Hello everyone,
I have some difficulties with OPNSense on a multi-wan and dual-lan architecture.
Here is a diagram of the network (obviously I'm as good with paint as OPNSense ;D):
(https://www.roj.fr/wp-content/uploads/2021/09/network_config.jpg)
My LAN network works perfectly, on the contrary LAN_Test not.
I have no internet connection from LAN_Test, and even a simple ping request does not work from a PC on the LAN_Test network to 1.1.1.1 for example.
However, I can clearly see the request in the firewall logs. And this request comes out well:
(https://www.roj.fr/wp-content/uploads/2021/09/dns_resquest.png)
(https://www.roj.fr/wp-content/uploads/2021/09/imcp_resquest.png)
If I try to ping from LAN_Test to another opnsense, I can see the imcp request arriving on the target opnsense.
I have the impression that it is at the "return" that there is a problem with routing.
Here are my NAT rules:
(https://www.roj.fr/wp-content/uploads/2021/09/rules-e1631731394328.png)
Outbound:
(https://www.roj.fr/wp-content/uploads/2021/09/outbound_rules-e1631731297200.png)
If you have advice or an idea, I am interested. Thank you
I would start by checking your configured gateway(s).
https://docs.opnsense.org/manual/gateways.html
Thank you for the answer.
From the gateways, everything seems OK to me. LAN_Test is using my GW_MULTI_WAN gateway well.
Here is the config of the singles gateway :
(https://www.roj.fr/wp-content/uploads/2021/09/gateway-e1631737079276.png)
Groups:
(https://www.roj.fr/wp-content/uploads/2021/09/gateway_groups-e1631737086843.png)
For the dual-wan which works well on the LAN, I followed the official tutorial:
https://docs.opnsense.org/manual/how-tos/multiwan.html
that's exactly what I was going to suggest to check/follow.
I don't have a multi-wan setup at the moment to check things. I'm sure someone will peep with suggestions.
192.167... is not a valid RFC1918 subnet
Thank you for your answers.
I hadn't paid attention to staying within the RFC1918 standard.
So I changed the addresses to 192.167.0 .. to 192.168.120 with the hope that it works but no ..
I haven't seen anything from LAN_Test despite the firewall logs which seem to be working:
(https://www.roj.fr/wp-content/uploads/2021/09/ping.jpg)
On the other hand, if I do a ping test from OPNsense from the LAN_Test interface, everything is fine:
# /sbin/ping -S '192.168.120.1' -c '3' '1.1.1.1'
PING 1.1.1.1 (1.1.1.1) from 192.168.120.1: 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=55 time=31.780 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=34.224 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=34.950 ms
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 31.780/33.651/34.950/1.356 ms
With this problem I'm going crazy.