OPNsense Forum
English Forums => High availability => Topic started by: MangledBit on March 25, 2021, 08:31:42 pm
-
Greetings everyone, I'm looking for some help diagnosing WAN IPv4 dropping every 24 to 36 hours. The WAN interface is not considered down when this event occurs. WAN is connected to directly to the modem which connects out to the Internet via fiber. The WAN interface details do not change when I release/renew to restore Internet. That process restores the network connection.
As I understand Metronet does not provide you with a public facing IP address be default. They use what is called Carrier Grade NAT. "Carrier Grade". You end up with a double NAT situation.
Similar netgate topic
https://forum.netgate.com/topic/150572/metronet-fiber-internet-goes-down-roughly-every-24-hours/15
Suggestions how to tweak to make wan properly in sync with the nokia g-010g-a ont modem?
Things that I prefer not to do or cannot do.
- Bridge the modem
- Dedicated IP
- Communicate to the ONT by the webqui or ftp etc.
-
I've been on Metronet for almost 2 years now with no issues but with a static IP. You might call in and ask for their free 1 year static trial option. They sometimes will even reset the trial period for you.
-
I was able to get a year-long promotion free for the static IP. Hopefully that will be enough enough time to figure out another solution. It would be cheaper to buy a VPN in foreword it's traffic through VPN tunnel to the firewall to have a public IP. According to what I'm writing sort like a bastion set up.
I want the firewall to still handle all the traffic from the VPN into treated as just another hop from from the source destination. Nor do I want to forward all the traffic out of the network through the VPN justice services I wish to port forward. Normally bastion is used to filter traffic/logging/antivirus and such. I have that set up on the firewall so no sense in paying for a higher grade VPN to run opnsense. So the question is there an easy way just to simply forward all traffic regardless of ports through the tunnel. I think I would need some sort of proxy to forward all the traffic.
I'm new to professional networking so I'm stretching the limits of my knowledge what's possible in the terms to educate myself further. So any help in that direction would be helpful.
However the issue at hand with the WAN dropping internet every 24 to 36 hours will still be an issue without the static IP. That's the 1st hurdle I need to solve.
-
Did you get this issue resolved? (Your 1 year of static IP would be over by now.) I just started using MetroNet last week, and I've found that I'm having this exact issue with my OPNsense firewall (22.1.9) and the MetroNet Nokia ONT.
I haven't dug through the logs any deeper yet, but it's the same situation. It sounds like I could get a static IP and that would fix it, but it makes no sense to pay for a static IP when I have no other need for it.
I can restart DHCP and resolve it, or disable/enable the interface, or unplug/re-plug the cable, all of which "resolve" the issue for another 24-36 hours.
That other thread indicated a change to dhclient to resolve it, but that was over 2 years ago.
-
I had a similar issue with Metronet after they switched me to CGNAT. Their DHCP relay does not accept unicast renewal requests, it will only accept broadcast requests. What was happening to me was every 24 hours or so my WAN IP was up for renewal, so the gateway would send requests at specified intervals that were ignored by the DHCP relay. So sometimes a broadcast request was made before the lease was up and things would be good, more often than not the lease expired before the broadcast request was sent. The solution is twofold, change the timing for requests, and change how opnsense makes those requests.
On the WAN interface select the advanced client configuration for DHCP, on Presets choose "freebsd default". This may not be necessary depending on how old your install is. In my case the config is over 10 years old and the timings were not the current default. Second, under option modifiers add the following supersede dhcp-server-identifier 255.255.255.255 This will force the DHCP renewal to be sent as a broadcast, which should be picked up by their servers. Why metronet cannot respond to a unicast request like every other ISP out there, I have no idea.