Topics

1

General Discussion / Wireguard site-to-site stopped working after setting dual wan failover

« on: November 25, 2023, 09:50:21 pm »

Hi,

I started with this setup
PC A: Dual WAN failover + wireguard setup
PC B: One simple gateway (no failover) + wireguard setup
Everything worked as expected. PC A and PC B can access each other's resource via SAMBA, and PC B can even connect to PC A via RDP

I setup a dual wan failover on PC B (same setup as PC A) too, and the wireguard tunnel stopped working.
I mean, the handshake seems to be up, but devices on opnsense's LAN side can't reach devices on the other opnsense's LAN anymore, not even ping one another.

I haven't yet understood what may have been wrong.

Could you please give me an hint as a starting point, just to see where I need to check the possible misconfiguration? Thanks

for the record, here are the two tutorials I followed to setup dual wan failover and wireguard for both machine:

https://www.youtube.com/watch?v=CcXYiFj9mBA  -> dual wan failover
https://www.youtube.com/watch?v=ah0Kkkqqfcg -> wireguard site-to site setup



Thanks

2

General Discussion / error(s) loading the rule

« on: November 24, 2023, 03:13:05 pm »

Hi,

Could anyone please help me make any sense of this error message?

https://imgbox.com/8walW3or



OPNsense is running as a VM in Proxmox (just for practice purpose at the moment), and its WAN port gets an IP from my physical home router (192.168.3.1), which manages my home LAN.
IP 192.168.3.100 is my desktop PC. I set a WAN pass rule for my PC so that it can reach the OPNsense dashboard and devices on the OPNsense LAN side.

Thanks

3

General Discussion / [SOLVED] Getting access to Opnsense GUI from WAN issue

« on: November 13, 2023, 08:41:26 pm »

hi,
I installed OPNsense on my Proxmox machine to practice with it, and wanted to get temporarily access to  its Web GUI from the WAN port to set it up more easily from my PC running on my home LAN managed by a physical router.
I hadn't managed to do it until I set "Disable" for the reply-to option in the WAN rule advanced settings, which did the trick.

However, I haven't yet understood what the reply-to is really for, and if it is safe to keep it disabled.

Again, I also have OPNsense running as a VM in my WMware workstation. I only set the pass rule on its WAN without disabling the reply-to option which is still set as "default". I can access its WEB GUI from the WAN nonetheless.
Why?

4

General Discussion / SSDP/DLNA across different subnets

« on: September 29, 2023, 10:36:20 am »

SSDP/DLNA across different subnets
Hi everyone

Is there a way to make SDDP (DLNA discovery) work across different subnets on Opnsense?

Thanks

5

Italian - Italiano / OPNsense and Devices running mDNS

« on: September 18, 2023, 05:55:20 pm »

Hi,
I was watching this video:

https://www.youtube.com/watch?v=HW9mUrF1ZgU

and I also read this OPNsense wiki:

https://docs.opnsense.org/manual/how-tos/multicast-dns.html?utm_source=pocket_reader


I need to figure out how it works exactly. So, sorry if my question may sound stupid to the most.

Assuming that I have a smart tv or something running on subnet 172.16.69.0/24 which uses mDNS and needs to communicate with a server on LAN 192.168.3.0/24 in order to get media contents, would the setup shown in the video be the same on OPNsense after installing Multicast DNS Proxy?

Thanks

6

Zenarmor (Sensei) / [SOLVED]Zenarmor default policies doesn't work on GUEST interface

« on: August 15, 2023, 11:47:13 am »

Hi,
I installed Zenarmor plugin on my OPNsense 23.1.11 firewall (Which runs as a VM for the time being).
I set up the default policy on LAN interface (em1) to block a few web contents.
Here is the original setup:



and everything works as expected.
I then added another virtual interface  (em3) and set a subnet for GUEST in OPNsense. I wanted to use the same policy and setup on it as em1, so I checked mark (em3) in Zenarmor, but I got an error message when I clicked the APPLY button:

https://imgbox.com/WOEjaXx6


So, I set the tags on both interfaces accordingly:




 I though that I had fixed the issue.

However, the block rules still seem not to be working on the guest(em3) interface as they regularly work on em1(LAN). In a few worlds, facebooks and adult content aren't blocked as expected.

Could anyone please help me figure it out?

Thanks

7

General Discussion / Port forwarding and linked rule for DNS redirect. Why linked rule

« on: August 14, 2023, 06:07:43 pm »

Hi everyone,

I set two networks (LAN and GUEST) on OPNsense 23.1.11, each on its own interface/subnet (no vlans). I also set redirect DNS rules for both in NAT-> Port Forward:




They seem to be working but, since I am still new to OPNsense, there is something I haven't understood.

1) First of all, why was the Guest one  set as a "linked rule", and the LAN one not?

2) in fact, in FIREWALL->RULES->GUEST was automatically created a rule, while in RULES->LAN not?  Strange WHY



As I said, they both work. Here is the log for the GUEST subnet dns redirect:



Could anyone please help figure it out?

Thanks

8

General Discussion / Unbound DNS doesn't work

« on: December 30, 2022, 05:54:14 pm »

Hi

I don't know why but Unbound DNS doesn't work on my OPNsense. I only can use Dnsmasq DNS to enable DNS requests from devices in the LAN.
Could you please help me figure it out?
Thanks

9

General Discussion / Unexpected WAN_DHCP6

« on: December 30, 2022, 10:58:54 am »

Hi everyone,

I am totally new to OPNsense. Since I heard great things about it I decided to give it a try and installed it on a virtual environment (VMware workstation). The installation process went ok, but I see an unexpected DHCP6 interface entries both in my dashboard and in the gateway windows (I'm trying to set failover up) as you can see in the images underneath:



and



I don't remember what I exactly did during the initial setup...anyway

Should it be there? If not, can I get rid of it? How?

Thanks and a Happy New Year to everybody.