Messages

1

General Discussion / Re: floating rule not working... Anybody?

« on: September 15, 2022, 10:21:28 am »

The wiki and the help menu in the firewall rules explain direction for firewall rules.

Direction is assessed from the perspective of OPNsense.

So "in" means traffic coming into an interface from the network connected to that interface.

"Out" means traffic going out of an interface to the network connected to that interface.

So an "in" rule on LAN would apply to traffic coming into the LAN interface on OPNsense from devices in LAN net.

Most of the time, only "in" rules are needed.

2

22.7 Production Series / Re: The latest release is an absolute garbage

« on: September 15, 2022, 12:12:33 am »

Sure, OPNsense is not perfect and there are issues/bugs from time to time with certain packages or configurations. That's software, unfortunately. But I can't see how labelling them whole release as "absolute garbage" is either accurate or helpful to identifying the specific issue and a solution

3

22.7 Production Series / Re: Update to 22.7.4 - is this correct

« on: September 10, 2022, 11:07:52 pm »

Not every update involves a base/kernel update

4

22.7 Production Series / Re: Update to 22.7.4 - is this correct

« on: September 10, 2022, 03:33:57 am »

Yes, correct

5

Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider

« on: August 30, 2022, 11:26:07 am »

It already is. See steps 7 and 8 in the how-to: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

6

Virtual private networks / Re: Wireguard Selective Routing!

« on: August 29, 2022, 11:31:30 am »

Looks like the traceroute is just timing out after OPNsense so seems something more than just DNS

7

Virtual private networks / Re: Wireguard Selective Routing!

« on: August 29, 2022, 06:41:52 am »

Easy to test if it is DNS by doing a traceroute to 8.8.8.8

8

Virtual private networks / Re: Wireguard multiple endpoints - adjacent IP addresses

« on: August 21, 2022, 01:34:50 pm »

Yes - see the note in that section of the how-to

9

22.7 Production Series / Re: [SOLVED]Need help understanding firewall rules

« on: August 07, 2022, 11:50:19 pm »

There's nice help text on the Direction setting to assist with reminding you

10

22.7 Production Series / ipv6 wireguard Nat help

« on: August 07, 2022, 11:33:36 pm »

You need to give OPNsense an actual address in the local config - eg {prefix}::1/64 (substituting your actual prefix ofc)

At the moment you've only specified a subnet with no address

Also not sure whether OPNsense has issues parsing IPv6 address notation that hasn't been shortened in accordance with the RFC. So suggest doing that too on the endpoint IPs (collapsing the 0000s etc)

11

22.7 Production Series / Re: ipv6 wireguard Nat help

« on: August 04, 2022, 09:53:32 am »

I'd suggest ULAs configured for the tunnel and otherwise set up in accordance with the how-to (https://docs.opnsense.org/manual/how-tos/wireguard-client.html) should achieve what you want. NAT for the ULAs should work fine

12

Virtual private networks / Re: Wireguard handshake

« on: July 11, 2022, 12:18:08 pm »

And your WG subnet is totally different to your LAN, right? No overlapping subnets?

13

Virtual private networks / Re: Wireguard handshake

« on: July 11, 2022, 12:15:55 pm »

Have you applied that second rule? The screenshot still says it hasn't been applied

14

Virtual private networks / Re: Wireguard handshake

« on: July 11, 2022, 10:13:08 am »

Looks OK

Is unbound actually listening on the WG interface? You've specified that for DNS on the mobile

What about your WAN rule and WG interface rules?

15

General Discussion / Need help understanding VLAN rules

« on: July 11, 2022, 12:59:25 am »

Edit: my bad, I shouldn't answer posts while doing 5 other things. xD Your LAN rule should allow access. What rules have you put on the MGMT interface?

Otherwise could be a switch issue