Messages

Ah, I see click below to attach.

Have attached the XML.  I've done this with the internet route off though.  Reasoned that it should still hold the setup.  If you need one with it active let me know and I'll do it when the family are asleep.

Hi ab5g

It goes Vodafone -> Dg612 (unlocked) -> OpnSense box.

I reset both to factory then configured the LAN to one port and the WAN to a pppoe connection.

These things are nigh on impossible to debug as the family want to be using the internet all the time!  Currently I have to plug it all in and out when I get up for work at 530 in the morning ;-)

Both interfaces work fine and the broadband connects when it is plugged in and shows as down when it is not so all is okay.  I can NSlookup from the OpnSense device or any PC on the LAN and it works fine.  Nothing else does though.  I can tracert to the dns servers from the OpnSense box but only those and nowhere else.

When I look at routes table:

Proto   Destination   Gateway   Flags   Use   MTU   Netif   Netif (name)
ipv4   1.0.0.1   212.158.250.36   UGHS   32   1492   pppoe0   wan
ipv4   8.8.8.8   212.158.250.36   UGHS   0   1492   pppoe0   wan
ipv4   90.255.226.54   link#9   UHS   0   16384   lo0   
ipv4   127.0.0.1   link#6   UH   0   16384   lo0   
ipv4   192.168.0.0/24   link#3   U   1214   1500   em2   lan
ipv4   192.168.0.1   link#3   UHS   0   16384   lo0   
ipv4   212.158.250.36   link#9   UH   32   1492   pppoe0   wan
ipv6   ::1   link#6   UH   0   16384   lo0   
ipv6   fe80::%em2/64   link#3   U   0   1500   em2   lan
ipv6   fe80::ee8:5cff:fe68:bac2%em2   link#3   UHS   0   16384   lo0   
ipv6   fe80::%em3/64   link#4   U   0   1500   em3   
ipv6   fe80::ee8:5cff:fe68:bac3%em3   link#4   UHS   0   16384   lo0   
ipv6   fe80::%lo0/64   link#6   U   0   16384   lo0   
ipv6   fe80::1%lo0   link#6   UHS   0   16384   lo0   
ipv6   fe80::%pppoe0/64   link#9   U   0   1492   pppoe0   wan
ipv6   fe80::ee8:5cff:fe68:bac0%pppoe0   link#9   UHS   0   16384   lo0   

I have no default route.  I DO have the destinations for the DNS servers in going to the gateway 212.  Both have pppoe() as their route and they work.  212 is the providers network and where I would expect packets to go.  What I don't get is why there is no default route being setup.  Interfaces overview is fine two both interfaces are up.

Yeah, no probs.  I will do that tonight and send it through to you.  is there a good way to do that from this site or better to share from onedrive or something?

Blast did this.  No difference from a functioning point of view and the routing table is below, however I forgot to check the dpinger so will need to do that tomorrow.

Proto   Destination   Gateway   Flags   Use   MTU   Netif   Netif (name)
ipv4   1.0.0.1   212.158.250.36   UGHS   32   1492   pppoe0   wan
ipv4   8.8.8.8   212.158.250.36   UGHS   0   1492   pppoe0   wan
ipv4   90.255.226.54   link#9   UHS   0   16384   lo0   
ipv4   127.0.0.1   link#6   UH   0   16384   lo0   
ipv4   192.168.0.0/24   link#3   U   1214   1500   em2   lan
ipv4   192.168.0.1   link#3   UHS   0   16384   lo0   
ipv4   212.158.250.36   link#9   UH   32   1492   pppoe0   wan
ipv6   ::1   link#6   UH   0   16384   lo0   
ipv6   fe80::%em2/64   link#3   U   0   1500   em2   lan
ipv6   fe80::ee8:5cff:fe68:bac2%em2   link#3   UHS   0   16384   lo0   
ipv6   fe80::%em3/64   link#4   U   0   1500   em3   
ipv6   fe80::ee8:5cff:fe68:bac3%em3   link#4   UHS   0   16384   lo0   
ipv6   fe80::%lo0/64   link#6   U   0   16384   lo0   
ipv6   fe80::1%lo0   link#6   UHS   0   16384   lo0   
ipv6   fe80::%pppoe0/64   link#9   U   0   1492   pppoe0   wan
ipv6   fe80::ee8:5cff:fe68:bac0%pppoe0   link#9   UHS   0   16384   lo0   

Note both DNS servers are the only things accessible from anywhere and both have their route set as via the gateway 212.  it feels like a default route out for the rest is not being added.

Okay I have done that.  I won't be able to test till tomorrow morning though as Son is deep into internet gaming right now and turning off the internet would not go down well ;-)

At present it is running and connected to the 612, but that is not connected to the broadband.  This is why I am currently using 192.168.0.1 as its address so that I can attach too it from this machine with a second address added to this machines IP4 setup.

Looking at it curretly there is no Dpinger at all.  I assume because there is no internet connection.  Will swap first thing tomorrow and see what happens and let you know.

Nope, it is running on a celeron J1900 powered device for the job.  It has plenty of RAM and disk and four network ports.

My IP is 90.255.x.x  Although that seems to be backed off by a 212.158 number.  I can't look at the moment as I have the 612 disconnected so there is no WAN in place on the firewall/router.

I have no routes either, I was looking to see what you get in the routing status, see if mine is similar.  I have Netif values of pppoe(), lo0, em2, em3.  The EM ones are the network ports on the device 3 is WAN and 2 is LAN.  pppoe() is presumably the broadband link, I just don't know what lo0 is.

Interestingly the 1.0.0.1 address has a gateway of the 212.158.x.x and a netif name of pppoe().  This is the only address that actually works and that makes sense as a route has been generated to achieve this.  What I am not sure of is why there is no ANY type route.

Mine is identical to that and doesn't work :-( 

Could you show me what your System->Routes->status looks like?  Maybe there is something in there that will solve the issue for me.

Thanks for that.  I am using an old 612 against a Vodafone broadband.  I am pretty sure though that Vodafone actually piggy back on BT anyway as they use the same VLan as BT hence why the whole shebang does seem to connect.

I did read a post somewhere that said something about the auto NAT rules not working and you needed to create a NAT rule.  This seemed weird and at this stage I wanted my config as default as possible.  Once I have something working, then I can save the config and look to start to implement some of the stuff that I wanted this to do in the first place ;-)

No problem, certainly no reason to apologise.  Your help is gratefully received.

I went into diagnostics and tried to ping 8.8.8.8 and it failed.  I then pinged 1.0.0.1 and it worked.

Went into settings general and added 8.8.8.8 as a DNS server with the gateway set to the wan.

Back in diagnostics tried to ping 8.8.8.8 and it worked perfectly.

It would seem to be something going on within OpnSense to do with routing or firewalling that is stopping stuff not specifically configured from travelling. 

Having fought OpnSense for a bit I now seem to have achieved a connection to the internet.

My only issue right now is that only DNS queries seem to travel it!  Looking at the status page in routes I am struggling to understand what is there as it talks about Link#3 and Link#9 with no reference to what those are.  However as I can make NSlookup queries against 1.0.0.1 I am assuming that routing is actually working.

This means that something else is stopping me getting information too and from the internet.  I thought the basic setup of OpnSense would get things basically working.  Seems something might be missing though and again I need pointing in the right direction.

I have IPv4 "Any" rules defined by default in the LAN firewall rules as part of the setup and I thought that this would be all I needed firewall wise.  There are now Floating or Wan rules.  Similarly NAT is set to Autogenerate only so again I thought I would be okay.  Essentially I have done a factory reset, configured the local LAN on 192.168.0.x/24 and the WAN as PPPoE with my broadband password and that is it.  I have verified that all else is disabled so there should be nothing else interfering right now. I have disabled the resolver on UnBound and pointed my client directly at 1.0.0.1 to avoid local DNS issues as a challenge.

What am I missing?  I know someone is going to say something that makes me feel like a complete idiot.  Right now though I just cannot figure it out.

Well doing a factory reset on both helped.

I now have a route out and I can manage to send stuff from one network to another.  What I need to understand now is why I cannot do that on a network level.  I can do an NSlookup and get back the ip address of the web site.  I cannot access the website though.

I have a LAN any rule in place at the moment so I thought anything on my LAN should be able to go in and out.  Doesn't seem to though and even though I can NSlookup from the OpnSense tools and Ping some addresses from there, I cannot run a tracert from there.

I guess I have loads more reading to do before I can make this work :-(   I naievly assumed that a basic setup would be easy and I could work it to be more complex from there.

Thanks Marjohn56. 

I had trouble getting the PPPoE to connect and the advice I found was that I had to do this.

I decided to go with a full factory reset on both this morning and setup from scratch and see if that helps.  At least it will be cleaner in the long run.  If I can get it going.

Really want to get some OpnSense goodness into my network...

Yep I am in the UK, using Vodafone broad band.

I have done exactly that on OpnSense.  I setup a VLAN interface on 101.  I plugged that into the WAN configured as PPPoE with the password etc for my link.  All of that works.  I get an "Up" status in the overview. All seems to be fine with this side of the link.  I just cannot get packets to travel over it.  Nothing happens.

If I look in the routes I can see IPV6 stuff (despite having put all IPV6 to none to try to reduce complications).  And I see an IPv4 address for the Lan.  I happily access my OpnSense box from here.  Nothing goes through it to the internet though.  I've tried bridges etc.   I just cannot figure out where the PPPoE connection actually is to setup a route to.  Not only that nobody else on the internet ever seems to have had that problem!

Today I have unlocked the DG612 so I can get on it and look at what it is doing.  It says it is connected.  It says it is using a PPPoE bridge.  So I have the same mystery there as on the OpnSense router.

Just stumped now.

I have tried this, no joy though.  I created a bridge between the PPOE connection and the local Wan port though so not sure if this was right.  Creating a bridge between the PPOE and the LAN seemed like a really bad idea.

Feels like something is just not configured correctly and I'm not getting it.  I note that the PPPoE connection itself does have an IPV6 address (although I wanted to turn off all IPV6 at this stage) however it has no IPv4, suggesting the connection is not getting DHCP.  I might try statically assigning an IPv4 address.

Challenge is I have to disconnect it all to look up solutions on the internet!