Messages

you were right! the connection was broken. now it works.
interface: wg2
  public key: IiTLluo4hmsCYRq9Ln25Dj7sXn0zq9Ik********
  private key: (hidden)
  listening port: 51820

peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRbUn********
  endpoint: 83.97.115.18:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 1 minute, 34 seconds ago
  transfer: 184 B received, 680 B sent
  persistent keepalive: every 20 seconds

step1 done.
now let's see the rules.

1. I have no rules for the virtual interface mapping wg2.
2. the lan interface where I plan to use this as gateway has the following rule:
https://ibb.co/4JdGFHT
3. NAT outbound
https://ibb.co/Px5sskg

one interesting situation is this: when I add SURFSHARK_Wireguard as gateway for a specific host in the VLAN10 lan, If I ping the VLAN10 gateway from the host itself, I can't get to it.

the private key needs to be generated on the surfshark portal - so I did.
as in this : https://zone13.io/opnsense-surfshark-selective-traffic-routing-using-wireguard-2/
they don't specify the need for a keep alive value but I'll add 20s.
---
3 min later: I get traffic only for send. nothing received still

interface: wg2
  public key: OcSv/oo0elDtDPmGQ+5zVr0jUWUSUBfS7*********
  private key: (hidden)
  listening port: 51820

peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRb*********
  endpoint: 83.97.115.18:51820
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 3.32 KiB sent
  persistent keepalive: every 20 seconds

this is how it looks like now:

root@yoda:/usr/local/etc/wireguard # cat wg2.conf
####################################################
# Interface settings, not used by `wg`             #
# Only used for reference and detection of changes #
# in the configuration                             #
####################################################
# Address =  10.14.0.2/16
# DNS =
# MTU =
# disableroutes = 1
# gateway =

[Interface]
PrivateKey = kMfvy7/6Ec4d73ERKJ90MqUkMug9Kh********
ListenPort = 51820

[Peer]
# friendly_name = WireGuard_tbs
PublicKey = L79E4IoaVZBXOyoMM82TvUIbiKlloR*******
Endpoint = ge-tbs.prod.surfshark.com:51820
AllowedIPs = 0.0.0.0/0

you're right as well.
Wireguard is back.

wg2 seems connected but 0 traffic

https://ibb.co/2FPm6xM

I've switch the WireGuard to openvpn. I'll fix the WireGuard config later. However the same config file works on desktop - something to check out for me.
Next, I've changed the interface from wg2 to openvpn1.
What have you noticed in the rules? I can't figure out the mistakes ☹️
Thank you

here they are

https://ibb.co/GkCkRy5
https://ibb.co/5KPHSHY
https://ibb.co/k1RfZsT
https://ibb.co/Z1b3x58
https://ibb.co/n8MdYJP

Just realized they haven't went through as the size is to big. Let me re do

Hi folks,

I am reopening this topic hoping that some of you may be able to help me. I spent the last week trying to figure this out and there is something off here.

I on OPNsense 24.7.7-amd64 and as for VPN provider I am using Surfshark.
I'll post here a short description of my setup:
I am trying to route via Surfshark WireGuard the a few hosts from the Lan network named VPN_VLAN10 (172.16.20.1/29)

Step 1:
I created the wireguard setup:
wg2 is the device under instances. as in the following attachement it looks connected however it never receives any traffic.

Step 2:
I assigned a virtual interface to WG2 and I named Surfshark_VPN.

Step 3:
I created a new Gateway which unfortunately doesn't connect.

Step 4:
I add the NAT outbound rule
Surfshark_VPN   any   *   *   *   Interface address   *   NO   

Step 5:
I add the firewall rule on the Lan interface I want to use this connection as gateway
IPv4 *   torrent_host_ip_lan    *   *   *   SURFSHARK_Wireguard   *

Now, from the host specified at step5 I cannot ping anyware, neither 172.16.20.1 which is the gateway for the VPN_VLAN10 lan network.
There is something I am completely missing, but I simply can't see it. on one hand the wireshark gateway is not connecting, second when I activate the routing via SURFSHARK_Wireguard gateway rule on the lan interface, I can't reach the lan gateway anymore.

Any suggestion at this point is highly appreciated.

Thank you

great to see this tool. thank you. planning to use it now.

can be closed.
the pppoe interface needs to have a Vlan attached to it to work. VLAN ID6 then it connects.

Hi all,

I just switch to KPN Fiber and I can see that their router is using PPPoE to connect to KPN.
I created the connection on my opnsense, however I can't make it connect.
Does anyone have this done? I need some guidance to make this work.
KPN support is not helping.

I tried :)

Hi all,
I am looking for guidance.
I upgraded truenas core to scale. core jais had the possibility to get IPs from LAN DHCP, but the new OS with k8s can't. So, as on Truenas Scale all apps share the same ingress IP (turnas IP), can I add different DNS entries and filter by port & name ?

Thank you

does anyone knows what this long means:
2023-11-14T13:41:01   Warning   haproxy   Proxy <HTTPCLIENT> stopped (cumulated conns: FE: 0, BE: 0).   
2023-11-14T13:41:01   Warning   haproxy   Proxy HASS_Backend stopped (cumulated conns: FE: 0, BE: 0).   
2023-11-14T13:41:01   Warning   haproxy   Proxy PLEX_Backend stopped (cumulated conns: FE: 0, BE: 0).   
2023-11-14T13:41:01   Warning   haproxy   Proxy acme_challenge_backend stopped (cumulated conns: FE: 0, BE: 0).   
2023-11-14T13:41:01   Warning   haproxy   Proxy NAS_Backend stopped (cumulated conns: FE: 0, BE: 0).

depends on the application.
are you building a traffic filter? or just a router/firewall?
I would go for the T models for low consumption