Good morning forum, i'm trying to integrate OPN (latest stable) as a firewall on my XCPNG (xen) cluster on Hetzner but cannot get VM behind it browsing web.
Some tech stuff: on Hetzner, each physycal host is connected in a vswitch (vlan) with a public subnet binded to it ( https://docs.hetzner.com/robot/dedicated-server/network/vswitch/ ). So, in a guest vm, if we attach his interface to the vswitch/vlan (MTU 1400) and give an ip from the public subnet, the VM can browse with this new public ip (tested, working).
The problem: i made the same exact configuration for the WAN side of OPNsense istance with some VM connected to the LAN (behind NAT) and those VM can only ping/resolve external addresses but got timeout when browsing internet. Tried reset, pfctl -d, review ruleset but nothing seems help
Any hint? Thank you
Resolved, the problem was the MTU of 1400 for the vSwitch that's need to be set at VM level, leaving the default (1500) on the virtual nic at hypervisor level