[SOLVED] Just installed OPNsense... So why can't I access the internet from LAN?

Started by twalk, November 22, 2017, 09:11:10 PM

Previous topic - Next topic
I just installed the latest OPNsense. I did an update and that went fine, so WAN has access to the internet. I can access the firewall from the LAN side. The firewall rules are the default on install, with the IPv4 LAN net to anywhere default rule. This is right after the install. So why can't I access the internet from a machine on LAN?

Hi!

Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.

Cheers!

Did you check the firewall logs? Try filtering the blocked traffic on the interface.

Then you can add a rule by clicking on the red cross to pass that traffic: it adds an easy rule.
Check if that works and proceed from there

Quote from: hutiucip on November 22, 2017, 10:03:33 PM
Hi!

Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.

Cheers!

That did it! Thank you, thank you, thank you

Quote from: twalk on November 22, 2017, 10:50:04 PM
Quote from: hutiucip on November 22, 2017, 10:03:33 PM
Hi!

Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.

Cheers!

That did it! Thank you, thank you, thank you


You're very welcome, glad it worked! :)

@franco, maybe it would be a good idea to include in the wizard the DNS resolving steps, and if there are problems with DNSSEC, to present the user a step for disabling hardened DNSSEC data, and eventually, DNSSEC completely.

Otherwise, maybe DNSSEC hardened data disabled by default during install?

Hi hutiucip,

We shouldn't provide less secure environments, but the initial DNS settings flip in the wizard is something we could do. Can you add a ticket to GitHub?

https://github.com/opnsense/core/issues


Thank you,
Franco

Quote from: franco on November 23, 2017, 11:14:41 AM
Hi hutiucip,

We shouldn't provide less secure environments, but the initial DNS settings flip in the wizard is something we could do. Can you add a ticket to GitHub?

https://github.com/opnsense/core/issues


Thank you,
Franco

Hi Franco!

Just did it: https://github.com/opnsense/core/issues/1962

Thank you again!