Messages

Getting the following repeatedly in the log after the update to 24.7:

Code Select Expand

2024-08-13T21:45:01 Notice kernel (nda0:nvme0:0:0:1): Error 5, Retries exhausted
2024-08-13T21:45:01 Notice kernel (nda0:nvme0:0:0:1): CAM status: Unknown (0x420)
2024-08-13T21:45:01 Notice kernel (nda0:nvme0:0:0:1): READ. NCB: opc=2 fuse=0 nsid=1 prp1=0 prp2=0 cdw=11e0c7d0 0 27 0 0 0
2024-08-13T21:45:01 Notice kernel nvme0: UNRECOVERED READ ERROR (02/81) crd:0 m:0 dnr:0 p:1 sqid:2 cid:118 cdw0:0
2024-08-13T21:45:01 Notice kernel nvme0: READ sqid:2 cid:118 nsid:1 lba:299943888 len:40

Would welcome suggestions for troubleshooting.

The install is on ZFS.

How can we help?

https://github.com/opnsense/plugins/tree/master/net/wireguard

By all means, go ahead and point out what is inaccurate in either of the first two posts.

Like in the past, you have missed my point - maybe it's deliberate?

No, BondiBlueBalls is "100 accurate". By all means make suggestions for improvement or highlight problems (preferably with ideas for solutions) - just don't be a dick about it.

Configure it so that those two PCs don't use the tunnel...

(Hopelessly general answer? Bit like the question :) If you want help troubleshooting why it's not working, you need to post all the relevant configs that you have set up in OPNsense using that tutorial.)

You can do a pcap on OPNsense via the UI. Pretty easy

Damn. Lol

This is a bit of a mystery. I can only suggest double checking the outbound NAT rule and that nothing else is interfering with it.

Have you tried turning on logging on the relevant rules and checking what's happening? Or running packet captures?

Is there traffic shown both ways in the Status tab?

It is normally a sure sign of an issue that there is traffic only one way.

Double checked all keys are in the right place?

So I've gone through your configs and nothing seems immediately wrong.

A few questions:

- when the tunnel is up, do you see handshake and traffic up and down in the status tab for WG on OPNsense?

- can you try a gateway IP that instead of one below the tunnel address, try one above (10.14.0.3). I have a sense that 10.14.0.1 might be the tunnel endpoint IP at SurfShark. While that should still work, be good to try a unique one

- this looks like your second WG interface. No conflicts with the first one?

- to rule out DNS issues, try a traceroute from your phone to 8.8.8.8 or 1.1.1.1

- what DNS is the phone actually using? Can it reach it when the tunnel is up?

You actually don't. It will be auto-assigned.

OP, I will do a closer review of your config and let you know any further thoughts I have.

Do you know the tunnel IP at the SurfShark endpoint?

A traceroute from the phone would be more useful

Rather than hijacking someone else's thread, make your own post and get help there. Your issue and setup may be completely different to the OP's and you are only confusing things.

I think it is pretty clear? You want certain hosts in your network to use the tunnel. What subnet are they in? Use the interface for that subnet

OP, why are you masking the tunnel address and gateway address?

Why is the tunnel address a /16?

Have you include the correct gateway on the OPNsense local config?

What upstream gateway is set on the VLAN interface assignments?