Questions tagged [opnsense]
The opnsense tag has no usage guidance.
48
questions
4
votes
1
answer
302
views
Which LAGG type should be used for MLAG switches to CARP firewalls?
My network setup involves two firewalls in a Common Address Redundancy Protocol (CARP) group, each connected to an MLAG (Multi-Chassis Link Aggregation) configuration of Mikrotik switches. Onward ...
3
votes
2
answers
3k
views
OPNsense WAN failover causes disruption when non-active WAN is down
I have the latest version of OPNsense set up in a VM on ESXi 7. OPNsense is very similar to pfSense, and I suspect the solution would apply to both. All the NICs are PCI passthrough devices:
A ...
2
votes
1
answer
2k
views
I am unable to access services on the WAN IP from within the network
Normally, this would not be a desired configuration, but I am setting up a NextCloud server, and to validate the domain, it requires that it be able to access it through the public IP address. No ...
2
votes
1
answer
108
views
NTP Traffic, but NTP not installed
I have recently started with OPNSense and have limited outgoing traffic to HTTP/s, SSH ports. When analyzing my blocked traffic i found sporadic outgoing NTP-Requests from my local Linux machine.
I am ...
2
votes
1
answer
88
views
Should I run 2 firewalls or manage everything from one?
I currently have a UniFI Firewall in place and I plan to get a OPNsense firewall mainly for a VPN.
Setup:
Modem - OPNsense Firewall - UniFI Firewall - VLANS (Rules made by UniFi)
Are there any ...
1
vote
1
answer
577
views
OPNsense move interface to other hardware port
I have an OPNsense with interfaces directy configured to the hardware ports. The corresponding switch port is also an access port.
We plan to change the switch port to a trunk port to transport ...
1
vote
1
answer
2k
views
OPNsense NAT/Port Forward: Forward multiple protocols and ports
I want to forward ICMP and specific TCP and UDP ports on OPNsense but I'm unable to find a concise solution. Specifically I want to forward ICMP, http, https and UDP 32768-65535.
I'm adding a new port ...
1
vote
0
answers
290
views
LogStash and parsing OPNSenser logs
My logs are coming in as follows:
<134>May 24 14:39:32 edge.internal filterlog[2535]: 78,,,ffe6d10d1f27a42fc0edc3abb3a6d333,ovpnc1,match,pass,out,4,0x0,,63,61951,0,DF,6,tcp,60,10.8.0.2,20.44.17....
1
vote
0
answers
174
views
Routing issue on Debian 11 VM
I updated my OPnsense "router/gateway" to 23.1 a few days ago, and now I am experiencing an issue with one of my machines. I have one machine with OPnsense installed that acts as a basic NAT ...
1
vote
0
answers
1k
views
Wireguard Destination Host Unreachable on internal network
I'm setting up Wireguard to tunnel from a cloud VM to our internal network. The local server is using the Wireguard plugin for OPNSense.
OPNSense acts as firewall, dhcp, etc.
The cloud VM is not ...
1
vote
2
answers
5k
views
Offloading PPPoE from an OPNsense router
I'm running opnSense, a FreeBSD-based firewall and router similar to pfSense, in a virtual machine under VMware ESXi 7 on a Dell PowerEdge R230, as a router for my home network. No other VMs are ...
1
vote
0
answers
135
views
Can't see docker ports from external machines when using a veth interface with an OPNSense KVM
Quick summary of the setup:
Ubuntu Server 20.04 with 4 network ports
OPNsense router running in libvirt KVM
One port is WAN, three ports are LAN (bridged)
Router works great
Server (same one running ...
1
vote
0
answers
268
views
NTP ManualPeerList Client Sync Issue, Windows Server 2019
I am facing NTP syncing issue on my Windows Server 2019 which is syncing as an NTP Client. The OPNSense firewall is syncing from :
2.ie.pool.ntp.org
0.europe.pool.ntp.org
3.europe.pool.ntp.org
I have ...
0
votes
1
answer
2k
views
OPNSense logs every second: postfix/smtpd OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
I am using Postfix on OPNSense as a Smart Host for my local servers to relay mail for notifications. When I first set it up, it would spam System: Log Files: General with the following message:
...
0
votes
1
answer
127
views
Proxmox Docker OPNSense Firewall issue
I'm currently configuring my root server and I'm hitting a roadblock. My current setup looks like the following:
Root Hetzner server with Proxmox
OPNSense VM for handling all incomming traffic ...
0
votes
1
answer
111
views
Using two asymmetric uplinks
My current network topology is:
Fact Firewall (I tested with OPNsense and IPFire, but I'm open to further suggestions)
and the whole "ORANGE/DMZ" stuff are actually VMs/containers in a ...
0
votes
1
answer
523
views
TCP communication to internet broken - no SYN-ACK received
Given following network setup:
Debian bullseye host (Proxmox VE) -> OPNsense firewall doing NAT -> DSL modem (connected via PPPoE) -> Internet
The host isn't able to establish a tcp ...
0
votes
0
answers
36
views
icmp echo reply not sent over wireguard tunnel
I just setup a Wireguard instance on an opnsense firewall with a public IP. I set this up by following the Opnsense Road Warrior Wireguard guide.
The issue that I am running into is that icmp echo ...
0
votes
1
answer
72
views
How to reliably route traffic for specific websites over different gateways in OPNsense?
I have specific websites I want going out through WAN_DHCP, and all other traffic going out through Mullvad_Wireguard. I can get it working unreliably, but if the host name does not resolve to the ip ...
0
votes
0
answers
47
views
OPNsense NAT Reflection not working for Router but for the other LAN
I have the following setup:
ISP
|
|
Router 192.168.0.1
|
/ \
/ \
/ \
...
0
votes
1
answer
34
views
Adding LAN to opnsense interface on hetzner
I am a newbie in opnsense. I installed opnsense on hetzner. I want to add LAN to interface but I can't find LAN interface on the assignment menu. What I can add is opt1. How do I add LAN to interfaces?...
0
votes
1
answer
162
views
Problems with Nginx location proxy pass
I am no expert in nginx, so sorry if any information is missing or not complete.
I have a website running under http://server-ip:3000/abc/xyz. This website also loads some assets from http://server-ip:...
0
votes
0
answers
110
views
Hetzner 1 IP + Proxmox + OPNSense and NAT
I have a server in Hetzner with 1 public IP...
Inside I have Proxmox installed, where I direct all traffic to a virtual machine with OPNSense.
this is my /etc/network/interfaces
source /etc/network/...
0
votes
0
answers
122
views
Dedicated Server + Proxmox + OPNSense + IPv6 Support for VMs in LAN
I am struggling setting up a working IPv6 network for VMs connected at OPNsense LAN interface.
The provider (Hetzner) has given me a /64 IPv6 network: 2a01:4f8::::/64
Somehow I am able to create a ...
0
votes
0
answers
147
views
OPNSense: How to communicate with second network that also act as backup WAN
Drawing: https://i.sstatic.net/QjM3a.jpg
Hello. I have two networks with different subnet (please refer to drawing). First network is 192.168.1.0 and second network is 192.168.2.0. The OPN Sense act ...
0
votes
1
answer
666
views
NAT between 2 LAN interfaces in Opnsense?
I'm not a network pro so some of my terminology may be off. I've tried to explain what I'm trying to achieve in different ways to hopefully make my request more understandable.
I have Opnsense running ...
0
votes
0
answers
467
views
Hetzner 1 Public IP + Proxmox + OPNSense
I have the following problem, I have a dedicated server in Hetzner with 1 public IP, I must install a Proxmox, a virtual machine with OPNSense to use as a router... and the other virtual machines ...
0
votes
0
answers
118
views
OPNsense + HAProxy behind NAT
I am new to OPNsense/HAProxy and struggling for more than 3 days to make it works but unfortunately nothing achieved.
So in short words trying to achieve this kind of logic:
Dedicated Server (Proxmox ...
0
votes
0
answers
217
views
Connection refused for http requests intermittently on multiple certain networks but not others, OPNSense Firewall, maximum confusion
I have been using an OPNSense firewall at my business for about a year now and its worked great. We use it to host some websites, an email server, and wireguard for remote connections. All on a ...
0
votes
0
answers
139
views
OpenVPN via OPNsense in Hetzner Network
I am trying to set my openVPN server via OPNsense installed in the hetzner cloud in order to get access to the hetzner's internal network.
The hertzner's internal network structure is separated by ...
0
votes
0
answers
166
views
Host A in VLAN is not responding to ping from host B, but host A can ping host B
Overview: I have a issue where one host A in VLAN is not responding to ping from host B, but host A can ping host B .
A= Windows and B=Linux, VLAN=10.
A IP address = 192.168.10.100,
B IP address = 192....
0
votes
0
answers
690
views
OpenVPN Timeout when connecting
I have followed instructions here (with slight adaptations, as listed below) to set up OpenVPN on an OpnSense router, but clients are not able to connect.
Differences:
I set Local port to 1179
I set ...
0
votes
0
answers
144
views
Opnsense Wireguard Site-to-Site VPN. Don't see Windows clients
I need to make a transparent Site-to-site VPN between 2 Opnsense routers.
As I don't have admin skills I followed this tutorial https://www.wundertech.net/how-to-set-up-wireguard-in-opnsense/ I did ...
0
votes
1
answer
404
views
Inter-VLAN connection issues when devices use Wi-Fi and OPNsense router
I am trying to segregate devices in my home network with 2 different VLANs: HOME and IOT. I have the following network devices:
1 cable modem
1 OPNsense router with WAN, LAN and OPT1 ports
1 Netgear ...
0
votes
0
answers
287
views
Multiple Site-To-Site VPNs to one OpenVPN Server
I am struggling to setup multiple site-to-site vpns.
I have 3 sites:
Site A: OpenVPN Server, inside OPNsense, IP Ranges: 192.168.10.0/24
Site B: Asus Router with Fresh-Tomato, IP Ranges: 192.168.20.0/...
0
votes
0
answers
370
views
OPNsense with Radius Accounting
I've been testing OPNsense radius accounting by following this document,
https://docs.opnsense.org/manual/how-tos/accounting.html
I am able to authenticate user through the captive portal but there is ...
0
votes
2
answers
2k
views
NFS Mouting Failing due to illegal port
I have a VM machine that has a public IP interface and a private IP interface. The private interface is assigned 192.168.50.78. Then I have a dedicated host that acts as my "router" using ...
0
votes
1
answer
2k
views
Routed IPv6 on internal bridge with virtualized OPNsense router
I'm struggling with adding IPv6 to the internal bridge of my setup, here is what I have:
┌────────────────────────────────────────────────────────────────────────────────────────────────────...
0
votes
1
answer
2k
views
"DNS address could not be found" in OPNsense using OpenVPN configured for ProtonVPN
I'm trying to route the WIFI and OPT nets from my OPNsense box to my VPN. The LAN port is connected to another router and passes directly to my WAN (for greater speed and less privacy). When I connect ...
0
votes
0
answers
244
views
Movistar and OPNSense
I have a web server on my ip 192.168.1.100 under DMZ ... with a Movistar WAN
I can access from the local network, I can access from the domains assigned to it and everything without problems, I can ...
0
votes
0
answers
469
views
How can i connect OPNsense router to Mikrotik Switch
I've encountered this situation where I'm to access the switch from my router:
Here is what i have set:
Lan (DHCP 192.168.50.1 , DHCPIPV6)
WAN (DHCP 192.168.80.1,DHCPIPV6)
Mikrotik (DHCP 192.168.80.1,...
0
votes
0
answers
1k
views
Unbound not returning A records over IPv6
I recently replaced my pfSense installation with OPNsense and have been struggling a bit with the Unbound installation.
In short, it's IPv6 enabled and everything works well (both IPv6 and IPv4) in ...
0
votes
0
answers
185
views
OpnSense: Interface Offline
I'm setting up a newtwork @ home and would like to keep Wired Devices and Wireless Devices separated.
My main network interface is on em0 - 10.0.0.1/24
I've created a VLAN on em5 - 1.0.100.1/24
This ...
0
votes
1
answer
993
views
OPNSense and Unifi RADIUS issue
I have an OPNSense firewall and a Unifi controller I am trying to enable Radius authentication and Radius Vlan assignment
On the unifi side I have done the following
Created an SSID
Created A radius ...
0
votes
0
answers
206
views
How to implement firewall to grant network access for VPN users as-needed (per-user principle of least privilege, OpenVPN)
How can I setup OpenVPN in conjunction with my firewall in such a way that my VPN users' traffic is DROPed by default to all network resources, and only ACCEPTed through the firewall if that user ...
0
votes
0
answers
3k
views
Load balancing with OPNSense, relayd or haproxy?
There is two main options for load-balancing in OPNsense (and pfSense): relayd and haproxy. pfSense has removed relayd in favour of haproxy [1,2], but OPNsense still supports it. In what usecases we ...
-1
votes
2
answers
211
views
hetzner ubuntu dns resolution not working
I created a natgateway using opnsense
I created a VM in a private network which is behind the natgateway so that all internet traffic will pass through opensense into the client VM
I can ping google ...
-2
votes
1
answer
521
views
Can I use Laptop with one WiFi and one Ethernet Port interface to setup firewall - OPNSense?
I am trying to setup OPNsense Firewall at my residence using a spare laptop which has one WiFI and one Ethernet interface. I was able to install OPNsense and configure the interfaces to LAN and WAN. ...