OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: twalk on November 22, 2017, 09:11:10 pm
-
I just installed the latest OPNsense. I did an update and that went fine, so WAN has access to the internet. I can access the firewall from the LAN side. The firewall rules are the default on install, with the IPv4 LAN net to anywhere default rule. This is right after the install. So why can't I access the internet from a machine on LAN?
-
Hi!
Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.
Cheers!
-
Did you check the firewall logs? Try filtering the blocked traffic on the interface.
Then you can add a rule by clicking on the red cross to pass that traffic: it adds an easy rule.
Check if that works and proceed from there
-
Hi!
Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.
Cheers!
That did it! Thank you, thank you, thank you
-
Hi!
Your post is a little bit vague, but I would recommend you to check in Services -> Unbound -> Advanced if you have Harden DNSSEC Data checked. If so, uncheck it, and it should work; if it's still not working, try to disable DNSSEC completely, in Services -> Unbound -> General: most ISP's DNS servers don't cope well with DNSSEC, especially if hardened.
Cheers!
That did it! Thank you, thank you, thank you
You're very welcome, glad it worked! :)
@franco, maybe it would be a good idea to include in the wizard the DNS resolving steps, and if there are problems with DNSSEC, to present the user a step for disabling hardened DNSSEC data, and eventually, DNSSEC completely.
Otherwise, maybe DNSSEC hardened data disabled by default during install?
-
Hi hutiucip,
We shouldn't provide less secure environments, but the initial DNS settings flip in the wizard is something we could do. Can you add a ticket to GitHub?
https://github.com/opnsense/core/issues
Thank you,
Franco
-
Hi hutiucip,
We shouldn't provide less secure environments, but the initial DNS settings flip in the wizard is something we could do. Can you add a ticket to GitHub?
https://github.com/opnsense/core/issues
Thank you,
Franco
Hi Franco!
Just did it: https://github.com/opnsense/core/issues/1962
Thank you again!