Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Remote Access to OPNSense 24.7_9
« previous
next »
Print
Pages:
1
2
[
3
]
Author
Topic: Remote Access to OPNSense 24.7_9 (Read 3266 times)
tim777
Newbie
Posts: 21
Karma: 0
Re: Remote Access to OPNSense 24.7_9
«
Reply #30 on:
August 05, 2024, 09:20:12 pm »
attached screenshots in addition to the FW rule for WAN already posted.
Please tell me if I missed something.
«
Last Edit: August 05, 2024, 09:22:39 pm by tim777
»
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Remote Access to OPNSense 24.7_9
«
Reply #31 on:
August 05, 2024, 10:17:24 pm »
thanks for stepping in Patrick.
tim777 - your WAN firewall rule. Missing here. Still on your very first post on the thread but can you double check.
You showed it all wrong for WG. That is a rule for port 80 and from what seems an internal alias, but you later wrote that you had followed the different docs and tutorials, so best to confirm.
Logged
tim777
Newbie
Posts: 21
Karma: 0
Re: Remote Access to OPNSense 24.7_9
«
Reply #32 on:
August 06, 2024, 06:02:36 am »
Hi Cookiemonster,
You can find the screenshot on page 2 replay #26.
There is the WAN rule UDP to 51820.
This is not an alias, I just renamed WAN to WAN_Digi (later a second I-Net provider is planned as backup). Maybe I shouldn't have done this?
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Remote Access to OPNSense 24.7_9
«
Reply #33 on:
August 06, 2024, 11:21:17 am »
I saw that one and thought it couldn't be it. Why would you use that network as a source of traffic to allow?
It should be "any". Compare with the manual
https://docs.opnsense.org/manual/how-tos/wireguard-client.html
, step 5. In short, please review your rules. Right now that rule is not allowing the client to reach the FW.
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Remote Access to OPNSense 24.7_9
«
Reply #34 on:
August 06, 2024, 11:23:24 am »
now wait, my mistake. I was looking at #22 I think. Saw the correct #26 after. I'll check this again. Need to be in work meetings from now.
Logged
tim777
Newbie
Posts: 21
Karma: 0
Re: Remote Access to OPNSense 24.7_9
«
Reply #35 on:
August 06, 2024, 12:37:11 pm »
Quote from: cookiemonster on August 06, 2024, 11:23:24 am
Need to be in work meetings from now.
I know, I know, this thing that holds us back from important things to do
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Remote Access to OPNSense 24.7_9
«
Reply #36 on:
August 06, 2024, 03:47:40 pm »
I can't see anything wrong with the rules. My guess then is we need to check your public keys are the right ones in the right place. But first let's also check it your client is reaching the FW from the outside. From the flatline in the widget it suggests either not or blocked but firewall rule seems fine.
Can you go to Firewall > Log files > Live view and filter with: port contains 51820 (or whatever port you have wg interface listening on); interface contains wg (whatever name you gave to your wg interface, it will appear in the dropdown). Enable "Select any of given criteria (or) ". For hits to leave a record, you need to have enabled logging on the WAN rule for wireguard.
Then try to connect from your client. It it is hitting, we shall see it here.
Logged
Patrick M. Hausen
Hero Member
Posts: 6700
Karma: 564
Re: Remote Access to OPNSense 24.7_9
«
Reply #37 on:
August 06, 2024, 03:53:58 pm »
Also: are you sure the OPNsense WAN address is publicly reachable and not behind CGNAT?
If your WAN address starts with anything from 100.64. to 100.127. you cannot to your OPNsense via IPv4.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
tim777
Newbie
Posts: 21
Karma: 0
Re: Remote Access to OPNSense 24.7_9
«
Reply #38 on:
August 08, 2024, 06:51:23 am »
Hi, the IP is reachable, I was able to connect to the Vilfo router. The provider comes even with a DDNS.
Thanks guys for your support! I need a solution until Friday evening, otherwise I have to switch back. Don't know if I will try again if it doesn't work.
I have also some other requirements, Like site-to-site VPN, different device groups that should use different VPN connections, or go through the I-net provider, etc. If this supposedly easy task does not work, what to expect for the rest? I don't know if it's this new version or a general problem. It's my second attempt to use OPNsense.
While I'm not a FW specialist I'm still quite experienced with IT.
Could Pfsense be a better solution?
I know it's almost the same, but maybe more stable.
Regards
Logged
Patrick M. Hausen
Hero Member
Posts: 6700
Karma: 564
Re: Remote Access to OPNSense 24.7_9
«
Reply #39 on:
August 08, 2024, 07:03:43 am »
Use tcpdump to check if packets from your Mac arrive at the WAN interface ...
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
tim777
Newbie
Posts: 21
Karma: 0
Re: Remote Access to OPNSense 24.7_9
«
Reply #40 on:
August 08, 2024, 11:26:22 am »
I have started the tcpdump.
But first I checked with the Network Analyzer App on my phone the public IP (from outside of my network).
Ping ok
Trace route gives results
Whois also gives information about the provider etc
but
Port scan = 0 open/all blocked?
That shouldn't be, since I have some rules on the FW.
Also I noticed under Interfaces/Overview that the igc0 IF (first physical port that is connected to the WAN/ONT) with a IPv6 address is not assigned. I have a WAN IF as PPPoE where I can see the public IP.
«
Last Edit: August 08, 2024, 11:37:49 am by tim777
»
Logged
Print
Pages:
1
2
[
3
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Remote Access to OPNSense 24.7_9