Topics

I've created two WG tunnels (Mullvad) and created a gateway group with both tunnels on tier 1 to use load balancing, so in the firewall -> LAN rule I've selected that gateway group.

But when I look at the firewall -> live view of both wireguard interfaces, I see traffic on one WG interface only and on the other one it's just every now and then some ICMP and that's all, what am I missing?

Tia.

Could someone explain to me what exactly the step 9 of the WireGuard Selective Routing tutorial does ?

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#step-9-configure-routing

Tia.

I've installed AdGuard Home on a Raspi4 connected to my LAN (192.168.0.1) and Raspi IP address is 192.168.0.14

AdGuard is listening on all interfaces (bind DNS on 0.0.0.0)

Unbound is disabled.

On LAN I have a port forward rule, the firewall rule as well as the outbound rule, and the setup seems to work but in AdGuard dashboard I see all the stats coming from a single IP, i.e. 192.168.0.1 - how would I fix that?

Tia.

[ALL]

Let's start with my OPNsense setup:

1. Unbound disabled

2. Raspi4 acting as DNS server (Quad9 servers) connected to another port of the appliance (LAN3)

3. Port forward for LAN interface

4. LAN rule for port 53 automatically created by the port forward

5. System -> Settings -> General -> DNS servers = 1.1.1.1 (I have to input a DNS server otherwise OPNsense cannot perform updates, even if I check the option "Allow DNS server list to be overridden by DHCP/PPP on WAN")

I've noticed that if System -> Settings -> General -> DNS servers list is empty then OPNsense cannot resolve any websites and ALL the LAN devices have no Internet access, hence I've added the Cloudflare server -> I've got a DNS leak as tested with this website from any device on my LAN i.e. I get two ISP as result, Quad9 and Cloudflare  >:(

During the DNS leak test I was watching the live firewall output and noticed that the LAN rule to redirect the DNS requests is rightly triggered alongside another one labelled "let out anything from the firewall host itself" on LAN3 interface (that's where the Raspi4 is connected to).

For both rules the destination address is the one of the Raspi4.

Why the port forward doesn't suffice and the client is using both DNS servers to perform the test (DNS leak) ?

How do I instruct OPNsense to use the ISP DNS servers while the clients only using the Raspi4 servers as per the port forward?

Tia.

I'm testing the Mullvad app on my smartphone (it uses Wireguard) and it works just fine.

If I connect the smartphone to my home network, then OPNsense denies the connection (see attachment): where do I start to troubleshoot?

On the same smartphone, I have also ProtonVPN app and it connects straightaway  ::)

Tia.

After crashing my head for several days ;D  I managed to get wireguard working, and now I'd like to add a second tunnel for failover: is there a guide for dummies I can follow?

Tia.

I've decided to upgrade to the latest version 23.7.1_3 and noticed my client can no longer connect through ProtonVPN (I didn't change anything) - I'm using OpenVPN.

Can someone guide me how to troubleshoot this, where to start from?

Tia.

Since the ISP modem has no access to its GUI (as it's locked), is there a way through OPNsense to check what speed the modem is syncing ?

Tia.

[net.inet.rss.bits]

I'm testing the RSS with i225 (igc) and before enabling that the net.inet.rss.bits value was 2 (it's a 4-core/4-thread CPU), but after enabling RSS the net.inet.rss.bits was set to '3', how come?

And should I leave it to 3 or should I add a tunable and set net.inet.rss.bits=2 ?

Tia.

I'm trying to figure out why OpenVPN doesn't give me Internet access (it was working for the past 7 days).

I'm using ProtonVPN and the serivce works fine from both my laptop and my smartphone: can anyone helpm out to troubleshoot as I'm not a netoworking expert?

This the the client1.conf content:

Code Select Expand

dev ovpnc1
verb 3
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
script-security 3
daemon openvpn_client1
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local x.x.x.x  #IP masked
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote 146.70.133.130 5060
remote 146.70.179.50 4569
remote 146.70.179.50 1194
remote 146.70.83.66 5060
remote 146.70.96.66 1194
remote 154.47.24.193 1194
remote 146.70.133.130 1194
remote 146.70.83.66 1194
remote 146.70.96.66 5060
auth-user-pass /var/etc/openvpn/client1.up
ca /var/etc/openvpn/client1.ca
tls-auth /var/etc/openvpn/client1.tls-auth 1
compress stub-v2
route-nopull
remote-random
tun-mtu 1464
reneg-sec 0
remote-cert-tls server



Tia.

[os-wireguard]

I'm trying to understand why there are two WireGuard plugins, os-wireguard & os-wireguard-go, both on the same version 1.13_5 (and same size, 55.5 KiB), and in case which one to install.

Tia.

The device I want to access from my Windows laptop is connected to the interface LAN2: LAN is on 192.168.0.1/24 (and my laptop is on LAN) while LAN2 is on 192.168.20.1/24 – I don't use kill switch.

I'm struggling to understand how I can access the web UI of that device which is on a different subnet of my laptop while connected thorugh my VPN (no issue when the VPN is off) ??

Tia.

Which DNS server has higher priority, in other words which one the client is going to pick up, the one I specify in Services -> DCHPv4 -> LAN or in Services -> DCHPv4 -> LAN -> Client ?

Tia.

I've installed DDNS and the service I use is Duck DNS - I'm on OPNsense 22.7.11_1

In the log file section, I see only the (first) entry of when I installed the service, so why I don't see any other activities as every 300s the service is supposed to check if the IP address has changed?

Tia.

[System -> Settings -> General -> DNS servers]

I'm playing with my raspi and I have installed/configured AdGuard Home + Unbound to use it as a DNS server and want to test it with my OPNsense.

My LAN is on 192.168.0.1/24 while the raspi is connected to another port of my OPN box and labelled LAN3 and is on 192.168.20.1/24

The raspi static IP address is 192.168.20.50

Before turn OPNsense Unbound off, I need to point my LAN devices to the raspi IP address as their new DNS server, and was wondering if it would more logic / better to do that in System -> Settings -> General -> DNS servers or in Services -> DHCPv4 -> LAN -> DNS servers

What are the pros/cons of the two optoins?

tia.

I've assigned the WAN port to the physical address (opt3) with an IP address on the same subnet of the modem, so now I can access the modem GUI, but I see lots of errors in, is there a way to fix that?

I'm on the latest version 22.1.9 (if that matters) and the LAN ports are i225-V

Tia.

I've just found out that the last update of the dnsbl.conf file goes back to April 14 just after the firewall upgrade: anybody else experiencing the same issue? The cron job is still there and enabled.

Any solution for this ?

Tia.

I have a 4x port device (1x WAN and 3x LANs): LAN1 (192.168.0.1/24) is used as the main internal network and it's connected to a WAP.

The issue I have is that the when the Raspi 4 is connected to LAN1 to one of the WAP ports, I can use VNC viewer from my Windows laptop with no problems, but if I connect the Raspi 4 directly to the free LAN port on the device/firewall, I cannot - LAN3 = 192.168.20.1/24

I can ping the Raspi 4 from my laptop also when connected to LAN3, and in firewall -> rules -> LAN3 I have the 'default allow LAN3 to any rule' but VNC viewer goes in time out: can someone please help me out to troubleshoot?

Tia.

I've ordered a second SDD for my appliance and I'd like to set up the ZFS mirror functionality: do I have to re-install OPNsense from scratch or I can do it with some commands?

Tia.

Since I upgraded to 22.1 I noticed the use of the swap file, currently at 12%, but memory usage has not changed, it's still around 40%, is that normal?

Untill 21.7.8 the swap file has been always 0.

Tia.