Hi All,
New to the forum but not too new to opnSense, we have about 10 machines with the software on it. One of our machines when computers connect to it, it says no internet, however the computer can ping googles dns servers and other dns servers. It also can be accessed via Microsoft teams phone calls and sharing screen but it can't for the life of it browse the internet and I can't figure out what I'm missing.
I've ruled out the provider and my wireless router and it seems to be an opnSense issue but I can't figure out where.
I even did a fresh install and it still doesn't work.
Any help would be greatly appreciated.
Quote from: CLawrence on June 30, 2023, 06:28:39 PM
it says no internet, however the computer can ping googles dns servers and other dns servers
Are those computers on the LAN interface of OPNsense? Try setting their DNS to 1.1.1.1 / 8.8.8.8 / 9.9.9.9 (other public DNS is available)
Have a haiku 8)
Bart...
(https://www.cyberciti.biz/media/new/cms/2017/04/dns.jpg)
Quote from: CLawrence on June 30, 2023, 06:28:39 PM
Hi All,
New to the forum but not too new to opnSense, we have about 10 machines with the software on it. One of our machines when computers connect to it, it says no internet, however the computer can ping googles dns servers and other dns servers. It also can be accessed via Microsoft teams phone calls and sharing screen but it can't for the life of it browse the internet and I can't figure out what I'm missing.
I've ruled out the provider and my wireless router and it seems to be an opnSense issue but I can't figure out where.
I even did a fresh install and it still doesn't work.
Any help would be greatly appreciated.
Can you provide a diagram, including the other machines that you're testing with? Including one of the ones most similar to this but working.
When you mention it says no internet, are you referring to the MS indicator and check?
What do you mean about it being able to accessed by Teams calls and sharing?
Have you tried any DNS lookups? What does the ip config look like? Is this DHCP or manually assigned?
Having a similar problem when I disable my dhcp lan connection to OPNSense 23.1, the W10 (Broadcom nic) network connection does not get internet access again when enabled. I am not sure wny.
Hey,
i got a similar problem.
> One solution was the wrong DNS settings.
> Second solution was, that there was set up an Proxyscript on the clients -> After this was disabled everything was working fine.
@Mayo132
Second solution was, that there was set up an Proxyscript on the clients -> After this was disabled everything was working fine.
Can u further elaborate how to make the change? Thanks
@monju0525
Hey,
if you are using windows 11 - please have a look at:
Start Button -> "Settings" -> Network & Internet -> Proxy
If no Proxy is in your network, the "setupscript" and the "manually Proxysettings" should be empty.
Quote from: bartjsmit on July 01, 2023, 07:37:04 AM
Quote from: CLawrence on June 30, 2023, 06:28:39 PM
it says no internet, however the computer can ping googles dns servers and other dns servers
Are those computers on the LAN interface of OPNsense? Try setting their DNS to 1.1.1.1 / 8.8.8.8 / 9.9.9.9 (other public DNS is available)
Have a haiku 8)
Bart...
(https://www.cyberciti.biz/media/new/cms/2017/04/dns.jpg)
Hi Bart
I've had the DNS servers set to 8.8.8.8 as well as comcast's dns servers on the opnSense side under System, Settings, General, Networking.
Did you want me to try setting a computers DNS directly to that, that's on the lan?
Quote from: CJRoss on July 01, 2023, 03:29:16 PM
Quote from: CLawrence on June 30, 2023, 06:28:39 PM
Hi All,
New to the forum but not too new to opnSense, we have about 10 machines with the software on it. One of our machines when computers connect to it, it says no internet, however the computer can ping googles dns servers and other dns servers. It also can be accessed via Microsoft teams phone calls and sharing screen but it can't for the life of it browse the internet and I can't figure out what I'm missing.
I've ruled out the provider and my wireless router and it seems to be an opnSense issue but I can't figure out where.
I even did a fresh install and it still doesn't work.
Any help would be greatly appreciated.
Can you provide a diagram, including the other machines that you're testing with? Including one of the ones most similar to this but working.
When you mention it says no internet, are you referring to the MS indicator and check?
What do you mean about it being able to accessed by Teams calls and sharing?
Have you tried any DNS lookups? What does the ip config look like? Is this DHCP or manually assigned?
I've tested with a few laptops, a postage machine and a few cell phones.
All the devices have this problem.
I have Comcast Cable with a Static IP address, a cable comes out of there into the wan port on my opnSense machine, another cable comes out of my lan port and goes to my wireless router. It's an old Netgear nighthawk.
It could be the MS indicator check, if I look at the ethernet port or wireless card in windows it says connected no internet. If I open up a web browser and try to browse the internet I don't get to any pages, outlook doesn't work. The strange thing is I can be on a teams call with someone on this network (using the internet that the system claims it doesn't have) but can't browse the web or connect to outlook.
I will try dns lookups, I will send a pic of an ipconfig. The devices are getting dhcp from the opnSense software however I have also tried statically giving ip addresses from the opnSense machine as well because I thought at one point captive portal was the problem.
Hi,
So it looks like a dns problem because once I changed his windows wireless ipv4 dns settings to googles and the device was able to browse the web fine.
Attached are my dns settings that are from the opnSense, system, settings, general. These are the settings I have pretty much on all of my other servers.
Also attached is the ipconfig when it wasn't working as well as the nslookup when it wasn't working as well.
Okay, so your entire network isn't working. That's not the original impression I got.
What happens when you use the DNS Lookup page in OPNSense? What results do you get from leaving Server blank and when you set Server to 127.0.0.1?
Are you using the default Unbound? What does your Unbound config look like?
Hi CJRoss
DNS lookups with nothing in server are attached. Did Amazon & ESPN. Haven't looked at these before so i'm not sure what i'm looking at, I did look at this on a machine that seems to be working and it looks different.
When I type 127.0.0.1 in the server field I get no results.
Yes i'm using the default unbound. pic attached (Unbound settings)
I do want to let you know that it seems to be fixed at least on the devices that are connecting to the internet side because of the settings I added under Services, DHCPv4, Lan, DNS Servers. Pic attached (DHCP DNS)
Hi,
sorry for this question, but is the port 53 open at the LAN interface?
If not, you are not able to reach any DNS Servers. And if i get it right you have to allow it also when you are using unbound on the firewall.
So you have to create a rule > This Firewall > Any Port 53
Mario
Hi Mario,
No need for the question. Feel free to ask me whatever as you guys are trying to help me.
I have pretty much the default set up, I installed opnSense, I assigned my ip addresses, the dns settings, created a firewall rule so only I can get on the machine and that's about it. nothing else was edited.
That being said I don't know if port 53 is open on the Lan Interface or where to go to check. If you give me the steps to check I will take a look.
Hey,
can you post a screen of:
Klick on the menu on the left:
Firewall -> Rules -> LAN
Now you should see something similar to my file attached to this post.
Mario
Hey
See attached.
I don't remember putting any of this info in here, I just looked at another one of my machines and there are only 4 rules not 24 like this one.
Ok,
the rules are right -> You allow everything out of your network.
So please check if the Unbound is running:
Go to Services > Unbound DNS > General
>>> Have a look at the top right, is there a green "Play" button?
And please post a screen of
> Services > unbound DNS > Log File
thanks
And can you post the output of the follwing command on one of the clients ?
open a comand prompt:
nslookup google.de 8.8.8.8
thanks
EDIT:
And can you post the settings of your WAN interface ?
Quote from: Mayo132 on July 06, 2023, 06:53:24 PM
Ok,
the rules are right -> You allow everything out of your network.
So please check if the Unbound is running:
Go to Services > Unbound DNS > General
>>> Have a look at the top right, is there a green "Play" button?
And please post a screen of
> Services > unbound DNS > Log File
thanks
The green button is there, let me know if you want me to run it. It looks like the service isn't running.
Also there aren't any log files.
Quote from: Mayo132 on July 06, 2023, 06:56:51 PM
And can you post the output of the follwing command on one of the clients ?
open a comand prompt:
nslookup google.de 8.8.8.8
thanks
EDIT:
And can you post the settings of your WAN interface ?
Everyone is gone for the day out there. I can have someone test it tomorrow for me. I will have to remove my dns settings first too.
Thanks.
In the Case of the green play button, this is saying that the service ist running.
Can you provide us a short summery how you configure your WAN Side ? And how it is connected top the Internet ?
Are you using a dail in ? Or are you using an exsisting Internet Connection ?
Thanks a lot
Morning,
Attached is my wan interface info.
My wan is statically assigned, it's physically connected to my comcast modem. One network wire goes from the computer directly to the modem. Not using dial in, yes an existing internet connection.
Let me know if you want me to still get you that nslookup info.
I will most likely have to remove the settings that I have put in to get it working in the interim.
Hey, thanks for your reply.
Are you shure, that your provider is offering a /29 network to you ? Or could it possible also a /30 network?
=> /29 = 8 Ips // /30 = 4 IPs
50.x.x1.20 Gateway
50.x.x1.21 Opensense
50.x.x1.22 Gateway
50.x.x1.23 Broadcast
If you are getting a /30 Network you probably has a failure in your config.
It should look like:
50.x.x1.20 Gateway
50.x.x1.21 Modem
50.x.x1.22 Opensense
50.x.x1.23 Broadcast
So you should use the 22 at your opensense and the 21 at your modem.
> The upstream gateway for the opensense is the .21
Can you check these settings ?
We have 5 ips from Comcast we use the last one for opnSense.
My subnet mask is 255.255.255.248 which from what I looked up is a /29. At one point I did have it as /28. That was before I reached out to you guys for help.
I thought it was strange that our gateway was higher than our ip's but all our other equipment works in that office.
Ok,
so you set up the other pc's like this config ?
50.x.x1.16 PC1 (Gw: x.22)
50.x.x1.17 PC2 (Gw: x.22)
50.x.x1.18 PC3 (Gw: x.22)
50.x.x1.19 PC4 (Gw: x.22)
50.x.x1.20 PC5 (Gw: x.22)
50.x.x1.21 Opensense
50.x.x1.22 Gateway
50.x.x1.23 Broadcast
And PC1 - 5 get a working internet connection ?
If this is the case, please do the nslookup info behind the opensense.
No We start at 17, we have 17-21 as usable ips. GW is 22.
We have a firewall that has 17-20.
21 is opnsense.
You want me to run the nslookup directly from opnSense or from a computer connected to opnSense?
Please do it from a pc connected to the OPensense.
Here you go.
I have his computer for the next couple of minutes so let me know if there is anything else you'd like me to try.
Hey,
great -> this means, your network is working.
So please try out the following:
Go to your OpnSense -> System -> Settings -> General
Uncheck the "DNS Server optons" "Allow FND Server list to be overwridden by DHCP/WAN"
> Only fill in google DNS server or cisco Umbrellas
And try to a new nslookup (without the 8.8.8.8)
Quote from: CLawrence on July 06, 2023, 06:18:02 PM
I do want to let you know that it seems to be fixed at least on the devices that are connecting to the internet side because of the settings I added under Services, DHCPv4, Lan, DNS Servers. Pic attached (DHCP DNS)
Hi,
and sorry. I had a look at your "DHCP" Server settings. Please, remove the DNS Servers there. It should be "blank".
I unchecked the allow dns server list to be overidden, tried with 8.8.8.8 as my first option as well as the cisco addresses and it failed, pulled out the google dns and just left the cisco ones and it still failed.
I already removed the DHCP server settings that I made because I knew that made the network work and I'm sure you wanted it in the state of not having that info in there.
The nslookup looks the same as they did with those settings applied.
Last but not least, I can still talk with the end user on teams, control his screen via teams but can't access the internet on it while on that network.
mhh, thats realy tricky.
can you try to do Query forward in your "Unbound"
go to
Services -> unbound DNS -> Query Forward.
>> Check the upper checkbox " Use System Nameservers"
And give it another try.
Sorry i've forgot to ask the following.
> Set up the DNS 8.8.8.8 on your client pc
> Do a new ns lookup for "google.de"
What is the output ?
That setting seems to work.
The client pc has internet now.
In the picture the first search was nslookup google.de and the second was nslookup google.de 8.8.8.8
Hey,
nice to hear.
So the problem is located at the DNS Server on the OPN sense.
> With the last option, OPN sense forwards all DNS queries to the Upstreamservers
Please check if everything is working, like expected. If this is the case, we will have a closer look to DNS Settings of unbound.
Dear Mario
Quote from: Mayo132 on July 06, 2023, 06:27:19 PM
Hi,
sorry for this question, but is the port 53 open at the LAN interface?
If not, you are not able to reach any DNS Servers. And if i get it right you have to allow it also when you are using unbound on the firewall.
So you have to create a rule > This Firewall > Any Port 53
Mario
LAN has the default allow all rule so you don't need to add one for DNS. Also, testing on the DNS Lookup page means we're not going through tthe firewall to the local Unbound.
Quote from: CLawrence on July 06, 2023, 06:18:02 PM
Hi CJRoss
DNS lookups with nothing in server are attached. Did Amazon & ESPN. Haven't looked at these before so i'm not sure what i'm looking at, I did look at this on a machine that seems to be working and it looks different.
When I type 127.0.0.1 in the server field I get no results.
My apologies for being on Comcast. What this is telling us is that Unbound isn't working correctly on your system. You're only getting results from your specified providers.
Quote from: CLawrence on July 06, 2023, 06:18:02 PM
Yes i'm using the default unbound. pic attached (Unbound settings)
What do the Unbound Query Forwarding and DNS over TLS pages show? What about the Log page? Do you have the Green arrow in the upper right of the Unbound page?
Quote from: CLawrence on July 06, 2023, 06:18:02 PM
I do want to let you know that it seems to be fixed at least on the devices that are connecting to the internet side because of the settings I added under Services, DHCPv4, Lan, DNS Servers. Pic attached (DHCP DNS)
Yes. That's because you've changed your DHCP to provide upstream DNS servers instead of letting it default to the OPNSense.
Something is going on with your OPNSense DNS. We just need to determine what. Can you also post your Dnsmasq settings as well?
Morning,
Everything seemed to be working from the last settings we made. I'm confirming with more users to see if everything is good.
If everything is good could we just leave it with the settings we have now or should we do more troubleshooting/changes?
Somehow I managed to miss an entire page of posts when I created my reply. Not sure what happened there.
You should be good to go if you're able to get results from Unbound now.
Quote from: CJRoss on July 10, 2023, 07:03:37 PM
Somehow I managed to miss an entire page of posts when I created my reply. Not sure what happened there.
You should be good to go if you're able to get results from Unbound now.
Hey,
sorry for the late response.
The summery of page 2 is, that we set up unbound in forwarding mode.
@Clawrence
I don't think that this should be a disadvantage. I think the only disadvantage could be a "privacy" aspect. If you use unbound without forwarding, the DNS record is resolved at your system.