OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: twalk on November 22, 2017, 09:11:10 pm

Title: [SOLVED] Just installed OPNsense... So why can't I access the internet from LAN?
Post by: twalk on November 22, 2017, 09:11:10 pm: I just installed the latest OPNsense. I did an update and that went fine, so WAN has access to the internet. I can access the firewall from the LAN side. The firewall rules are the default on install, with the IPv4 LAN net to anywhere default rule. This is right after the install. So why can't I access the internet from a machine on LAN?
Title: Re: Just installed OPNsense... So why can't I access the internet from LAN?
Post by: Ciprian on November 22, 2017, 10:03:33 pm: Hi!

Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.

Cheers!
Title: Re: Just installed OPNsense... So why can't I access the internet from LAN?
Post by: heyudude on November 22, 2017, 10:03:47 pm: Did you check the firewall logs? Try filtering the blocked traffic on the interface.

Then you can add a rule by clicking on the red cross to pass that traffic: it adds an easy rule.
Check if that works and proceed from there
Title: Re: Just installed OPNsense... So why can't I access the internet from LAN?
Post by: twalk on November 22, 2017, 10:50:04 pm: Quote from: hutiucip on November 22, 2017, 10:03:33 pm
Hi!

Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.

Cheers!

That did it! Thank you, thank you, thank you
Title: Re: [SOLVED] Just installed OPNsense... So why can't I access the internet from LAN?
Post by: Ciprian on November 23, 2017, 08:56:04 am: Quote from: twalk on November 22, 2017, 10:50:04 pm
Quote from: hutiucip on November 22, 2017, 10:03:33 pm
Hi!

Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.

Cheers!

That did it! Thank you, thank you, thank you

You're very welcome, glad it worked! :)

@franco, maybe it would be a good idea to include in the wizard the DNS resolving steps, and if there are problems with DNSSEC, to present the user a step for disabling hardened DNSSEC data, and eventually, DNSSEC completely.

Otherwise, maybe DNSSEC hardened data disabled by default during install?
Title: Re: [SOLVED] Just installed OPNsense... So why can't I access the internet from LAN?
Post by: franco on November 23, 2017, 11:14:41 am: Hi hutiucip,

We shouldn't provide less secure environments, but the initial DNS settings flip in the wizard is something we could do. Can you add a ticket to GitHub?

https://github.com/opnsense/core/issues

Thank you,
Franco
Title: Re: [SOLVED] Just installed OPNsense... So why can't I access the internet from LAN?
Post by: Ciprian on November 27, 2017, 10:12:07 am: Quote from: franco on November 23, 2017, 11:14:41 am
Hi hutiucip,

We shouldn't provide less secure environments, but the initial DNS settings flip in the wizard is something we could do. Can you add a ticket to GitHub?

https://github.com/opnsense/core/issues

Thank you,
Franco

Hi Franco!

Just did it: https://github.com/opnsense/core/issues/1962

Thank you again!