Topics

Hi all,

If I have multiple LAN subnets, and I want my clients in each subnet to be able to resolve/route to NGINX running on OPNSense, and then NGINX forwards to a server IP running in a DMZ subnet, what is the correct way to configure the DNS.

Do you setup a single Unbound DNS override entry to point to a single LAN gateway that you designate for NGINX, or do you somehow setup each LAN to have the DNS name of the server resolve to their respective LAN Gateway interfaces? 

Hi,

I'm looking in the Live Firewall logs for my LAN interface, and I can see that the default deny rule is periodically blocking 443 traffic, even though my firewall policy for that interface has a rule that allows all ports and protocols.

How can I track down what is causing this?
Is there a way to run a debug trace, and see what object in OPNsense is triggering this and determine why it's not being allowed out based on the interface rule?

Most tcp 443 traffic is being allowed, just randomly some of it is being blocked. It's also happening on other ports too, not just tcp 443.

Thanks!

Just wondering if OPNsense can run a SOCKS5 proxy server and then route the received traffic to a specific outbound route?

Any guidance would on how to configure would be very much appreciated.

Thanks!

Hi - I've provided a CSR and signed a certificate against the opnsense internal CA.

I would like to download the PKCS#12 file format file, however after clicking on download, nothing happens.

I've tried different browsers and computers, rebooted the firewall, but it just doesn't provide a prompt to save the file.

Same issue occurs when trying to download the private key.

Downloading the "Certificate" does work! But I need the private key :)

Any ideas why it's not working?

Cheers!

Hi OPNsense community!

The Live Log view (Firewall > Logs Files > Live View) is great! It allows you to filter easily and find what traffic is passing through the firewall easily.

I'm wondering if there is a similar view that can be used to filter the firewalls historical logs (syslogs)?

Any advice would be great!

Thanks!

I've configured Mullvad via Wireguard and am using a PPPoE WAN connection.

I have it working, but find that when a client is connecting to various internet webpages, it takes more time to load, and some of the content or functionality does not work.

E.g. Speedtest.net doesn't find the optimal server, and is extremely slow to start the test.

I've installed wireshark on my client computer and can see a fair amount of TCP retransmission messages in the traffic.

I get the sense that this is related to MTU/MSS, but I've changed it to different settings and can't seem to get it working properly.

My WireGuard instance MTU is 1412, the WAN PPPoE MTU is default (1500) but I think opnsense reduces it automatically to 1492, I have Normalization rule set to Max Mss 1352.

Would appreciate some help to determine what's causing this?

I've got a squid forwarding proxy running on my LAN interface (gateway IP) on default port 3128.

What firewall/NAT rule settings must be configured to route squids outbound traffic via a different WAN interface?

For example:

1. Can I create a firewall rule that filters traffic sent to the squid destination service port 3128, and then NAT that to a different WAN interface default gateway?

Or

2. Run squid proxy on a LAN sub-interface (Unique IP), and then create a firewall rule that specifies that any traffic originating from the sub-interface address routes via different WAN inteface gateway?

Cheers!

I'm using wireguard to connect from an iphone to opnsense.

The tunnel is working and my DNS is resolving most domains. DNS is using ubnbound, and the wireguard client is set to wireguard tunnel ip.

I'm finding that some domain return "NXDOMAIN" and do not resolve to an ip when using nslookup/dig.

Example: x.com doesn't resolver and either do some iphone apple.com services.

What could be causing this?

Hi,

I've setup WireGuard based on the road warrior configuration tutorial. I'm able to browse the internet when connected from an iPhone, and can see my public IP address is that of the Opnsense router WAN ip.

However, I've noticed that some iPhone apps don't work properly. As an example twitter is not loading new content.

I can nslookup x.com when wireguard is off, but when it's on, nslookup doesn't resolve x.com.

Has anyone else had this issue and know how to resolve?

Hello,

Running a clean install of Opnsense v25.1. Followed this youtube tutorial (https://www.youtube.com/watch?v=fFszlJpTBoc) to the letter, but after enabling Wireguard I'm not seeing any "Received" bytes, only send bytes (VPN > Status).

At 6min 25 sec in the youtube video, he says that after enabling wireguard, you should see the Handshake and Received bytes. However, I don't see a Handshake timestamp, and received is 0 bytes.

How can I troubelshoot the handshake?

I'm running a Lenovo P330 with a Intel Quad PCIe ethernet card. My LAN is using the on-board NIC, and the WAN is using the quad card. Internet connection is working find out-of-the box.

I've double checked all the public/private keys for the peer and instance, and other details for the config file that Mullvad generated, but it's just not establishing the wireguard tunnel completely.

How can I troubleshoot this? I've spend about 24 hours trying to get it working.

Hello,

I recently purchased a Lenovo P330 Tiny and a I350-T4 V2 Quad 1Gbps PCIe network card.

After installing the card and Opnsense v24.7 the I350-T4 card is not detected.

As Opnsense OS is loading I can see the following error flash by during the boot process. (see attached photo).

Does anyone know what's required to get the card working?

Thanks