Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: BeTZe313 on May 13, 2025, 10:11:22 AM

Title: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 10:11:22 AM
Hello, i have a fresh install OPNSense installation. At first i want to update OPNSense and i get this error:

QuoteFetching changelog information, please wait... fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/sets/changelog.txz: Host does not resolve


When i ping from the OPNSense to 8.8.8.8 i get for example this message:

Quote7 packets transmitted, 0 packets received, 100.0% packet loss

Ping to www.google.de have no message.

From my ISP i have a static IP4 address and i config the WAN Interface with this Static IP. My Gateway have the tham IP Address.

I search google about tips, but nothing solve my errors.

Can someone help me?
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: cookiemonster on May 13, 2025, 10:24:39 AM
Probably IPv6 getting in the way. Do you have ipv6 from your ISP? If not, you can disable it on the WAN. Do a health check too.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: Patrick M. Hausen on May 13, 2025, 10:28:28 AM
The gateway must not have the same IP address but the one of the ISP router.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 11:22:02 AM
@cookiemonster
I get no ipv6 and in WAN i have it disable (Option "none")

@M. Hausen
I have from my ISP an oneaccess one 420 router. I call with the ISP an get the information, that the oneaccess have no own IP Adress. Their is a cable from ISP in the oneaccess and from their a cable in ma OPNsense.

Which IP address i then use for the gateway?
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: Patrick M. Hausen on May 13, 2025, 11:24:04 AM
Your ISP needs to tell you. Or maybe they are using DHCP or PPPoE. Only they know.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 11:35:40 AM
I phone right know with the ISP. The Oneaccess is like a can on a wall where i put in my cable from my router.
The oneaccess hast the static IP from my ISP in it. Their ist no DHCP or PPPoE Login.

I can ping the IP from my OPNsense to the oneaccess IP.

Edit:
I search now at google for OPNsense and oneaccess and found thomething about one-to-one nat. Could this be the solution?
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: Patrick M. Hausen on May 13, 2025, 11:44:56 AM
Then configure the Oneaccess IP as your default gateway and try again.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 12:03:49 PM
This situation i have. I configure the Oneaccess IP as my default gateway.

With this i can not ping for example to 8.8.8.8 and the update of the OPNsense don't go.

if i have this config with the ip from the Oneaccess as gateway, must i create a new firewall rule?
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: Patrick M. Hausen on May 13, 2025, 12:09:11 PM
No. What netmask did you use with that static WAN IP? What *is* the static WAN IP?

Again: your ISP must know how you should configure your end device.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 12:25:09 PM
I use in my lan 10.0.0.0-255. The static WAN IP is like 87.247.51.111

My ISP said, the Oneaccess is like a normal connection where i put a cable from the oneaccess to my router. And the router would be the OPNsense.

Edit:
Would be the problem, that my ip range complete different?
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: Patrick M. Hausen on May 13, 2025, 12:29:24 PM
What netmask goes with the 87.247.51.111 and what is the IP address of the Oneaccess gateway? All of this needs to match and then the Oneaccess must be configured as your upstream gateway.

You can pick your internal network as you like as long as it is from the RFC 1918 address range: 10.*, 172.16-172.31.*, 192.168.* ...
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 02:00:45 PM
I think I'm a little bit further along.

I phone with the ISP and get more information.

I have know the ip of the router.
The Network-Size is 87.247.51.109/29
The Subnet is 255.255.255.248
Ip of the Route is 87.247.51.110

I have also the DNS Server IPS

Know go to Interfaces->WAN and put the Router IP in the static ipv4 Field.
In the Gateway i put the same router IP in the static ipv4 Field.

Then i have no new effect. But when i go to Interfaces->WAN and choose at IPv4 gateway rules my Gateway then i can for example ping at 8.8.8.8

At the Stettings->General-> DNS i put the two DNS Server from my ISP and choose my Gateway at both.

Their is my next Problem. I can ping the DNS Server. But i can not ping for example at "www.google.com". Their come nothing.

When i want to check to update my OPNsense then i am at the Status Tab and right from the status Text i have rotating circle. When i click on the "Check for Updates" i come to the Update Tab and after a little bit oft time their comes the message, out of Time.

One Windows client say, their is no Connection to the Internet.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: Patrick M. Hausen on May 13, 2025, 02:06:08 PM
Quote from: BeTZe313 on May 13, 2025, 02:00:45 PMKnow go to Interfaces->WAN and put the Router IP in the static ipv4 Field.
In the Gateway i put the same router IP in the static ipv4 Field.

No.

Your network is (according to your ISP):

87.247.51.110

And the network size is:

/29

That means you can use the IP addresses:

87.247.51.105
87.247.51.106
87.247.51.107
87.247.51.108
87.247.51.109

for devices you want to connect.

They already suggested you use:

87.247.51.109/29

That means:

IPv4 static
Address: 87.247.51.109
Netmask/Prefix: /29

Gateway: 87.247.51.110

Add the correct DNS servers in the DNS settings and Internet will probably work.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 02:46:31 PM
Ok, i have change to this config

Gateway    87.247.51.110
WAN        87.247.51.109

When i Save the WAN Config, then i have for 30-40 Seconds Internet on the OPNsense. In the Dashboard were shown Announcements and i can ping to 8.8.8.8 and www.google.com

But after the 30-40 seconds this is away. When i now save the WAN Config and apply, then is all their for the little time. The same when i reboot. After the start all is possible and then away.

The Windows Client shows, that internet ist avaible. But i can't open a website or can ping to something.

Do you have an idea, what can be the problem?
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: meyergru on May 13, 2025, 02:51:13 PM
It could be that you are leaking RFC1918 or other invalid addresses as source or destination and that your ISP does not like it and cuts off the connection. You could look at a tcpdump of your WAN connection to see if this is the case.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 03:08:55 PM
Hello, i have done a tcpdump on teh WAN connection but i see their nothing.

Here are when the connection ist down and something befor.

Code Select
15:03:56.662555 IP port-87-234-51-225.static.as20676.net.domain > 87.234.51.229.34844: 64458 4/0/0 CNAME downloadservice.agenda-software.de.edgekey.net., CNAME e92588.dscd.akamaiedge.net., A 23.207.210.146, A 23.207.210.147 (181)
15:03:56.674393 IP 87.234.51.229.ntp > srv.hueske-edv.de.ntp: NTPv4, Client, length 48
15:03:56.677978 IP dns.google.domain > 87.234.51.229.34844: 64458 4/0/0 CNAME downloadservice.agenda-software.de.edgekey.net., CNAME e92588.dscd.akamaiedge.net., A 95.101.182.112, A 95.101.182.82 (181)
15:03:56.680101 IP 89.149.225.137.https > 87.234.51.229.50586: Flags [.], seq 3351:4791, ack 727, win 505, options [nop,nop,TS val 2572754376 ecr 203939666], length 1440
15:03:56.680108 IP 87.234.51.229.50586 > 89.149.225.137.https: Flags [.], ack 4791, win 500, options [nop,nop,TS val 203940132 ecr 2572754376], length 0
15:03:56.680208 IP 89.149.225.137.https > 87.234.51.229.50586: Flags [P.], seq 4791:6231, ack 727, win 505, options [nop,nop,TS val 2572754376 ecr 203939666], length 1440
15:03:56.680211 IP 87.234.51.229.50586 > 89.149.225.137.https: Flags [.], ack 6231, win 500, options [nop,nop,TS val 203940132 ecr 2572754376], length 0
15:03:56.680331 IP 89.149.225.137.https > 87.234.51.229.50586: Flags [.], seq 6231:7671, ack 727, win 505, options [nop,nop,TS val 2572754376 ecr 203939666], length 1440
15:03:56.680333 IP 87.234.51.229.50586 > 89.149.225.137.https: Flags [.], ack 7671, win 500, options [nop,nop,TS val 203940132 ecr 2572754376], length 0
15:03:56.680412 IP 89.149.225.137.https > 87.234.51.229.50586: Flags [P.], seq 7671:8148, ack 727, win 505, options [nop,nop,TS val 2572754376 ecr 203939666], length 477
15:03:56.680415 IP 87.234.51.229.50586 > 89.149.225.137.https: Flags [.], ack 8148, win 507, options [nop,nop,TS val 203940132 ecr 2572754376], length 0
15:03:56.680581 IP 87.234.51.229.50586 > 89.149.225.137.https: Flags [P.], seq 727:751, ack 8148, win 511, options [nop,nop,TS val 203940132 ecr 2572754376], length 24
15:03:56.680631 IP 87.234.51.229.50586 > 89.149.225.137.https: Flags [F.], seq 751, ack 8148, win 511, options [nop,nop,TS val 203940132 ecr 2572754376], length 0
15:03:56.691997 IP srv.hueske-edv.de.ntp > 87.234.51.229.ntp: NTPv4, Server, length 48
15:03:56.704096 IP 89.149.225.137.https > 87.234.51.229.50586: Flags [P.], seq 8148:8172, ack 751, win 505, options [nop,nop,TS val 2572754401 ecr 203940132], length 24
15:03:56.704104 IP 87.234.51.229.50586 > 89.149.225.137.https: Flags [R], seq 209675390, win 0, length 0
15:03:56.704106 IP 89.149.225.137.https > 87.234.51.229.50586: Flags [F.], seq 8172, ack 751, win 505, options [nop,nop,TS val 2572754401 ecr 203940132], length 0
15:03:56.712245 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 6314:7766, ack 1944, win 16385, length 1452
15:03:56.712323 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 7766:8966, ack 1944, win 16385, length 1200
15:03:56.712452 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 8966:10418, ack 1944, win 16385, length 1452
15:03:56.712577 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 10418:11870, ack 1944, win 16385, length 1452
15:03:56.712603 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 10418, win 1029, length 0
15:03:56.712698 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 11870:13322, ack 1944, win 16385, length 1452
15:03:56.712821 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 13322:14774, ack 1944, win 16385, length 1452
15:03:56.712832 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 11870, win 1029, length 0
15:03:56.712938 IP 87.234.51.229.15951 > rns.ui-dns.com.domain: 38624% [1au] A? 213.35.132.185.in-addr.arpa. (56)
15:03:56.712945 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 14774:16226, ack 1944, win 16385, length 1452
15:03:56.713025 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 16226:17187, ack 1944, win 16385, length 961
15:03:56.713129 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 14774, win 1029, length 0
15:03:56.713150 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 17187:18639, ack 1944, win 16385, length 1452
15:03:56.714602 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 18639:20091, ack 1944, win 16385, length 1452
15:03:56.714709 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 20091:21543, ack 1944, win 16385, length 1452
15:03:56.714823 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 21543:22912, ack 1944, win 16385, length 1369
15:03:56.714947 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 22912:24364, ack 1944, win 16385, length 1452
15:03:56.715070 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 24364:25816, ack 1944, win 16385, length 1452
15:03:56.715193 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 25816:27268, ack 1944, win 16385, length 1452
15:03:56.715316 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 27268:28720, ack 1944, win 16385, length 1452
15:03:56.715438 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 28720:30172, ack 1944, win 16385, length 1452
15:03:56.715525 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 30172:31133, ack 1944, win 16385, length 961
15:03:56.715645 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 31133:32585, ack 1944, win 16385, length 1452
15:03:56.715767 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 32585:34037, ack 1944, win 16385, length 1452
15:03:56.715890 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 34037:35489, ack 1944, win 16385, length 1452
15:03:56.715893 IP 89.149.225.137.https > 87.234.51.229.50586: Flags [.], ack 752, win 505, options [nop,nop,TS val 2572754410 ecr 203940132], length 0
15:03:56.725488 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 28720, win 1029, length 0
15:03:56.726379 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 35489:36941, ack 1944, win 16385, length 1452
15:03:56.726485 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 36941:38393, ack 1944, win 16385, length 1452
15:03:56.726608 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 38393:39845, ack 1944, win 16385, length 1452
15:03:56.726731 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 39845:41297, ack 1944, win 16385, length 1452
15:03:56.726854 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 41297:42749, ack 1944, win 16385, length 1452
15:03:56.726976 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 42749:44201, ack 1944, win 16385, length 1452
15:03:56.727099 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 44201:45653, ack 1944, win 16385, length 1452
15:03:56.727222 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 45653:47105, ack 1944, win 16385, length 1452
15:03:56.728278 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 47105:48557, ack 1944, win 16385, length 1452
15:03:56.728385 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 48557:50009, ack 1944, win 16385, length 1452
15:03:56.728507 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 50009:51461, ack 1944, win 16385, length 1452
15:03:56.731431 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 38393, win 1029, length 0
15:03:56.732276 IP rns.ui-dns.com.domain > 87.234.51.229.15951: 38624*- 0/1/1 (121)
15:03:56.732310 IP 87.234.51.229.37036 > rns.ui-dns.org.domain: 49221% [1au] PTR? 213.35.132.185.in-addr.arpa. (56)
15:03:56.738379 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 51461:52913, ack 1944, win 16385, length 1452
15:03:56.738485 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 52913:54365, ack 1944, win 16385, length 1452
15:03:56.738608 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 54365:55817, ack 1944, win 16385, length 1452
15:03:56.738731 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 55817:57269, ack 1944, win 16385, length 1452
15:03:56.738853 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 57269:58721, ack 1944, win 16385, length 1452
15:03:56.738976 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 58721:60173, ack 1944, win 16385, length 1452
15:03:56.739099 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 60173:61625, ack 1944, win 16385, length 1452
15:03:56.739221 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 61625:63077, ack 1944, win 16385, length 1452
15:03:56.739344 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 63077:64529, ack 1944, win 16385, length 1452
15:03:56.739467 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 64529:65981, ack 1944, win 16385, length 1452
15:03:56.739589 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 65981:67433, ack 1944, win 16385, length 1452
15:03:56.740350 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 67433:68885, ack 1944, win 16385, length 1452
15:03:56.740457 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 68885:70337, ack 1944, win 16385, length 1452
15:03:56.740580 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 70337:71789, ack 1944, win 16385, length 1452
15:03:56.740702 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 71789:73241, ack 1944, win 16385, length 1452
15:03:56.740825 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 73241:74693, ack 1944, win 16385, length 1452
15:03:56.740948 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 74693:76145, ack 1944, win 16385, length 1452
15:03:56.741071 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 76145:77597, ack 1944, win 16385, length 1452
15:03:56.742084 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 52913, win 1029, length 0
15:03:56.742815 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 67433, win 1029, length 0
15:03:56.742819 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 77597, win 1029, length 0
15:03:56.744457 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 77597:79049, ack 1944, win 16385, length 1452
15:03:56.744580 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 79049:80501, ack 1944, win 16385, length 1452
15:03:56.744703 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 80501:81953, ack 1944, win 16385, length 1452
15:03:56.744825 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 81953:83405, ack 1944, win 16385, length 1452
15:03:56.744948 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 83405:84857, ack 1944, win 16385, length 1452
15:03:56.745071 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 84857:86309, ack 1944, win 16385, length 1452
15:03:56.745193 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 86309:87761, ack 1944, win 16385, length 1452
15:03:56.745316 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 87761:89213, ack 1944, win 16385, length 1452
15:03:56.745439 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 89213:90665, ack 1944, win 16385, length 1452
15:03:56.745562 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 90665:92117, ack 1944, win 16385, length 1452
15:03:56.745684 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 92117:93569, ack 1944, win 16385, length 1452
15:03:56.746376 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 93569:95021, ack 1944, win 16385, length 1452
15:03:56.746484 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 95021:96473, ack 1944, win 16385, length 1452
15:03:56.746582 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 96473:97687, ack 1944, win 16385, length 1214
15:03:56.750283 IP rns.ui-dns.org.domain > 87.234.51.229.37036: 49221*- 1/0/1 PTR rns.ui-dns.org. (84)
15:03:56.750560 IP 87.234.51.229.25364 > rns.ui-dns.de.domain: 50123% [1au] A? 82.160.217.in-addr.arpa. (52)
15:03:56.756399 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 97687:99139, ack 1944, win 16385, length 1452
15:03:56.756506 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 99139:100591, ack 1944, win 16385, length 1452
15:03:56.756629 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 100591:102043, ack 1944, win 16385, length 1452
15:03:56.756752 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [.], seq 102043:103495, ack 1944, win 16385, length 1452
15:03:56.756862 IP 52.123.129.14.https > 87.234.51.229.23087: Flags [P.], seq 103495:104822, ack 1944, win 16385, length 1327
15:03:56.759363 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 92117, win 1029, length 0
15:03:56.764311 IP rns.ui-dns.de.domain > 87.234.51.229.25364: 50123*- 0/1/1 (117)
15:03:56.764351 IP 87.234.51.229.29501 > rns.ui-dns.de.domain: 52951% [1au] A? 213.82.160.217.in-addr.arpa. (56)
15:03:56.769462 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 103495, win 1029, length 0
15:03:56.788386 IP rns.ui-dns.de.domain > 87.234.51.229.29501: 52951*- 0/1/1 (121)
15:03:56.788469 IP 87.234.51.229.23038 > rns.ui-dns.com.domain: 24877% [1au] PTR? 213.82.160.217.in-addr.arpa. (56)
15:03:56.797616 IP 87.234.51.229.7510 > 104.18.21.152.https: Flags [.], seq 70:71, ack 43, win 1024, length 1
15:03:56.810385 IP 104.18.21.152.https > 87.234.51.229.7510: Flags [.], ack 71, win 9, options [nop,nop,sack 1 {70:71}], length 0
15:03:56.812474 IP rns.ui-dns.com.domain > 87.234.51.229.23038: 24877*- 1/0/1 PTR rns.ui-dns.com. (84)
15:03:56.812755 IP 87.234.51.229.30359 > rns.ui-dns.org.domain: 39501% [1au] A? 83.160.217.in-addr.arpa. (52)
15:03:56.815620 IP 87.234.51.229.23087 > 52.123.129.14.https: Flags [.], ack 104822, win 1024, length 0
15:03:56.826528 IP rns.ui-dns.org.domain > 87.234.51.229.30359: 39501*- 0/1/1 (117)
15:03:56.826562 IP 87.234.51.229.36828 > rns.ui-dns.org.domain: 64876% [1au] A? 213.83.160.217.in-addr.arpa. (56)
15:03:56.828844 IP 87.234.51.229.22768 > 172.25.31.231.snmp:  GetRequest(103)  43.8.2.1.18.1.1 43.8.2.1.18.1.2 43.8.2.1.18.1.3 43.8.2.1.18.1.4 43.8.2.1.18.1.5
15:03:56.832616 IP 87.234.51.229.40045 > 145.243.92.123.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832691 IP 87.234.51.229.40045 > 145.243.92.123.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832694 IP 87.234.51.229.40045 > 145.243.92.123.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832698 IP 87.234.51.229.60460 > 145.243.92.125.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832701 IP 87.234.51.229.60460 > 145.243.92.125.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832781 IP 87.234.51.229.60460 > 145.243.92.125.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832784 IP 87.234.51.229.60460 > 145.243.92.125.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832787 IP 87.234.51.229.60460 > 145.243.92.125.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832799 IP 87.234.51.229.22276 > 145.243.92.99.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832874 IP 87.234.51.229.22768 > 172.25.31.231.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832877 IP 87.234.51.229.22768 > 172.25.31.231.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832880 IP 87.234.51.229.22768 > 172.25.31.231.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832888 IP 87.234.51.229.22768 > 172.25.31.231.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832964 IP 87.234.51.229.64388 > 145.243.92.25.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832967 IP 87.234.51.229.20309 > 145.243.92.57.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.832970 IP 87.234.51.229.22768 > 172.25.31.231.snmp:  GetRequest(64)  25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1
15:03:56.840573 IP rns.ui-dns.org.domain > 87.234.51.229.36828: 64876*- 0/1/1 (121)
15:03:56.840601 IP 87.234.51.229.40542 > rns.ui-dns.org.domain: 856% [1au] PTR? 213.83.160.217.in-addr.arpa. (56)
15:03:56.842769 IP crmfra41-et-3.as20676.net > 87.234.51.229: ICMP net 172.25.31.231 unreachable, length 36
15:03:56.846675 IP crmfra41-et-3.as20676.net > 87.234.51.229: ICMP net 172.25.31.231 unreachable, length 36
15:03:56.846677 IP crmfra41-et-3.as20676.net > 87.234.51.229: ICMP net 172.25.31.231 unreachable, length 36
15:03:56.846679 IP crmfra41-et-3.as20676.net > 87.234.51.229: ICMP net 172.25.31.231 unreachable, length 36
15:03:56.846680 IP crmfra41-et-3.as20676.net > 87.234.51.229: ICMP net 172.25.31.231 unreachable, length 36
15:03:56.846758 IP crmfra41-et-3.as20676.net > 87.234.51.229: ICMP net 172.25.31.231 unreachable, length 36
15:03:56.864727 IP rns.ui-dns.org.domain > 87.234.51.229.40542: 856*- 1/0/1 PTR rns.ui-dns.org. (84)
15:03:56.864971 IP 87.234.51.229.20400 > rns.ui-dns.biz.domain: 40113% [1au] A? 213.34.132.185.in-addr.arpa. (56)
15:03:56.874680 IP imap.1und1.de.imaps > 87.234.51.229.63071: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:56.880744 IP imap.1und1.de.imaps > 87.234.51.229.63069: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:56.884680 IP imap.1und1.de.imaps > 87.234.51.229.63067: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:56.888798 IP rns.ui-dns.biz.domain > 87.234.51.229.20400: 40113*- 0/1/1 (121)
15:03:56.888800 IP imap.1und1.de.imaps > 87.234.51.229.63068: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:56.888861 IP 87.234.51.229.8749 > rns.ui-dns.com.domain: 22168% [1au] PTR? 213.34.132.185.in-addr.arpa. (56)
15:03:56.890967 IP imap.1und1.de.imaps > 87.234.51.229.63066: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:56.898742 IP 150.171.29.11.https > 87.234.51.229.60694: Flags [S.], seq 547332288, ack 1935444368, win 65535, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
15:03:56.902857 IP rns.ui-dns.com.domain > 87.234.51.229.8749: 22168*- 1/0/1 PTR rns.ui-dns.com. (84)
15:03:56.902915 IP 87.234.51.229.16472 > rns.ui-dns.de.domain: 51621% [1au] PTR? 213.34.132.185.in-addr.arpa. (56)
15:03:56.926891 IP rns.ui-dns.de.domain > 87.234.51.229.16472: 51621*- 1/0/1 PTR rns.ui-dns.com. (84)
15:03:56.927133 IP 87.234.51.229.13727 > rns.ui-dns.org.domain: 20930% [1au] A? 213.33.132.185.in-addr.arpa. (56)
15:03:56.942885 IP 20.190.160.4.https > 87.234.51.229.60695: Flags [S.], seq 2066593438, ack 2056995772, win 65535, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
15:03:56.950988 IP rns.ui-dns.org.domain > 87.234.51.229.13727: 20930*- 0/1/1 (121)
15:03:56.951033 IP 87.234.51.229.37539 > rns.ui-dns.org.domain: 65357% [1au] PTR? 213.33.132.185.in-addr.arpa. (56)
15:03:56.979062 IP rns.ui-dns.org.domain > 87.234.51.229.37539: 65357*- 1/0/1 PTR rns.ui-dns.biz. (84)
15:03:56.979112 IP 87.234.51.229.41108 > rns.ui-dns.de.domain: 54534% [1au] PTR? 213.33.132.185.in-addr.arpa. (56)
15:03:57.003145 IP rns.ui-dns.de.domain > 87.234.51.229.41108: 54534*- 1/0/1 PTR rns.ui-dns.biz. (84)
15:03:57.003177 IP 87.234.51.229.28242 > rns.ui-dns.biz.domain: 61536% [1au] PTR? 213.33.132.185.in-addr.arpa. (56)
15:03:57.027270 IP rns.ui-dns.biz.domain > 87.234.51.229.28242: 61536*- 1/0/1 PTR rns.ui-dns.biz. (84)
15:03:57.027599 IP 87.234.51.229.32325 > rns.ui-dns.de.domain: 37385% [1au] A? 81.160.217.in-addr.arpa. (52)
15:03:57.035221 IP 89.248.163.51.45735 > 87.234.51.229.60800: Flags [S], seq 3927873969, win 1024, length 0
15:03:57.057312 IP rns.ui-dns.de.domain > 87.234.51.229.32325: 37385*- 0/1/1 (117)
15:03:57.057382 IP 87.234.51.229.65508 > rns.ui-dns.biz.domain: 41258% [1au] PTR? 213.81.160.217.in-addr.arpa. (56)
15:03:57.081385 IP rns.ui-dns.biz.domain > 87.234.51.229.65508: 41258*- 1/0/1 PTR rns.ui-dns.biz. (84)
15:03:57.081622 IP 87.234.51.229.7556 > ns-gce-public4.googledomains.com.domain: 20176% [1au] A? 80.190.35.in-addr.arpa. (51)
15:03:57.095867 IP port-87-234-51-225.static.as20676.net.domain > 87.234.51.229.38715: 30192 7/0/0 CNAME edge-cloud-resource-static.azureedge.net., CNAME edge-cloud-resource-static.afd.azureedge.net., CNAME azureedge-t-prod.trafficmanager.net., CNAME shed.dual-low.s-part-0017.t-0009.t-msedge.net., CNAME azurefd-t-fb-prod.trafficmanager.net., CNAME dual.s-part-0017.t-0009.fb-t-msedge.net., CNAME s-part-0017.t-0009.fb-t-msedge.net. (340)
15:03:57.103536 IP imap.1und1.de.imaps > 87.234.51.229.63071: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:57.103538 IP ns-gce-public4.googledomains.com.domain > 87.234.51.229.7556: 20176*- 0/1/1 (147)
15:03:57.103580 IP 87.234.51.229.10857 > ns-gce-public4.googledomains.com.domain: 65149% [1au] A? 1.80.190.35.in-addr.arpa. (53)
15:03:57.106365 IP port-87-234-51-225.static.as20676.net.domain > 87.234.51.229.17109: 54717 8/0/0 CNAME edge-cloud-resource-static.azureedge.net., CNAME edge-cloud-resource-static.afd.azureedge.net., CNAME azureedge-t-prod.trafficmanager.net., CNAME shed.dual-low.s-part-0017.t-0009.t-msedge.net., CNAME azurefd-t-fb-prod.trafficmanager.net., CNAME dual.s-part-0017.t-0009.fb-t-msedge.net., CNAME s-part-0017.t-0009.fb-t-msedge.net., A 13.107.253.45 (356)
15:03:57.111470 IP imap.1und1.de.imaps > 87.234.51.229.63067: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:57.113534 IP imap.1und1.de.imaps > 87.234.51.229.63069: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:57.117462 IP imap.1und1.de.imaps > 87.234.51.229.63068: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:57.119633 IP dns.google.domain > 87.234.51.229.17109: 54717 9/0/0 CNAME edge-cloud-resource-static.azureedge.net., CNAME edge-cloud-resource-static.afd.azureedge.net., CNAME azureedge-t-prod.trafficmanager.net., CNAME shed.dual-low.s-part-0017.t-0009.t-msedge.net., CNAME azurefd-t-fb-prod.trafficmanager.net., CNAME dual.s-part-0017.t-0009.fb-t-msedge.net., CNAME global-entry-fb-afdthirdparty-unicast.trafficmanager.net., CNAME cai30r9a.msedge.net., A 104.212.67.197 (424)
15:03:57.119711 IP dns.google.domain > 87.234.51.229.38715: 30192 7/1/0 CNAME edge-cloud-resource-static.azureedge.net., CNAME edge-cloud-resource-static.afd.azureedge.net., CNAME azureedge-t-prod.trafficmanager.net., CNAME shed.dual-low.s-part-0017.t-0009.t-msedge.net., CNAME azurefd-t-fb-prod.trafficmanager.net., CNAME dual.s-part-0017.t-0009.fb-t-msedge.net., CNAME s-part-0017.t-0009.fb-t-msedge.net. (400)
15:03:57.123507 IP imap.1und1.de.imaps > 87.234.51.229.63066: Flags [FP.], seq 0:31, ack 2, win 501, length 31
15:03:57.125533 IP ns-gce-public4.googledomains.com.domain > 87.234.51.229.10857: 65149*- 0/1/1 (149)
15:03:57.125559 IP 87.234.51.229.37862 > ns-gce-public1.googledomains.com.domain: 55486% [1au] PTR? 1.80.190.35.in-addr.arpa. (53)
15:03:57.137486 IP fra24s08-in-f10.1e100.net.https > 87.234.51.229.24462: Flags [P.], seq 164:246, ack 1, win 1049, length 82
15:03:57.147610 IP ns-gce-public1.googledomains.com.domain > 87.234.51.229.37862: 55486*- 1/0/1 PTR 1.80.190.35.bc.googleusercontent.com. (103)
15:03:57.148285 IP 87.234.51.229.51306 > ns-755.awsdns-30.net.domain: 694% [1au] A? 195.195.251.205.in-addr.arpa. (57)
15:03:57.161649 IP ns-755.awsdns-30.net.domain > 87.234.51.229.51306: 694*-$ 0/1/1 (142)
15:03:57.161681 IP 87.234.51.229.52125 > ns-755.awsdns-30.net.domain: 44695% [1au] PTR? 195.195.251.205.in-addr.arpa. (57)
15:03:57.175733 IP ns-755.awsdns-30.net.domain > 87.234.51.229.52125: 44695*-$ 1/4/1 PTR ns-963.awsdns-56.net. (228)
15:03:57.175976 IP 87.234.51.229.27098 > ns-1140.awsdns-14.org.domain: 5520% [1au] A? 251.193.251.205.in-addr.arpa. (57)
15:03:57.189714 IP a23-207-210-147.deploy.static.akamaitechnologies.com.https > 87.234.51.229.62995: Flags [FP.], seq 0:24, ack 1, win 503, length 24
15:03:57.191810 IP 87.234.51.229.24462 > fra24s08-in-f10.1e100.net.https: Flags [.], ack 246, win 1024, length 0
15:03:57.203803 IP ns-1140.awsdns-14.org.domain > 87.234.51.229.27098: 5520*-$ 0/1/1 (142)
^C15:03:57.203834 IP 87.234.51.229.46425 > 205.251.198.210.domain: 35562% [1au] PTR? 251.193.251.205.in-addr.arpa. (57)
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: Patrick M. Hausen on May 13, 2025, 03:11:12 PM
Something internal to your network is trying to reach 172.25.31.231 - possibly they do not like it.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 03:41:34 PM
172.25.31.231 is my printer. This errors are the reason why the connections close?

I have phone with the ISP. He said me, that the connection to the router is ok and their ist nothing wat closed the connection.

I have start the router new, but it is the same thing. The connectoin closed after a few time.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: BeTZe313 on May 13, 2025, 04:21:39 PM
I think i have done it. From my ISP i have 5 Static IPs and i now change to a other IP and since this, i have internet on the OPN without connection break.

Thank you for your help.
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: EricPerl on May 13, 2025, 09:09:47 PM
Can you share a screenshot of the "Interfaces > Overview" page?
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: Patrick M. Hausen on May 13, 2025, 09:25:56 PM
Quote from: BeTZe313 on May 13, 2025, 03:41:34 PM172.25.31.231 is my printer.

How so, if your LAN is 10.0.0.0/24? Do you have more than one internal network segment?
Title: Re: Fresh Installation with static IP - No Ping and update
Post by: meyergru on May 13, 2025, 11:12:51 PM
For a target, that is not even neccessary: You only have to have something configured on a PC that was once connected to another network segment. I found some IoT devices trying to contact RFC1918 IPs, probably to fetch configuration data or updates via TFTP.

Whatever it is, the outcome is always the same: Since OpnSense is the default gateway, any non-configured subnet will be sent off to the default gateway (i.e. WAN). I had one ISP who shortly disconnected the WAN when they detected this. And guess what: I asked theie tech support and they did not know anything about it. It was only after I took care of those IPs, that I experienced no more outages.

That is why I always use an outbound rule on WAN that blocks anything with RFC1918 as its target. You only have to take care when you want to access an ONT or modem on WAN - that rule must come before the block.
Text only | Text with Images