Recent Posts

1

Troubleshooting / Re: Unable to access home router from external network not using my ISP

« Last post by Shaggy1 on June 03, 2023, 08:39:15 AM »

Some additional information:

I phoned my ISP and they confirmed the ports should not be blocked.

I do use a VPN which it occured to me may be the problem. I do not have time to try it now, but at some stage will disable it and check.

2

Troubleshooting / Unable to access home router from external network not using my ISP

« Last post by Shaggy1 on June 03, 2023, 07:17:22 AM »

Hi

I have a Netgear Nighthawk router with dd-wrt.

I have opened up a couple of ports on my router which I have NATed to point to a web server running on a machine in my LAN and registered a domain name with a domain name provider so I can access using a domain.

The web server is accessible from my own network and also it seems to an external network which is using my ISP (at least I can accesss it using one of my neighbours network which uses the same ISP as me).

However when I try to accesss my LAN from an external network not using my ISP theree is no access - messages get sent, but there are never any replies, so it appears to be completely blocked. I cannot even ping my router's (WAN) IP address (I have opened up ping on my router).
(nslookup does correctly resolve the ip address of my router from the domain name)

Does anyone have any idea what might be blocking eccess from external networks ?
And can anyone tell me how I might go about determining why and where access is blocked ?
(I do have a neighbour either side whose networks (one using a different ISP, the other using the same ISP as me) from which I can run tests ).

3

Troubleshooting / Re: OpenVPN set up : connected but...not working yet

« Last post by Home Network Guy on May 27, 2023, 11:22:42 PM »

Thanks! I apologize for the late response too. Been busy working on content.

It’s funny you mention using my site to help you with pfSense because usually it’s the other way around. Many OPNsense users use pfSense documentation since there is not as much documentation available in general than pfSense, part of a the reason I created my website.

Interesting note about hardware incompatibility because I haven’t encountered that but I use most Intel NICs but recently I reviewed a unit with 10G Mellanox SFP+ and all I needed to do was manually enable the driver via command line and reboot. Worked perfectly after that. I know that Realtek is an issue with FreeBSD in general.

4

Troubleshooting / Re: OpenVPN set up : connected but...not working yet

« Last post by Alex_53408 on May 20, 2023, 09:10:06 AM »

Hi again,

Sorry for the late response and many thanks for getting back to me on this thread.

The funny thing is that I saw your post comparing OPNsense and pfSense, that's a very interesting comparison while actually, in the meantime, I had already switched to pfSense, where I could set up the OpenVPN - or at least I would say apparently .

At the moment, I am still in an exploration phase, with a basic configuration but while both solutions are great and quite rich, I feel to be more at ease with the pfSense GUI - just a matter of taste. And as most configurations and options are similar to those in OPNsense, this website will still be of great help!

Btw, one difference that I noted between the two systems - and maybe that is the reason why I couldn't set up the VPN in OPNsense but could do it in pfSense - might be linked to hardware compatibility, and especially NICs : I noted some instability with a few NICs on the WAN interface when using OPNsense, while for instance one the NICs that didn't work at all with OPNsense, seems to be working fine with pfSense.

Not sure what the cause of that can be, but it looks like there are more hw compatibility probes on the website https://bsd-hardware.info (nb: there is a linux page too) for OPNsense than for pfSense : it could mean more OPNsense users than for pfSense, or that OPNsense users experience more hw issues and therefore run probes. Just sharing this for info and for thoughts.

Any way, I'll be back to read further pages on the website and look a little bit on rules.

Have a great day!

5

Troubleshooting / Re: OpenVPN set up : connected but...not working yet

« Last post by Home Network Guy on May 08, 2023, 02:01:48 PM »

Thanks! I'm glad you found the information helpful.

As you may have noticed, I haven't written about connecting to external VPN providers using OPNsense as an OpenVPN client. I only wrote about using OPNsense as an OpenVPN server. It is on my todo list to write about how to do external VPN connections, but since I haven't spent much time with the topic yet, I can't really offer a lot of advice at the moment, unfortunately.

I don't know if you need to setup the appropriate outbound NAT rules and/or set your default gateway to be the VPN provider so all traffic goes out the VPN. Since you don't want to use policy based routing, I'm assuming you want all traffic to go through the VPN (and I'm also assuming you don't need policy based routing if you're routing everything through the VPN since you're not routing only certain VLANs through the VPN). These are some areas I'm not clear on yet since I haven't taken the time to learn and try out various VPN connections to external VPN services.

6

Troubleshooting / OpenVPN set up : connected but...not working yet

« Last post by Alex_53408 on May 03, 2023, 06:14:48 PM »

Hi everyone,

Firstly, many thanks to Home Network Guy for this great website: I was looking for resources to get started with OPNSense and then add on more and more features, and that's the perfect place to find this - big thanks! 

I have a question about OpenVPN set up in the following use case :
- OPNSense is connected between the home internet access and the LAN
- I would like to route the traffic from OPNSense to a VPN server via OpenVPN
- so far, I have followed different tutorials, including this one found in this forum (although I don't look to use policy based routing for now) : https://community.spiceworks.com/how_to/177167-policy-based-routing-via-vpn[/li][/list]

At this stage :
a) the OpenVPN client appears as "connected" in the screen VPN> OpenVPN> Connection Status :  there are both a virtual and a real remote Ip address.
b) however, when checking the Ip address on a site such as ipinfo.io, the displayed Ip is the address provided by my ISP, not the one coming from the VPN service provider, although this address can be seen in the connection status (point a) above)
c) then, in the same VPN> OpenVPN> Connection Status  screen, there is line for another vpn client. That line is empty though (no ip addresses) and it ends with a failed status. But I can't figure out where this comes from (please see attached screenshot).

I found different tutorials about OpenVPN set up in PfSense which mention things about adding routes, but these fields look different compared to the screens in OPNsense.

Because I kind of had to mix inputs from different sources, it's likely something is missing there, but any idea about how to solve this would be really welcome.

Many thanks !

Alex

7

Troubleshooting / Re: Info - Debug Logs just started appearing in their 1000's Help Needed

« Last post by Home Network Guy on March 16, 2023, 10:18:54 AM »

I think the way you are allocating IP address is fine because you have separate ranges for dynamic IPs and the static IP addresses you are setting up in OPNsense.

What I was referring to before is that you can set a static IP address on each individual system manually (such as a Windows PC where you manually configure the static IP address instead of using the default automatic DHCP settings) or you can set static IP addresses in OPNsense via DHCP using the MAC addresses. If you set the static IPs in OPNsense, all of your systems can be left at the default automatic DHCP setting and it will automatically receive the static IP from OPNsense. Either way will work for static IPs as long as you don't overlap IP address ranges since you could run into IP address conflicts.

8

Troubleshooting / Re: Info - Debug Logs just started appearing in their 1000's Help Needed

« Last post by osopolar on March 16, 2023, 03:56:32 AM »

HI
Yes you help me several months ago to get some of the setup running.
I have as mentioned the following
Available Range 192.168.23.1 - 192.168.23.254:-

Within the Available Range i have Static Leases 192.168.23.1 - 192.168.23.9 I have my OPNsense & Wifi Router Static
Range Set from 192.168.23.10 - 192.168.23.99 This is for OPNsense to dish / allocate out IP's
Within the Available Range i have Static Leases 192.168.23.100 - 192.168.23.254

The latter (192.168.23.100 - 192.168.23.254) are set manually by me in OPNsense by me is that the correct way?
I had to do it like this as in this range the devices are heavily tied into a Home Assistant yaml automation files and addons so i didnt want to change every file or search looking for the IP addresses i have used for years.

My only question was you mentioned " "automatic DHCP leases" enabled rather than a static IP defined on the client itself. "
What do you mean by defined on the client itself ?

9

Troubleshooting / Re: How to register a DN and setup DDNS ?

« Last post by Home Network Guy on March 14, 2023, 11:21:16 AM »

I think there may be some confusion on using DNS servers to look up IP addresses for domain names and using your own domain name to access your networks.

Either end of your networks can use any DNS servers they like to perform DNS lookups. You do not need to set your upstream DNS servers to the same place where you have your domains registered. You can use Google's DNS of 8.8.8.8 to look up your domain name which is registered through GoDaddy to find the IP address of your networks you are trying to access.

You need to make sure both networks can access an external DNS server like Google, Cloudflare, etc before you can properly resolve the IP addresses you set on your domain name. That means you need to have your VPN configured so that DNS will work for any clients behind the VPN. Verify that both networks can access DNS properly before moving to the next step of troubleshooting.

For your domain name, you just need to set the IP address of the main domain or any subdomains you have created. If your IP address(es) are dynamic, you can use a DDNS client like you suggested to keep them up to date. If you are testing stuff out, you can of course manually set the IPs until you can figure out how to properly configure your DDNS clients.

DNS is one of those things you are better off minimizing the complexity involved because it may very well bite you and make it difficult to troubleshoot what is happening in your networks.

You may want to use the bare minimum DNS first to get things working (such as using the built-in Unbound DNS in OPNsense) rather than Pi-hole. Once you get that working, then you can move over to Pi-hole. I find it easier to get the basic functionality working first and then add one new change at a time until I have everything configured how I want. The reason is that I know for sure which changed broke the configuration and then I can roll back to try again (or try something else).

10

Troubleshooting / Re: Info - Debug Logs just started appearing in their 1000's Help Needed

« Last post by Home Network Guy on March 14, 2023, 11:06:58 AM »

Do you have static DHCP reservation for devices with static IPs or manually configured on each client? Those clients which you set as a static DHCP reservation in OPNsense will still send a DHCP request because those clients have "automatic DHCP leases" enabled rather than a static IP defined on the client itself. It still has to get the IP address just like dynamic IP assignments except you're telling OPNsense to always hand out the same IP address to the client with a static DHCP reservation configured.

It is normal to see DHCP requests every couple of minutes when you have several clients on your network. I believe the DHCP log page is set to "warnings" by default because that log is spammy due to how often DHCP requests occur on the network.