I have the following setup, I followed this guide because I intend to install ZenArmour.
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense
Version: OPNsense 24.1.8-amd64
Two interfaces in bridge mode:
LAN (opt1)
device: re0
link type: none
WAN (opt2)
device: re1
link type: none
Bridge (opt3)
device: bridge0
link type: static
IPv4: 192.168.1.2/23
Routes: 192.168.0.0/23
Network topography is...
Internet > Arris modem > Unifi USG Lite gateway > OPNsense device > Unifi Switch connected to the rest of my local network
Bridge is working great, all traffic from my network is passing over the bridge without issue. Now I wanted to install ZenArmour, but when I go to System > Firmware > Status and Check for updates, it fails with the error "Could not find the repository on the selected mirror."
Updates log shows...
Quote***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.1.8 at Thu Jun 13 03:33:08 UTC 2024
Fetching changelog information, please wait... fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/sets/changelog.txz: Network is unreachable
Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/meta.txz: Network is unreachable
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.pkg: Network is unreachable
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.txz: Network is unreachable
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
I figured somehow DNS wasn't working, so I went to Interfaces > Diagnostics > DNS Lookup and entered "pkg.opnsense.org". I got the following reply.
Response
Type Answer Server Query time
A pkg.opnsense.org. 900 IN A 89.149.222.99 192.168.1.4 28 msec
AAAA pkg.opnsense.org. 900 IN AAAA 2001:1af8:5300:a010:1::1 192.168.1.4 27 msec
So DNS seems to be working fine, that's my local DNS server that's external to the OPNsense device that forwards requests onto my Cloudflare DNS resolvers.
I resolved "pkg.opnsense.org" to 89.149.222.99 on another device and attempted to ping it from Interfaces > Diagnostics > Ping
All packets failed, with the error "sendto: No route to host".
If I ping any address on my 192.168.1.0 network, those pings do work.
I looked at the "IPv4 gateway rules" option on the Bridge interface, but it just says "Disabled". I don't see a way to specify the default route.
Any ideas what's going on? The bridge is working, but the OS doesn't seem to know a valid route to the internet.
Fixed it!
I had to go System > Gateways > Configuration.
Add a new gateway with the following settings.
QuoteName: Internet gateway
Interface: Bridge
Address Family: IPv4
IP Address: 192.168.1.1
Upstream Gateway: Enabled
This fixed the issue.