OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ricksense »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - ricksense

Pages: [1] 2
1
General Discussion / Wireguard via DHCP WANs in a Failover Scenario
« on: November 21, 2024, 01:07:00 pm »
Hi everyone,
I created two LABs in virtual environments, each running OPNsense as a firewall/router of their own LANs.
I also set a dual WAN failover on their WAN ports (one port with static IP, and a dhcp client on the other).
I then set a site-to-site Wireguard tunnel between the two OPNsense machines to make their LANs reach each other. Everything works great so far.

However, I noticed that the tunnel works as long as a WAN with static IP is UP on at least one side of the two LABs; in other words, if the two "static IP WANs" fail on both sides, the Wireguard tunnel stops working even though the two DHCP WANs are regularly up and the clients on both sides can go out to the Internet.
Is this expected and considered normal behaviour in a real-world scenario too?
Thanks

2
Italian - Italiano / Wireguard via DHCP WANs
« on: November 21, 2024, 01:04:31 pm »

Moved to General Discussion. My bad, sorry

3
General Discussion / [SOLVED] I can't access WEB GUI from a local PC
« on: November 19, 2024, 11:03:32 am »
Hi,

I can access my OPNsense web GUI either from a management interface or directly from WAN (I set a firewall rule for that), no security issues since everything runs in a virtual lab environment.
I found out that I can't access the web GUI from local PCs running in a  VLAN,even though I set a pass rule for that, and the PCs can ping the local gateway (10.30.30.1) and go to the internet regularly.

here is the VLAN firewall rules:



and a Wireshark capture on the trunk interface:



I also disabled the firewall filters in the advanced option but I still can't access the web GUI from the "main" VLAN.

I don't know what it is wrong with it. Could you please help figure it out? Thanks


4
General Discussion / Disable reply-to on WAN Rule to access GUI from WAN
« on: November 17, 2024, 09:05:34 pm »
Hi everyone,

I installed OPNsense as a VM on two different PCs. In order to access their own WEB GUIs from WAN (just for convenience, they run on LAB environments which I use for learning purpose), I set pass rules to allow that, of course.
I can access the OPNsense's WEB GUI from the browser of the host where the VM runs,
BUT if I want access it from another PC (the other one when another OPNsense VM runs) , it isn't allowed unless I check "Disable reply-to on WAN Rule"



Could anyone please explain to me what this option is for and how does it work exactly?

Thanks



5
General Discussion / Error: Not netmap adapter on device
« on: November 08, 2024, 01:20:28 pm »
Hi,
I installed and enabled Zenarmor for the LAN interface (and IPS for the WAN as well).
I started to see this error message on the shell:

https://imgbox.com/ZzU5wxX4

Could anyone please tell me what it is about and if I can fix it?
Thanks

6
General Discussion / Wireguard S2S issue
« on: September 22, 2024, 08:01:21 am »
Hi
I created a lab with two OPNsense virtual machines in Pnetlab.
I set up Wireguard as a site-to-site VPN on both of them. The Wireguard itself seems to be working fine, as you can see from the images below:



On both OPnsense VMs, I set VLANs with a few VPCs, and I tried to reach them through the Wireguard tunnel, but they can't even ping each other.
However,  I can ping the VPCs from the diagnostic tools in the OPNsense VMs
I think I have already tried just about everything (set firewall rules etc) to get everything working, but I still find myself banging my head against this problem for about a week.
Could you please help figure it out? Thanks

My LAB topology




7
General Discussion / L3 Switch behind Opnsense
« on: June 29, 2024, 11:12:21 pm »
Hi,
I'd like to put an L3 switch behind OPnsense. The switch will manage a few VLANs and a DHCP server for each of them. Then, I would set a /30 subnet (say 192.168.10.0/30) between one interface of the switch (192.168.10.2/30) and one of the Firewall (192.168.10.1/30). The L3 switch would have 192.168.10.1 as a default gateway in the routing setup.
I'm not sure how to set Opnsense up to make it work properly. What should I do first on the routing setup side?
Could you help me figure it out?
Thanks

8
Zenarmor (Sensei) / Packet Engine stopped
« on: March 19, 2024, 08:21:30 pm »
hi everyone,

Zenarmor free version runs on my OPNsense 23.7.8_1
I keep seeing this error message when I open the Zenarmor's dashboard:



So, I start it every time, but it stopped working after a little while:



I don't know what it is the problem with it?
Could you please help me figure it out?
Thanks


9
General Discussion / pcib1: timed out waiting for Data Link Layer Active
« on: January 09, 2024, 03:07:57 pm »
Hi,

I see this message on my OPNsense machine screen:




I'm still trying to make sense of it. I didn't notice any problems with OPNsense so far, I mean, everything works as expected.
Could you help me figure it out please?
Thanks

10
General Discussion / DNS resolution takes ages after failover
« on: January 02, 2024, 06:47:39 pm »
Hi,

I set a dual WAN failover on my Opnsense which is installed on a laptop.
The main WAN interface is a wifi dongle which works [almost] perfectly.
The second WAN is an ordinary ethernet interface.
I need this setup since the OPNsense device is meant to be a portable firewall/router.
The failover works, it switches to the second WAN if the primary goes down, and back to the main WAN when it is up again, even though there is an issue with the wifi re-connection as I wrote here in this thread already:

https://forum.opnsense.org/index.php?topic=37858.0

However, the DNS resolution (unbound is running) takes ages when the connection switches back to the main WAN (wifi), but no issue with the dns resolution when the connection switches from WAN1 (wifi) to WAN2 (ethernet).

Why?

Thanks


11
General Discussion / WiFi Wan re-connection
« on: January 01, 2024, 04:18:16 pm »
Hi, and a happy new year to every one.

I managed to make a D-link wifi dongle work as a WAN interface on a laptop. It's going to work as a backup connection, or as a main WAN when I use the Opnsense device as a portable router.
I noticed that when the internet connection goes down and the up again this WAN interface doesn't re-connect automatically, I need to go to interface->WAN2->save and apply the setup again to make it re-connect to the AP. Is there a way to make it re-connect automatically?

Thanks

12
General Discussion / Wireguard site-to-site stopped working after setting dual wan failover
« on: November 25, 2023, 09:50:21 pm »
Hi,

I started with this setup
PC A: Dual WAN failover + wireguard setup
PC B: One simple gateway (no failover) + wireguard setup
Everything worked as expected. PC A and PC B can access each other's resource via SAMBA, and PC B can even connect to PC A via RDP

I setup a dual wan failover on PC B (same setup as PC A) too, and the wireguard tunnel stopped working.
I mean, the handshake seems to be up, but devices on opnsense's LAN side can't reach devices on the other opnsense's LAN anymore, not even ping one another.

I haven't yet understood what may have been wrong.

Could you please give me an hint as a starting point, just to see where I need to check the possible misconfiguration? Thanks

for the record, here are the two tutorials I followed to setup dual wan failover and wireguard for both machine:

https://www.youtube.com/watch?v=CcXYiFj9mBA  -> dual wan failover
https://www.youtube.com/watch?v=ah0Kkkqqfcg -> wireguard site-to site setup



Thanks

13
General Discussion / error(s) loading the rule
« on: November 24, 2023, 03:13:05 pm »
Hi,

Could anyone please help me make any sense of this error message?

https://imgbox.com/8walW3or



OPNsense is running as a VM in Proxmox (just for practice purpose at the moment), and its WAN port gets an IP from my physical home router (192.168.3.1), which manages my home LAN.
IP 192.168.3.100 is my desktop PC. I set a WAN pass rule for my PC so that it can reach the OPNsense dashboard and devices on the OPNsense LAN side.

Thanks

14
General Discussion / [SOLVED] Getting access to Opnsense GUI from WAN issue
« on: November 13, 2023, 08:41:26 pm »
hi,
I installed OPNsense on my Proxmox machine to practice with it, and wanted to get temporarily access to  its Web GUI from the WAN port to set it up more easily from my PC running on my home LAN managed by a physical router.
I hadn't managed to do it until I set "Disable" for the reply-to option in the WAN rule advanced settings, which did the trick.

However, I haven't yet understood what the reply-to is really for, and if it is safe to keep it disabled.

Again, I also have OPNsense running as a VM in my WMware workstation. I only set the pass rule on its WAN without disabling the reply-to option which is still set as "default". I can access its WEB GUI from the WAN nonetheless.
Why?


15
General Discussion / SSDP/DLNA across different subnets
« on: September 29, 2023, 10:36:20 am »
SSDP/DLNA across different subnets
Hi everyone

Is there a way to make SDDP (DLNA discovery) work across different subnets on Opnsense?

Thanks

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2