Topics

Dear all,
I got stuck somewhere with Wireguard and can't get my head around.

I've installed wireguard and set up an instance which I can reach and connect to. I can ping the WG server with no problem

At the moment I can't connect to the other machines connected to the same WG instance. If I try to ping the IPs all packets are lost. every PC can instead ping the server and revers.

I followed the official OPNSense tutorial but still no clue about why this is happening

Does anyone have sone leads to follow?

thanks

Dear all,
I have OPNSENSE connected via Ehternet cable to the Modem.

At the moment OPNSense manage the PPPOE connection

My questions are:
1) do I have to assign a network to the interface used between the modem and the FW?
2) which interface should be set as WAN the network to the modem or the actual PPPOE interface?

At the moment I've set the modem - fw network as WAN with related firewall rules but litterally all incoming connections are coming using the PPPOE interface.

Thanks for your advice

Dear all,

I use Dynu for DDNS service and when the IP changes first I receve these error messages:

WARNING:  found neither IPv4 nor IPv6 address
WARNING:  XXXXX.net: unable to determine IP address with strategy use=cmd
Use of uninitialized value $ip in string at /usr/local/sbin/ddclient line 3658.
Use of uninitialized value $_[0] in sprintf at /usr/local/sbin/ddclient line 2179.

Checking the DDNS log I've noticed that after a while the client start to use the API and evenctually update the IP but after several tries.

Let me know if I'm possibly doing something wrong or if I can support with extra info

Cheers

Dear all,I'm new to the whole reverse proxy scene and this can be one possible reason of not getting things working.
At the same time I'm trying to follow tutorials and video getting anywhere.

I run OPNsense OPNsense 23.1.6-amd64 on an APU2C4 machine with PPPOEconnection over a modem

I've a webserver I need to be online and I'm using at the moment port forwarding PPPOE:80,443 -> DMZ:80,443. Let say I'm testing test.example.com (which is available from outside).  The apache config doesn't redirect port 80 ->443 because I'm trying to keep things simple

At the moment I'm trying to create a reverse proxy using as frontend IP LAN Address.
So far I only manage to receive

Code Select Expand

503 Service Unavailable
No server is available to handle this request

I tried  port 80 and 81 for the frontend, same result

I followed the documentation about HAProxy and below few lines from the log

Code Select Expand


[03/May/2023:17:10:43.527] test test/<NOSRV> -1/-1/-1/-1/0 400 0 - - PR-- 1/1/0/0/0 0/0 "<BADREQ>
[03/May/2023:17:11:13.163] test test/<NOSRV> -1/-1/-1/-1/0 503 217 - - SC-- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
[03/May/2023:17:11:13.190] test test/<NOSRV> -1/-1/-1/-1/0 503 217 - - SC-- 1/1/0/0/0 0/0 "GET /favicon.ico HTTP/1.1"


I'm trying to test reverse proxy locally before move from port forwarding to reverse proxy.

I'm more then happy to share more information but I can't see which are the most relevant.

Any advice?

Thanks

Dear all,

after messing up several days with Opnsense, I decide to start with a fresh installation.

I use an APU2C4 and installed OPN 23.1

The machine goes online

What I'm experiencing is that pc on both LAN and GUEST network do have problem to resolv websites.
I try:

Code Select Expand

ping 8.8.8.8 which is fine and if I try

Code Select Expand

ping ms.com it doesn't work

I checked Unbound DNS setups and I've seen that:

• service listen to all interfaces
• Access list shows the DHCPs of the 2 networks
• Deny access is disabled

I had the same issue before the fresh installation but I though it was due to some mistake somwhere else. If it persist on  a new installation then things are more serious

If needed I can pass more information and screenshots

Cheers

I followed the online documentation about how to create a guest network skipping the captive portal setup.

The FW rules are as shown on the documentation

I have a machine in the guest network and realized couldn't get online. after few checks I realized it is a problem of DNS.

I tried:

Code Select Expand

ping facebook.com
with 100% package lost

Code Select Expand

ping 8.8.8.8
with no issue

UnboundDNS is enable with access to any interfaces

My temporary workaround has been to pass an external DNS server with the DHCP setting.

Can someone help to understand where is the problem?
There is no DENY msg in the FW log

thanks

Dear all,

I'm working on OPN for few weeks now tring to get the best configuration between my old architecture and new possibilities using OPN
At the moment I want to move on using OPNSense as firewall between LAN and DMZ and used as default Gateway.

I use APU2c4 with 3NIC
igb0:wan
igb1:LAN
igb1: DMZ

Lan and intranet are online, no problem

I have problems to get the DMZ online. What I can see from the FW live view log is that all attempts from DMZ IPs are blocked.
In DMZ FW rules I added one source,DMZ, dst: wan net but still no way to get online

The message from the FW log says: Default deny / state violation rule and I can't figure out the default rule.

Can someone point me to some direction of investigation?
thanks

Dear all,

I'm strugleing to figure out how to make this work.
I have a modem/router with Openwrt with 3 LANs (LAN, DMZ, DMZ_2), and for all of these there is a DHCP server.
I want to change the router/firewall from zeroshell used in DMZ to opnsense used in DMZ_2

Opnsense run on APU2c4.
I have 2 NICs bridged configured with DHCP client. opnsense receive the IP from the DHCP server when connected to the Openwrt main router.
the issue is that if I plug a pc to the second NIC of the bridge, the pc doesn't receive the IP. In other terms the bridge in Opnsense doesn't forward the DHCP server information.

Can I have some hints?

I've tried also to reverse the setting with DHCP server on Opnsense and Openwrt as client but with this I get really confused with routes and gateway and I can't figure out how to access the open internet from DMZ_2 machines...

To be honest I don't know which is the best or correct way of doing it. I have the actual configuration with Openwrt in charge of al DHCP server and works so far and it make sense to me

cheers

Dea rall,
I'm new to opnsense and I'm happy I decided to start to use it.

I have an APU2D4 (3 NICs) and for fun few years back I built my own 'IT' corner with a NAS and a webserver.

Thi IT corner is so configured:

• modem/router with openwrt generating a DMZ network for which is the DHCP server (old setup on which I have to work on but I'm never home long enough to have direct access to my devices
• Zeroshell as FW in the DMZ with DHCP (Client) and a bridge of the 3 NICs working also as switch
• webserver and NAS

Now I'm trying to change Zeroshell with OPNsense and I got stucked right at the beginning. First step is to replicate the Bridge in OPNSense using the DHCP server from the router/modem.

I followed the documentation about how to create a bridge assigning to it the LAN specs which did work.

After I assgned the LAN itnerface to the original NIC, created a new BRIDGE interface with dymanic DHCP. When I connect the BRIDGE to the router, the interface receive an IP accordingly but:

• if I connect my pc to BRIDGE I don't receive the IP
• despite I set up a FW rule for BRIDGE to accept TPC connections (consider I connect to the DMZ network from a different temporary switch) I can't access the machine

Now, first thing first. Can someone pass some hints how to dynamically pass te IP address to any machine connected to the BRIDGE interface?

cheers

ADDENDUM: I connect a serial console to the box and I see this error shown on the screen:
arpresolve: can't allocate llinfo for 10.xxx.xxx.1
on BRIDGE network and the IP is for the GW and IP of the router/modem