Topics

1

Web Proxy Filtering and Caching / Web categorization and dashboards

« on: January 07, 2024, 05:57:51 am »

I’m a bit lost with options.
I have just installed adguard home which is great for blocking the trackers and providing some very light insights to web traffic. But I’m looking for the next step for my home network.

I don’t want to deploy pac files or specific proxy settings if I don’t have to.

Goal: I would like to have some nice dashboarding to tell me what are the sites and categories those sites fall within. I don’t necessarily want to block anything. I just want visibility and reporting

After years using this capability in the enterprise setting with web sense, Palo Alto’s etc. I really want that visibility at home.

So please throw some options at me.

My setup-
Promos, opnsense, adguard home plugin

2

Virtual private networks / Wireguard - Can't access LAN, Can access internet

« on: January 06, 2024, 12:08:19 am »

Hi all - yes another Wireguard question.

I have attempted to use the kmod and go version with same result.
Currently I can access the internet from my peer (iPhone / Mac) but cannot access any LAN devices. I feel I have exhausted all options, so hoping for fresh eyes to help.

I am leaning towards a routing issue, but I can't work out how to resolve.

Environment: (/24 subnetting)
Proxmox host - 192.168.4.2
Opnsense VM - 192.168.4.254 (LAN), 10.1.1.1 (wireguard tunnel)
iPhone peer - 10.1.1.2

Opnsense can ping itself (10.1.1.1) and can ping the peer (10.1.1.2)
LAN servers such as Ubuntu LXC (192.168.4.105) or Proxmox host (192.168.4.2) both cannot ping the peer

I do not enable any firewalls on proxmox or the LXC's / VM's
I have run a pve-firewall disable to ensure no firewall is running from proxmox

I have added source NAT rules to try to force wireguard traffic from LAN back to wireguard interface but it doesnt appear to make any difference.

I have openVPN configured and this all runs fine. I was hoping to convert to wireguard but i've spent far too much time trying to solve this.

Some screenshots:












LAN rules

LAN host pinging wiregueard peer

LAN host pinging peer



OPNSense can ping the peer

No traffic on wireguard interface when LAN host pinging

Route table

Wireguard Rules

Wireguard to LAN detailed. log

Wireguard to LAN allow

3

23.7 Legacy Series / DHCP clients lose IP addressing

« on: December 30, 2023, 09:18:59 pm »

Hi all,

Opnsense running dhcpv4 service with default lease times
LAN and WAN connected to a simple unmanaged switch
Eero 6 connected to the same switch

When I take opnsense offline, my dhcp clients release their IPs within a minute of opnsense going offline. Am I missing something fundamental here? I always thought clients would hold on to their IPs for the lifetime of the lease and at the half-time point would seek to renew their lease.

It’s only an issue when I’m doing maintenance activities recently (upgrades for software / hardware / tweaking). I would have thought my LAN clients would:
A) hold their leases
B) still be able to communicate on the LAN

As the clients are on the LAN, flat /24 home network, connected to the same switch, that communication would still work. LAN comms should not have to go via opnsense

It almost feels like when opnsense goes offline, a release broadcast is sent. I notice all my dhcp clients change to apipa (169.254.x.x) addressing very quickly after opnsense is offline

How can I resolve this?
I just want clients to hold their lease and still communicate locally when opnsense is offline

Example of why this is an issue:
Opnsense offline, my local machine loses IP and changes to apipa, I then can’t access admin UIs such as proxmox / Home Assistant which have no reliance on routing through opnsense. I can manually set my IP and gain access but I would prefer to keep all clients as dhcp

Thank you