1
General Discussion / Re: Support completing firewall rules and fix wireguard dns issues
« on: Today at 12:44:33 am »
Hi!
I have a very similar experience with a configuration that's also based on Schnerring's OPNSense Baseline Guide. I used it for a little more than a year without issues. I think it was the 24.1.2 upgrade that broke it. After that I couldn't access the Internet from any client computer (except through VLAN40), oddly enough it seems as if the firewall itself can resolve DNS requests. I've been able to upgrade OPNsense and other services like Let's Encrypt and ClamAV has been able to stay updated. Most of the Firewall > Log Files > Live View is in red. As per the guide there are 4 Vlan's, VLAN10 is used for management. VLAN20 is the main access over Wireguard (in my case Mullvad) which uses Unbound and resolves DNS requests by DNS root servers. VLAN30 is a backup access path and uses Dnsmasq. VLAN40 is a guest network and isolated from the 3 other Vlan's and uses a public DNS server configured in the DHCP server. Access through VLAN40 has been working uninterrupted. I include an image of the DNS-arcitecture from the site. I hope Schnerring doesn't mind.
Miroco
I have a very similar experience with a configuration that's also based on Schnerring's OPNSense Baseline Guide. I used it for a little more than a year without issues. I think it was the 24.1.2 upgrade that broke it. After that I couldn't access the Internet from any client computer (except through VLAN40), oddly enough it seems as if the firewall itself can resolve DNS requests. I've been able to upgrade OPNsense and other services like Let's Encrypt and ClamAV has been able to stay updated. Most of the Firewall > Log Files > Live View is in red. As per the guide there are 4 Vlan's, VLAN10 is used for management. VLAN20 is the main access over Wireguard (in my case Mullvad) which uses Unbound and resolves DNS requests by DNS root servers. VLAN30 is a backup access path and uses Dnsmasq. VLAN40 is a guest network and isolated from the 3 other Vlan's and uses a public DNS server configured in the DHCP server. Access through VLAN40 has been working uninterrupted. I include an image of the DNS-arcitecture from the site. I hope Schnerring doesn't mind.
Miroco
Code: [Select]
https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/