv_dhcp_send_options/>
      <adv_dhcp_request_options/>
      <adv_dhcp_required_options/>
      <adv_dhcp_option_modifiers/>
      <adv_dhcp_config_advanced/>
      <adv_dhcp_config_file_override/>
      <adv_dhcp_config_file_override_path/>
    </opt2>
    <opt3>
      <if>vlan03</if>
      <descr>IoT</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>172.16.33.251</ipaddr>
      <subnet>24</subnet>
    </opt3>
    <opt4>
      <if>vlan04</if>
      <descr>VLAN200</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.200.251</ipaddr>
      <subnet>24</subnet>
    </opt4>
    <opt5>
      <if>wg1</if>
      <descr>WG1</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
    </opt5>
    <opt6>
      <if>vlan05</if>
      <descr>Neighbors</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.15.251</ipaddr>
      <subnet>24</subnet>
    </opt6>
    <openvpn>
      <internal_dynamic>1</internal_dynamic>
      <enable>1</enable>
      <if>openvpn</if>
      <descr>OpenVPN</descr>
      <type>group</type>
      <virtual>1</virtual>
      <networks/>
    </openvpn>
    <wireguard>
      <internal_dynamic>1</internal_dynamic>
      <descr>WireGuard (Group)</descr>
      <if>wireguard</if>
      <virtual>1</virtual>
      <enable>1</enable>
      <type>group</type>
      <networks/>
    </wireguard>
  </interfaces>

And here the VLAN part:

Code: [Select]

<vlans version="1.0.0">
    <vlan uuid="ab11bcee-edca-4de1-a019-432e490cbbfc">
      <if>re0</if>
      <tag>2</tag>
      <pcp>0</pcp>
      <descr>LAN_VLAN</descr>
      <vlanif>vlan01</vlanif>
    </vlan>
    <vlan uuid="255dd735-3d7e-49fa-9aa3-352dcf1b0c69">
      <if>re0</if>
      <tag>77</tag>
      <pcp>0</pcp>
      <descr>WAN</descr>
      <vlanif>vlan02</vlanif>
    </vlan>
    <vlan uuid="da04b0cb-2852-49c7-82ca-e0a820479c90">
      <if>re0</if>
      <tag>33</tag>
      <pcp>0</pcp>
      <descr>IoT</descr>
      <vlanif>vlan03</vlanif>
    </vlan>
    <vlan uuid="25477895-432b-4814-8a6c-a70423aea760">
      <if>re0</if>
      <tag>200</tag>
      <pcp>0</pcp>
      <descr>Management</descr>
      <vlanif>vlan04</vlanif>
    </vlan>
    <vlan uuid="4843b562-0653-4852-a3e5-b44a64eea025">
      <if>re0</if>
      <tag>15</tag>
      <pcp>0</pcp>
      <descr>Neighbors</descr>
      <vlanif>vlan05</vlanif>
    </vlan>
  </vlans>

Virtual private networks / [Wireguard] Name does not resolve - only on reboot

« on: February 01, 2024, 03:30:05 pm »

I've setup a Wireguard VPN that works.
Today we had 2 blackout and both the time the VPN didn't connect automatically to the endpoint.
I've checked and in the logs I see

Code: [Select]

Name does not resolve. If i disable and enable back the endpoint, it works.
So it seems that after Opnsense restarts it's not able to resolve a public DNS and WG doesn't retry.
How can I solve this problem?
Thanks!

Virtual private networks / WG: site 1 ping site 2, but not vice versa

« on: September 27, 2023, 04:34:03 pm »

Hi all!
I've setup 2 OPNsense with WireGuard.
Attached you can see the settings of both routers.
Routes of each other routers are presents.
Site 1: 23.7.5, WG plugin (os-wireguard) 2.1 - 192.168.31.251
Site 2: 23.7.5, WG plugin (os-wireguard) 2.1 - 192.168.20.251

From site 1 I can ping 192.168.20.251
From site 2 I CAN'T ping 192.168.31.251

In the firewall In the WG interface I've created 2 rules, 1 for inbound and 1 for outbound with accept on both routers

What am I missing?
Thanks!

P.s. Sorry but I don't know how to place the images inline. How do I do that?

General Discussion / User portal for accessing internal resources (HTTP, SSH, RDP, etc.)

« on: May 10, 2019, 10:48:50 am »

Hi,
is there a plan (or is it there yet and I haven't seen it

) to have a "user portal" where I can login into and access some internal resources directly from a web browser like RDP, SSH, internal web server, and so on?
Thanks,
Andrea

Pages: [1]