Messages

106

Virtual private networks / Re: wireguard dynamic WAN IP

« on: November 06, 2022, 12:33:46 pm »

I assume you are aware that the WG script for this (same as what pfSense uses) has been added to OPNsense: https://github.com/opnsense/plugins/pull/2956

The only thing missing is a convenient button in the UI to configure the running interval for the script. But not that much more work to set up the cron job

107

22.7 Legacy Series / Re: OPNsense and Proton VPN (Wireguard)

« on: November 01, 2022, 12:04:51 am »

WireGuard is WireGuard. If it works on pfSense it should work on OPNsense

This may help: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

108

Virtual private networks / Re: Multiple AllowedIps for clients fails

« on: October 31, 2022, 09:46:49 pm »

You are going about it the wrong way.

If you want the “client” to access the LAN, add the LAN network to the allowed IPs *on the client* (not on the OPNsense endpoint config for the client), and also add a firewall rule on OPNsense on the WG interface.

See https://wiki.opnsense.org/manual/how-tos/wireguard-client.html

It’s expected that you are having a routing error because if the subnet you are adding is your LAN network, then of course that is already in the routing table.  By doing what you are doing, you are trying to tell OPNsense to access the LAN network IPs from OPNsense over the tunnel (ie at the client end), which is of course conflicting.

109

General Discussion / Re: Wireguard Tunnel Connects but No Internet/DNS Resolution

« on: October 31, 2022, 09:38:58 pm »

Have you restarted unbound after adding the WG interface?

110

Virtual private networks / Re: Wireguard on laptop

« on: October 29, 2022, 04:39:51 pm »

That would be a client side thing.

For example, the WG app for iOS has an “on-demand activation” setting that automatically starts the VPN if the device is on cellular and/or wifi, with the ability with wifi to specify only specific SSIDs to trigger it or exclude specific SSIDs from triggering it.

111

22.7 Legacy Series / Re: Mobile Client - Best Solution?

« on: October 18, 2022, 11:48:09 am »

I use WireGuard personally.

112

Web Proxy Filtering and Caching / Re: What's the optimal way to achieve HTTPS for internal services?

« on: October 15, 2022, 05:54:51 am »

My approach: I have a domain mydomain.com. I use a subdomain local.mydomain.com for local use only. I use acme.sh in a LXD container (alongside nginx) on my server to generate Let's Encrypt wildcard certs for *.local.mydomain.com, using DNS challenge. Then my nginx conf has server blocks for each internal service - server1.local.mydomain.com, server2.local.mydomain.com. My local DNS server has local IPv4 and IPv6 records for each.

End result is valid https certs on all local subdomains without any need for ports to be opened externally.

113

22.7 Legacy Series / Re: Feature Request Poll: "wg genpsk" command in WireGuard GUI

« on: October 11, 2022, 11:24:33 am »

The OP is referring to the Shared Secret on the endpoint, not the public/private keypair

114

22.7 Legacy Series / Re: WireGuard Road Warrior: peers don't see each other

« on: October 10, 2022, 12:16:44 pm »

On each client, what are the Allowed IPs?

115

General Discussion / Re: floating rule not working... Anybody?

« on: September 15, 2022, 10:21:28 am »

The wiki and the help menu in the firewall rules explain direction for firewall rules.

Direction is assessed from the perspective of OPNsense.

So "in" means traffic coming into an interface from the network connected to that interface.

"Out" means traffic going out of an interface to the network connected to that interface.

So an "in" rule on LAN would apply to traffic coming into the LAN interface on OPNsense from devices in LAN net.

Most of the time, only "in" rules are needed.

116

22.7 Legacy Series / Re: The latest release is an absolute garbage

« on: September 15, 2022, 12:12:33 am »

Sure, OPNsense is not perfect and there are issues/bugs from time to time with certain packages or configurations. That's software, unfortunately. But I can't see how labelling them whole release as "absolute garbage" is either accurate or helpful to identifying the specific issue and a solution

117

22.7 Legacy Series / Re: Update to 22.7.4 - is this correct

« on: September 10, 2022, 11:07:52 pm »

Not every update involves a base/kernel update

118

22.7 Legacy Series / Re: Update to 22.7.4 - is this correct

« on: September 10, 2022, 03:33:57 am »

Yes, correct

119

Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider

« on: August 30, 2022, 11:26:07 am »

It already is. See steps 7 and 8 in the how-to: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

120

Virtual private networks / Re: Wireguard Selective Routing!

« on: August 29, 2022, 11:31:30 am »

Looks like the traceroute is just timing out after OPNsense so seems something more than just DNS