Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: HExSM on February 08, 2021, 10:57:56 AM

Title: Ping OPNsense from LAN not working
Post by: HExSM on February 08, 2021, 10:57:56 AM
Hi everyone,

I use OPNsense as a OpenVPN Gateway behind another firewall. So I have just a LAN interface. The system is running on Hyper-V.

Everything is running fine, except the ping from the LAN network. There I have a monitoring server running, which checks if my servers are running. For testing I created an ANY rule, but ping is still not working.

Action: pass
Interface: LAN
Direction: in
TCP/IP Version: IPv4
Protocol: any
Source: any
Destination: any

My OpenVPN clients are able to ping the OPNsense server.

Does anybody have an idea what I do wrong? :)

Thank you in advance!
Title: Re: Ping OPNsense from LAN not working
Post by: Maurice on February 09, 2021, 02:27:09 PM
Does this single interface have a default gateway?
Title: Re: Ping OPNsense from LAN not working
Post by: HExSM on February 10, 2021, 09:40:26 AM
Yes, the LAN interface has a default gateway. It is the IP of the router which is connected to the WAN.

I captured the packets and it seems that the ping reply is sent to the gateway instead to the client who sent the ping request. But I have no idea what I have to change to fix this problem. :(
Title: Re: Ping OPNsense from LAN not working
Post by: Fright on February 10, 2021, 11:08:30 AM
any custom rules created instead of default rules?
Title: Re: Ping OPNsense from LAN not working
Post by: HExSM on February 10, 2021, 11:34:21 AM
Quote from: Fright on February 10, 2021, 11:08:30 AM
any custom rules created instead of default rules?

No. But it seems that the firewall is fine. It seems that routing is the problem, because the reply is sent to the gateway instead to the client who sent the ping.
Title: Re: Ping OPNsense from LAN not working
Post by: Maurice on February 10, 2021, 01:38:52 PM
An interface with a default gateway is considered a WAN-type interface. And by default, replies to incoming packets on WAN interfaces always get sent to the default gateway, not to the host which sent the packet. This behaviour can be disabled in the advanced firewall settings (disable reply-to). You might also want to disable force gateway.
Title: Re: Ping OPNsense from LAN not working
Post by: Fright on February 10, 2021, 02:18:38 PM
or just leave "Auto-detect"  Upstream Gateway in LAN interface settings
Title: Re: Ping OPNsense from LAN not working
Post by: HExSM on February 10, 2021, 10:21:50 PM
Quote from: Maurice on February 10, 2021, 01:38:52 PM
An interface with a default gateway is considered a WAN-type interface. And by default, replies to incoming packets on WAN interfaces always get sent to the default gateway, not to the host which sent the packet. This behaviour can be disabled in the advanced firewall settings (disable reply-to). You might also want to disable force gateway.

Thank you very much Maurice! Disabling the reply-to feature was the key to solve my problem! :)

Quote from: Fright on February 10, 2021, 02:18:38 PM
or just leave "Auto-detect"  Upstream Gateway in LAN interface settings

Unfortunatly I did not find that setting, but thank you too Fright! :)
Text only | Text with Images