Topics

1

24.1 Legacy Series / Constant red light indicating crash every few seconds, what does this mean?

« on: October 30, 2024, 04:13:36 pm »

https://pastebin.com/uqG39eX7

I'm just a novice user, no clue what to do here

It's complaining about something called hass.inc and is crashing literally 5000 times a minute by the look of it?

HASS is a homeassistant plugin which I didn't even remember installing onto OPNsense, but how do I remove HASS?

2

General Discussion / I can't figure out how to block IP addresses

« on: February 13, 2024, 08:44:11 pm »

Hello there, I am trying to learn how to block individual IP addresses and it isn't working for me.  I want to block any DNS servers my Amazon Fire Tablet is using to sneak past my Pi-hole, starting with 8.8.8.8 as a test run.  But it's not working.

I created an Alias, and inserted 8.8.8.8 as the content (reduced this to just 1 IP after noticing my entire list did not work either)

Then, I went to Rules -> Floating and thought I did everything right?  Picture is attached for all settings.

It does not work.  8.8.8.8 is fully reachable, pingable, everything, even after hitting apply.  Why?  And needless to say ads are getting through via 8.8.8.8 which Fire Tablets add as a forced 3rd DNS server

Pics attached of both Alias and Rule

Thanks for any help

I tried changing to Host(s) instead of URL(IPs) with no change, still lets it through

3

General Discussion / How do you change or install new themes in OPNsense?

« on: December 31, 2023, 09:19:09 pm »

I am still using the default theme

It's very white!

4

Virtual private networks / [SOLVED] Making Road Warrior WireGuard users traffic go through external VPN?

« on: November 14, 2023, 06:13:07 pm »

Hello there, I followed both the instructions to set up incoming WireGuard connections while I am not at home (Road Warrior howto) and the WireGuard Selective Routing howto to connect to my ProtonVPN accounts and then add clients under Aliases to have their traffic go through it, and both seem to be working successfully - except I cannot figure out how to make my WireGuard users traffic go through the ProtonVPN endpoint and NOT my exposed WAN ISP address.

When my phone connects to the WireGuard tunnel it's given an address of 10.10.10.2, so I put 10.10.10.2 in the HOSTS section just like I do with all the other home computers on my network, but it does not work - it seems to only apply to local LAN hosts with 192.168.1.x

As you can see in this screenshot, it works great for all my local LAN devices but the single 10.10.10.2 entry under Switzerland just  doesn't seem to do anything.  The phone is still being exposed by the WAN IP, and it's not going through ProtonVPN Switzerland

Please let me know how to fix this, and I will make a donation

Just to summarize - I want to use my phone while I am not at home to connect via wireguard app to my network (working fine) but I want my traffic to go through my already established & configured ProtonVPN connection.  Thus, reaping the benefits of the VPN without needing to connect with their own app, while still having access to my home network.

Thank you

5

23.7 Legacy Series / I can't find instructions for freedns.afraid.org

« on: November 14, 2023, 04:49:28 am »

I installed the ddclient plugin and OPNsense is 100% up to date, but the actual configuration is missing documentation.  I have googled with no solutions.

Does anyone know what I need to enter in this screen?  Specifically for freedns.afraid.org

Thank you

6

Virtual private networks / 3 VPN providers but 1 isn't working, what's different?

« on: October 25, 2023, 08:30:25 pm »

Hello everyone!  I have wireguard configuration from 3 different VPN providers.  SurfShark, ProtonVPN, and WindScribe.  WindScribe and Proton are working perfectly with no issues, and I have 4 different gateways running and I am able to remove hosts from one and add to another through using "Aliases" for each of them (I followed the official OPNsense Selective WireGuard Routing Guide) and THOUGHT everything was fine until I tried adding SurfShark..  I can't get their tunnels to work for some reason..  Everything looks like its established and there's no errors anywhere to be found, not in the WireGuard logs even that I've been able to find, and everything is green everywhere in the dashboard etc but when I apply a host to that tunnel, the traffic doesn't go anywhere - everything just stalls

https://imgur.com/a/9ssljys

where it says <key is pre-filled> those values are already included in the config files, I've just followed the WireGuard Selective Routing guide and been copy and pasting

And as mentioned I have multiple established ones all working fine, it's just the surfshark that isnt working..  at a glance the literal only difference I see is that it's using public DNS servers inside the config file and the others are all using internal network..  Is this the reason?  What do I need to change if so?

Big thanks for any help

7

Virtual private networks / My DNS is leaking! DNS leak check sites know my home IP somehow

« on: October 24, 2023, 07:36:10 am »

Hello all!  I have a Pi Hole doing my DNS running Unbound, and all devices on my network automatically are directed to 192.168.1.3 which is it's IP address via DHCP.  I have network-wide ad-blocking and thought everything was just fine.

I followed the WireGuard Selective Routing guide to add my ProtonVPN account, did the rules and single gateway and followed every step as good as I could possibly understand.  The tunnels are established and I *thought* everything was fine .. it says my IP address is the VPN IP and I can happily switch hosts on and off between the VPN which I was really pleased with, so again, thought everything was fine, until I stumbled onto this site: https://mullvad.net/en/check

and all of a sudden it says my DNS is leaking, and my mind is absolutely blown away that it has my exact unencrypted IP and city where I live..   How could this happen?! 

I checked from a client which is going through this local gateway and as far as I know is supposed to be using my Pi Hole, so I am very concerned and not sure how to proceed

Thanks very much

8

Virtual private networks / Cannot determine Monitor IP when connected to Proton VPN

« on: October 24, 2023, 04:55:33 am »

Hi all, I am following this guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

And on step 6, it says

Monitor IP

Insert the endpoint VPN tunnel IP (NOT the public IP) of your VPN provider - see note below

Note

Specifying the endpoint VPN tunnel IP is preferable. As an alternative, you could include an external IP such as 1.1.1.1 or 8.8.8.8, but be aware that this IP will only be accessible through the VPN tunnel (OPNsense creates a static route for it), and therefore will not accessible from local hosts that are not using the tunnel

Some VPN providers will include the VPN tunnel IP of the endpoint in the configuration data they provide. For others (such as Mullvad), you can get the IP by running a traceroute from a host that is using the tunnel - the first hop after OPNsense is the VPN provider’s tunnel IP

This worked fine on WindScribe, when I connect using their wireguard .conf traceroute showed me the next hop as this guide implies.  But on ProtonVPN, they must be doing something to prevent you from tracing it - it just shows up as * * * for 30 attempts in a row, then exits.  It doesn't find even one successful hop properly..  Rest of the internet is working great though, pings included, so I have no idea what to do

What do I put in for Monitor IP when I can't traceroute?  There's an Endpoint listed in the .conf with the port I connect to, but the note specifically says not to use that

Thanks very much, I'm at a standstill now for adding ProtonVPN

9

23.7 Legacy Series / Proxmox & OPNsense reporting incorrect memory usage

« on: October 23, 2023, 06:08:42 am »

Hello there, I found this thread which is no longer accepting replies, it is marked solved but the solution is not there even though @Dunuin appeared to be reporting the same symptom at the very bottom of the thread with no solution.  This was in 2020:  https://forum.opnsense.org/index.php?topic=15708.0

Just wondering what the fix is, because I have posted about this same problem, but on Proxmox forums instead..  Screenshots of my problem are also included https://forum.proxmox.com/threads/wrong-memory-usage-reported-in-proxmox-interface-even-with-ballooning-off.135324/

This is happening regardless of ballooning settings and I'm frustrated for the exact same reason as @Dunuin at the bottom of the archived thread

Thanks very much for any assistance!  I can't attach the screenshots, you need to click the Proxmox forum link, this forum is saying my pictures are too big

10

23.7 Legacy Series / Poor speeds and high CPU usage when going through OPNsense?

« on: October 22, 2023, 02:21:37 am »

Hello all, I've been posting on reddit and Proxmox forums seeking help with a problem and I still have no solution.  For quick background reading way better than I can possibly repeat in full:
https://www.reddit.com/r/Proxmox/comments/17chu7r/proxmox_opnsense_10_performance_vs_bare_metal/
https://www.reddit.com/r/Proxmox/comments/17d59ew/proxmox_opnsense_cpu_usage_maxed_out_on_vm_but/

Both of these topics I wish I could edit as they don't reflect the current state of my problems, which are: any time I am using OPNsense and downloading at high speeds, my CPU usage goes through the roof in OPNsense and also bottlenecks my downloads.

I have a 2 port Intel i225-V 2.5GbE NIC system which is running Proxmox Linux, and has OPNsense installed in a VM with 8GB RAM and 32GB disk space allocated.  Doesn't matter if I allocate 1 CPU core or 4 cores.

I deliberately am not even introducing other devices to keep things dead simple..  1 modem, 1 OPNsense router with 2.5gb dual ports, and 1 desktop PC to use the internet on the other end.

My OPNsense configuration is posted with full screenshots in the above posts, but it's super straight forward: I am on Bell Canada 3GBPS Fiber, with PPPoE credentials from them, which work perfectly fine..  I left all of the default values in the PPPoE section and simply input my username and password and it grabs the external IP perfectly, internet connection is all working.  I connect the 10Gbps port out of my ISP modem and goes into WAN port in my OPNsense dual port NIC.

When I don't go through OPNsense I download at 2350/mbps both up and down with no problems at all, maxing it out, even if I run it 30 times in a row.   However as soon as I decide to try going through OPNsense, I lose nearly 1Gbps of download throughput (oddly enough, upload speed does not seem affected as much) and my CPU usage goes through the roof.

We have tried so many things now, if you read those threads, ranging from adjusting CPU cores, to playing with multiqueue options on the NIC settings, VirtIO options, MTU options, you name it. 

I am at a complete loss as to why OPNsense is causing the system to basically melt down with 100% usage on simple downloads.  I downloaded an Ubuntu ISO torrent just for fun, and OPNsense was using 70% CPU for a tiny 4 gb torrent sadly  

I post here in hopes of finding any kind of help or guidance or even new ideas to try, as I desperately am trying to get my full download speed back that works no problem as soon as I stop using OPNsense..

A quick example picture of my predicament:  https://imgur.com/a/YXDQW70 and now https://imgur.com/a/0rCEtw3 but there are tons more in the reddit threads at the top of this post.  As soon as I unplug from OPNsense and even stay in Proxmox but connect to the ISP router instead of OPNsense, I get a full 2400 of my 2500...  EVERY time.  It's not a temporary issue or something unrelated to OPNsense -- it's definitely a problem here between the two, but I don't know which!  Or even if I did, how to work on correcting it..

Huge thanks in advance for any help.  I would actually donate to the project as I've mentioned before, but not until this issue is solved.  It's a big problem that needs fixing and I am not smart enough to do it on my own!  I have not even tried pf as I already know from what I've read about OPNsense that it's a project I'd much rather support as well

11

General Discussion / I don't know where to begin. Proxmox is on a different subnet than the OpnSense

« on: October 19, 2023, 04:32:30 pm »

Hello all, novice user here

My setup is as follows

Bell GigaHub ISP Modem/Router Combo w/3Gbps Fiber @ 192.168.0.1
Proxmox Hypervisor installation @ 192.168.0.100
OpnSense installed under Proxmox @ 192.168.1.1

These were all the default values.

I want to disable the Gigahub's router/wifi features and have it go through OpnSense instead, but right off the bat, I see a huge problem with Proxmox being on 192.168.0 and OpnSense at 192.168.1

And how is the 192.168.1.1 OpnSense installation supposed to communicate with the Modem itself which is on an entirely different subnet?

And furthermore, how will I access my Hypervisor which is at 192.168.0.100 if the OpnSense is choosing 192.168.1.1 ?

I'm incredibly confused here and don't know where to begin.  What do I do?