I recently updated (after testing at home) a system to 18.1.2_2 and now am faced with issues routing internet traffic (internal traffic routes fine) to a remote subnet. The subnet that the system in question sits on is 10.1.0.0/24 and the subnet that it no longer will route internet traffic to is 10.3.0.0/24. Keep in mind, this is a network that has been up and running for years. No changes where made besides updating from 18.1 to 18.1.2_2.
What is curious is that ALL other traffic (any type of internal traffic) works fine. I can ping, tracert, RDP, use internal webpages etc between the two parts of the network. The OpenVPN works fine, the IPsec VPN that ties the network to my house (for remote backups of our VMware system) works fine. Devices from the 10.1.0.0/24 subnet can access the internet fine as well.
Does anyone know if there is a bug with static routes or if some portion of their setup changed due to the update? I can (and will) provide any logs necessary to help trouble shoot this thing.
Are your firewall rules set up correctly, eg. you're allowing / not blocking traffic from the internet to that subnet?
Is your DNS accessible from that subnet?
1) Firewall- My first thought as well. There are no rules blocking any traffic on the LAN. There are no rules on the WAN specifically blocking traffic to this subnet. Like I said, all forms of internal traffic work fine. Its just when this subnet attempts to access things not on our local network. Its like the router doesn't think its allowed to route outside traffic to this subnet. It has a proper static route that should be taking care of this, and it does for traffic that originates from inside our network.
2)DNS is fully functional. I can run nslookup from things in the 10.3.0.0/24 subnet and get correct results. Even for things outside our network. If DNS wasn't working, I suspect I would see AD failures too.
Take a look at your firewall logs (Firewall: Log Files: Live View) while trying to browse the internet.
Are there any blocked connections from that subnet?
Did that, filtered by data coming from ip's in the 10.3.0.0 range and saw exactly zero things being blocked.
I'm serious stumped as to what the heck is going on with this issue.
Take a look at this:
https://forum.opnsense.org/index.php?topic=7364.0
Maybe you should replace your LAN nets with CIDR as well in your rules. And don't forget to enable logging on all of them, otherwise, alerts will not be logged for that rule.
Did the CIDR trick, no dice.
Tried contacting the paid support line and have not heard back from them. Anyone know what time zone they are in etc?