i am trying to evaluate opnsense to replace 10G internet router, and the device is making strange forwarding decisions. I have a default route and one BGP peer, announcing one subnet. Traffic to this subnet works perfectly -- so i can ping out -- the problem is that when pinging from the other side of the bgp peer, the replies are sent to default gateway...
Please see attached screen shot showing the same src/dst pair- but different next hop MAC address
Local host on trusted side of OPNSense is 172.20.22.21 -- IP of host on other side of BGP-learned link 172.20.34.100
The most puzzling part, is that if i disable all firewall - it routes/forwards correctly.
please help, as i really want to use OPNSENSE as my 10G internet router.
Is that BGP peer connected to your WAN interface?
If yes, try ticking the box on "Disable force gateway" under advanced firewall options.