Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: benibilme on April 22, 2020, 10:18:34 PM

Title: Solved - OPNsense upgrade to 20.1.4 from 19 series broke my system
Post by: benibilme on April 22, 2020, 10:18:34 PM
Hello,

Upgrade broke my system. Every new computer added to the system can not pass the firewall, eventhough there are correct rules based on aliases defined for the new machines.

The symptom is follows:

From the live log view of the firewall, it shown that based on the active pass rule the packets from the machine allowed to pass to internet.
However from the machine, even firewall can not ping and internet can not accessed. The machine can access local network and other network resources such as shared folders etc.
Title: Solved - OPNsense upgrade to 20.1.4 from 19 series broke my system
Post by: benibilme on April 23, 2020, 12:27:45 AM
Problem is solved and it seems our bad. However there is unexpected behaviour of opnsense.  I have been using separate dhcp server backed by a radius server. Opnsense dhcp normally not active and just relaying to the separate dhcp server. Once there was a problem with the internal server and I migrated the dhcp to opnsense for a short period of time. I have defined static entries. After the separate dhcp server is activated again, the opnsense dhcp server is disabled and was put again in relay mode. However, the static entries were left, with reasoning that they might be needed it in the future. There was a checkbox which said do not pass unknown clients, it was also ticked. Contrary to our expectation, this setting was active and was not allowing any new machine that was not defined in dhcp static enteries. dhcp entries even take precedence of firewall rules. Machines not whitelisted can not even ping the firewall nor pass it even though the firewall rules allows.

Quote from: benibilme on April 22, 2020, 10:18:34 PM
Hello,

Upgrade broke my system. Every new computer added to the system can not pass the firewall, eventhough there are correct rules based on aliases defined for the new machines.

The symptom is follows:

From the live log view of the firewall, it shown that based on the active pass rule the packets from the machine allowed to pass to internet.
However from the machine, even firewall can not ping and internet can not accessed. The machine can access local network and other network resources such as shared folders etc.


Title: Re: Solved - OPNsense upgrade to 20.1.4 from 19 series broke my system
Post by: youngman on June 04, 2020, 05:23:46 AM
Just wanted to say thanks mate - this just caught me out too.
Text only | Text with Images