OPNsense Forum

Hello guys,

One important note beforehand: this all is not working anymore since my update to 22.7.2.

might be somehow a copy of https://forum.opnsense.org/index.php?topic=29962.0 , but i think this is quite urgent and not directly related to Wireguard.

On my firewall, after the latest update, every traffic originated from the firewall itself leaves with a source ip of 0.0.0.0. Therefore i never receive any answer.

If i do ping 9.9.9.9 --> no answer
If i do ping -S <WAN_IP> 9.9.9.9 --> everything works as expected

I added a NAT rule (Outbound, Interface WAN, Source IP 0.0.0.0/32, Destination !PRIVATE_NETWORKS(10.0.0.0/8, 192.168.0.0/16,..., MASQUERADE with WAN IP) --> now ping 9.9.9.9 works

This is definitly a major problem for me. Does anybody has a clue whats going on here?

Thanks in advance!

Can be closed. I was able to fix it by myself.

Thanks a lot for this.

This finally fixed my update problem and I believe it will fix my wireguard problem as well.

I only had automatic NAT rules before - none of which changed IP.

Quote from: Rhabarbertorte on August 22, 2022, 05:59:45 PM
Can be closed. I was able to fix it by myself.

And how exactly, please?

Quote from: pmhausen on August 22, 2022, 06:22:59 PM

Quote from: Rhabarbertorte on August 22, 2022, 05:59:45 PM
Can be closed. I was able to fix it by myself.

And how exactly, please?

I'm not 100% sure. But i disabled e.g. a failover interface (which i don't use anymore) and all routes / gateways belonging to it. I also disabled dynamic gateway switch globally.

Quote from: schup on August 22, 2022, 06:16:00 PM
Thanks a lot for this.

This finally fixed my update problem and I believe it will fix my wireguard problem as well.

I only had automatic NAT rules before - none of which changed IP.

I don't really get your point. But good to know this was somehow helpful.

I'm interested in this. When the system is in the "broken" state is there any "0.0.0.0" in the ifconfig output or in the pf.conf rules?

# ifconfig | grep 0\\.0\\.0\\.0
# grep 0\\.0\\.0\\.0 /tmp/rules.debug

Because if there is not this might be a kernel bug in FreeBSD 13.1 or our auxiliary patching for it (shared forwarding).


Cheers,
Franco

Quote from: franco on August 22, 2022, 09:05:09 PM
I'm interested in this. When the system is in the "broken" state is there any "0.0.0.0" in the ifconfig output or in the pf.conf rules?

# ifconfig | grep 0\\.0\\.0\\.0
# grep 0\\.0\\.0\\.0 /tmp/rules.debug

Because if there is not this might be a kernel bug in FreeBSD 13.1 or our auxiliary patching for it (shared forwarding).


Cheers,
Franco

I am currently really glad that I could somehow solve the problem. Nevertheless, I would like to help, of course, if this is a general problem.

I still have the backup config XML where the problem occurred. If I find time tomorrow I will restore it to a virtual machine with OpnSense. Then I can do the said searches for 0.0.0.0.