Messages

1

Virtual private networks / Re: Wireguard S2S DHCP Relay Issue

« on: June 22, 2022, 02:45:39 pm »

Nevermind I found a working solution.

Disabled the dhcp relay on opnsense and configured it on the core switches and now everything is working as expected.

Funny fact: on side C is only an openwrt router with wireguard. Connected to both Sides A & B and the dhcp relay is working without any problems.

2

Virtual private networks / Wireguard S2S DHCP Relay Issue

« on: June 20, 2022, 10:55:39 pm »

Hello,

Currently I have three sites and I want to distribute my systems between SiteA and SiteB. So I began to migrate my DCs and DHCP-Servers, but I face a strange problem. Here is the configuration:

Every FW is on OPNsense 22.1.8_1-amd64


SiteA
HA-CARP
10.0.5.1 (VIP)
10.0.5.2 FW1
10.0.5.3 FW2
10.0.9.1 (VIP)
10.0.9.2 FW1
10.0.9.3 FW2

VPN (WG0)
172.31.254.1 (VIP) --> Wireguard-kmod
172.31.254.2 FW1
172.31.254.3 FW2

DHCP-Server
10.0.5.6 (ISC-DHCP) GW:5.1

Clients (relayed) --> 10.0.5.6 & 10.0.18.2
10.0.9.0/24

---------------------------------------------------------

SiteB
172.31.254.4 FW1 --> Wireguard-kmod
10.0.18.1 FW1
10.0.22.1 FW1

DHCP-Server
10.0.18.2 (ISC-DHCP) GW:18.1

Clients (relayed) --> 10.0.5.6 & 10.0.18.2
10.0.22.0/24

I only get leases from 10.0.18.2 on SiteB, until I disable DHCP 10.0.18.2 and the clients are stuck on trying to fetch an ip and on siteA I found the following dhcrelay error:
Error   dhcrelay   Packet to bogus giaddr 10.0.22.1.
I also tried to disable the dhcrelay on SiteAFW but it still doesn't work.
When I setup an isc-dhcp-relay agent in the clients network (10.0.9.0 & 10.0.22.0) the request are forwarded to the dhcp servers without any issues.


                                                                 

3

High availability / Primary node is blocking access to second node

« on: January 21, 2022, 07:19:31 pm »

Hello,

I have bought an used apu4 board and installed opnsense on it.
Now I have 2 Nodes and added them to an HA.

I have added an interface lan_adm and allowed tcp:22 to from this network to any other network. Synched the two nodes and now comes the funny part.
I can connect to the second node with my admin pc, but after some time the connection get blocked...
So for ssh I get broken pipe and for the https connection I get sometimes a timeout. I have added some screenshots to show this situation
10.0.8.11 is my admin pc
10.0.1.3 is the second node

4

General Discussion / Re: Firewall Live view is only displaying "let out anything..."

« on: January 21, 2022, 07:07:24 pm »

Problem has been solved 

5

General Discussion / Firewall Live view is only displaying "let out anything..."

« on: January 20, 2022, 07:13:41 pm »

Hello everyone,

first of all opnsense is awesome I got a APU4 Board and installed it without and problem.
Currently I have a problem with a device, because something is blocked and I tried to find the connection during the live view.
I labelled all of my rules but non of them are displayed under the live view. I only see "let out anything from the firewall itself" "Default deny rule" and "Block all ipv6".
Is this behavior normal?
To my setup:
APU4
igb0 - wan (No Carp)
igb1 - lagg0
igb2 - lagg0
igb3 - not in use
I have added a carp vip on every vlan for the future use of an HA Setup and this carp vip is my gateway.
Is this wrong? Should I use the IP Alias instead? But is it possible to use an IPAlias as a gateway?

Modem
     |
opnsense (CARP: 192.168.10.1 / 192.168.20.1 / 192.168.30.1 / 192.168.40.1)
     |
 lagg0
    |
switch
    |----- vlan 10
    |----- vlan 20
    |----- vlan 30
    |----- vlan 40