Ive setup OPNsense on an old Sophos firewall and plan on setting up OpenVPN to create a site to site VPN. But while trying to do that, I realized, that no traffic is coming through WAN (igb1). Ive searched online, including this forum, and found plenty of similar cases, yet I couldn't replicate their solutions. Most of them mentioned having to setup firewall rules on WAN, which I tried, but it didn't work. I even set a rule to allow ping requests from a specific IP, but that also didn't work.
Ive also reset the firewall multiple times by now. As of right now its reset to factory default.
Does anybody know why the manually added rules just get ignored?
Without you showing the rules you set up it's difficult to assist you. So I recommend you do that. Something is wrong with your rules.
This is currently the only rule I have setup.
Screenshot 2025-02-06 at 10-25-47 WAN Rules Firewall OPNsense.localdomain.png
This is a private network. Is your OPNsense behind another router? Are you trying to access the WAN address from a PC in that same network?
- remove the gateway from the rule
- check "Disable reply-to" in Firewall > Settings > Advanced
The firewall is not behind an additional router and the PC I'm using to try and connect to the WAN address is in the same network. I can ping the PC from the firewall, but not the other way around.
I've also checked the logs to make sure the pings even reach the firewall, and they do
Ive checked "Disable reply-to" in the settings and set the Gateway to default. The ping requests still don't make it through.Screenshot 2025-02-06 at 10-37-21 WAN Rules Firewall OPNsense.localdomain.pngScreenshot 2025-02-06 at 10-40-26 Packet Capture Diagnostics Interfaces OPNsense.localdomain.png
Please show the configuration of your WAN interface.
Here you go:
Screenshot 2025-02-06 at 10-57-56 WAN Interfaces OPNsense.localdomain.png
172.16.xxx is definitely an RFC1918 private network.
Your WAN is not internet facing, which makes it safe to connect a PC as a peer.
Using OPN within a private network is fine (I have a test instance on my network too).
You might want to disable bogons on WAN as well.
You've saved the rule AND applied it, right?
You must see a log entry for icmp traffic in Firewall > Log Files > Live view
I got a pass with my custom rule on my test instance...
Yes I did apply the rule after saving it and I've also tried disabling bogons as well. None of it worked.
After getting more annoyed at this issue I've installed pfsense and went through the same setup of creating a rule specifically for ICMP packets.
It worked. Even the VPN worked flawlessly. I'm not sure why, but most likely I borked something up when installing OPN on the firewall.
Anyway thanks for your help. I'll mark the thread as solved. At least for me it is.