The Opnsense configuration (on a new DEC4610) was running well since the installation two weeks ago until today when I rebooted the ISP Cablemodem + Mikrotik Router. Now after reboot of the modem there is no internet connection for Wireguard to connect, ping fails and also I get the timeout for the firmware update. When I ping (w/ssh) I did notice that when I reboot opnsense, I get one(!) ping result connecting to the internet properly. Please advise what would need to be done to get this one back to work..
Setup: Latest Opnsense release 19.7.9, with Wireguard (ivpn), based on the latest Deciso DEC4610 Hardware.
Interfaces (all unchanged):
WAN: Internet > ISP Cablemodem (rebooted) > Mikrotik CCR Router > Opnsense DEC4610 WAN igb3
LAN: Opnsense DEC4610 (igb4) > Mikrotik CCR Router > Aruba LAN/WLAN
WG: wg0
On igb3 I only have ipv4 (ipv6 is set to none) and just one ipv4 gateway
I have two external DNS servers for the WAN (without any override)
I have only a minimum set of additional manual firewall / NAT rules (unchanged):
LAN Interface: ipv4 pass all source: LANnet
WG Interface: iPV4 pass all in
Wireguard Interface: iPV4 pass all in
NAT outbound: Wireguard interface, ipv4, pass, all, Interface address as NAT address
NAT outbound: WG interface, ipv4, pass, all, Interface address as NAT address
Not to overstate the Obvious but did you reboot the Opnsense box after you rebooted the cable modem? Could of been a disconnect in there somewhere, maybe the IP changed coming in from ISP, but the opnsense box hasn't picked it up yet because the WAN interface needs reset?
Hi, thanks. Indeed I should change the reboot sequence (first modem, then mikrotik router and then firewall) and will do so. However, I am sure this was not the issue as I rebooted the firewall manually afterwards.
I could only remedy the situation in the console by doing a reset to factory defaults and then re-applying the previously saved configuration. Not very elegant I confess but opnsense works flawlessly again. This is only way to get back the internet connection / ping without tinkering around. Probably something with the DNS settings or Wan connection. Any suggestions welcome!