OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: Micke on October 24, 2018, 04:20:07 am

Title: No internet on LAN
Post by: Micke on October 24, 2018, 04:20:07 am
Hi!

Been working with pfSense for quite a while and decided to give OpnSense a try. Installation/first setup went smooth, have assigned NICs as:

em0 - WAN - DHCP 192.168.254.254/24
em1 - LAN - DHCP 192.168.225.1/24

1 Gateway "ONLINE" for WAN with address 192.168.254.254   .

For some reason I won't be connected to internet via LAN it won't just work. I can login to the WebGUI and have had a look around. First I checked the NAT/Outbound settings as well as the firewall. I added a rule on WAN to allow traffic from LAN IPv4 to "any". No difference, still no internet.

OpnSense however are connected to internet, updated to last version without any problem. I can ping etc.

No idea what I'm doing wrong, ended up with disabling NAT, I disabled the firewall (packet filtering OFF) but still no connection to internet.

I'm very close of just giving up, can't find any information online, my setup is according to the docs.

Any help appreciated, thanks!
Title: Re: No internet on LAN
Post by: hutiucip on October 24, 2018, 10:58:44 am
LE: Ah... One more thing: in Unbound DNS try to set ”Enable Forwarding Mode” to ON. Start with that one!!! (!)

Hi!

Try to disable 1. Harden DNSSEC data, and if it's not enough, try to disable 2. DNSSEC Support, both in Unbound DNS.

Get back and confirm it helped or didn't. :)
Tschuss!
Title: Re: No internet on LAN
Post by: Micke on October 26, 2018, 01:09:14 am
Thanks for your reply!

I started from the beginning by restoring to factory defaults, did a setup just like my previous one, and this time internet was working on first login, very strange I must say..

However, I discovered the "vouchers engine" in OpnSense isn't vouchers at all, but username and passwords (just like the radius autentication). The whole point with vouchers is that they are easy to use, maintain etc. When testing the vouchers in OpnSense I just realized it'll be too hard on the intented customers for this setup, that's why I 'll go with pfSense this time.

Hope the devs can fix this, a voucher should be a voucher with a 5-6 character code, not require a full username and password.
Title: Re: No internet on LAN
Post by: franco on October 26, 2018, 07:39:33 am
Hi Micke,

Just to manage expectations: commercial and open captive portals can actually work like this. It's a matter of taste for sure. For OPNsense there is nothing to fix here. We've been happy with the rewrite ever since it was done in 2016, especially in terms of stability and API-enabled operation.


Cheers,
Franco
Title: Re: No internet on LAN
Post by: Micke on October 26, 2018, 07:44:19 am
Didn't mean like that, not at all, I'm impressed with what I saw (except the fact that I couldn't get internet through), just saying for the client where I'm putting this up, I have to run pfSense since they have an easy way to let guests autenticate using vouchers. Nothing bad to say, just not the right router software in this particular case.
Title: Re: No internet on LAN
Post by: franco on October 26, 2018, 07:59:23 am
I agree, no worries. I just wanted to respond to your sentiment "hope the devs can fix this".

We've had people who built their own CP page that only offers one input box. You split the input, e.g. 6 characters to 3 for username and 3 for password. Since it's JavaScript/API that's perfectly possible.

The only real downside of username+password is that with short usernames you don't get millions of vouchers as the combinations for 3 characters are limited. :)

The plus side, just to be fair, is that it allows proper user account modelling all around the captive portal so you can login with LDAP, local OPNsense users (with or without 2FA), RADIUS, etc. The authentication framework is fully pluggable as well so social logins are a possibility for the daring.


Cheers,
Franco
Title: Re: No internet on LAN
Post by: Micke on October 26, 2018, 08:09:01 am
"hope the devs can fix this"

- Sorry, was clumbpy of me saying so.

The system I'm setting up is using guest authentication over FreeRadius, hosted on a Raspberry Pi in the network. It's used for handling stay-in guests in a hotel. The voucher auth is used only be restaurant guest, i.e. lunch guests or people in need of a 2 hous pass or so.

That's the reason why I need a simple voucher system with an actual voucher. Like I said, OpnSense looked great at a glance, pretty GUI and everything, but in my case I won't be able to use it until there is a plugin or similar like the voucher option in pfS.
Title: Re: No internet on LAN
Post by: franco on October 26, 2018, 08:24:44 am
Understood. :)