OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: weberbn on February 19, 2018, 08:40:26 pm

Title: 18.1.2_2 Won't route traffic to differant subnets
Post by: weberbn on February 19, 2018, 08:40:26 pm

I recently updated (after testing at home) a system to 18.1.2_2 and now am faced with issues routing internet traffic (internal traffic routes fine) to a remote subnet. The subnet that the system in question sits on is 10.1.0.0/24 and the subnet that it no longer will route internet traffic to is 10.3.0.0/24. Keep in mind, this is a network that has been up and running for years. No changes where made besides updating from 18.1 to 18.1.2_2.

What is curious is that ALL other traffic (any type of internal traffic) works fine. I can ping, tracert, RDP, use internal webpages etc between the two parts of the network. The OpenVPN works fine, the IPsec VPN that ties the network to my house (for remote backups of our VMware system) works fine. Devices from the 10.1.0.0/24 subnet can access the internet fine as well.

Does anyone know if there is a bug with static routes or if some portion of their setup changed due to the update? I can (and will) provide any logs necessary to help trouble shoot this thing.

Title: Re: 18.1.2_2 Won't route traffic to differant subnets
Post by: elektroinside on February 19, 2018, 08:52:03 pm

Are your firewall rules set up correctly, eg. you're allowing / not blocking traffic from the internet to that subnet?
Is your DNS accessible from that subnet?

Title: Re: 18.1.2_2 Won't route traffic to differant subnets
Post by: weberbn on February 19, 2018, 09:02:00 pm

1) Firewall- My first thought as well. There are no rules blocking any traffic on the LAN. There are no rules on the WAN specifically blocking traffic to this subnet. Like I said, all forms of internal traffic work fine. Its just when this subnet attempts to access things not on our local network. Its like the router doesn't think its allowed to route outside traffic to this subnet. It has a proper static route that should be taking care of this, and it does for traffic that originates from inside our network.

2)DNS is fully functional. I can run nslookup from things in the 10.3.0.0/24 subnet and get correct results. Even for things outside our network. If DNS wasn't working, I suspect I would see AD failures too.

Title: Re: 18.1.2_2 Won't route traffic to differant subnets
Post by: elektroinside on February 19, 2018, 09:25:35 pm

Take a look at your firewall logs (Firewall: Log Files: Live View) while trying to browse the internet.
Are there any blocked connections from that subnet?

Title: Re: 18.1.2_2 Won't route traffic to differant subnets
Post by: weberbn on February 19, 2018, 11:41:34 pm

Did that, filtered by data coming from ip's in the 10.3.0.0 range and saw exactly zero things being blocked.

I'm serious stumped as to what the heck is going on with this issue.

Title: Re: 18.1.2_2 Won't route traffic to differant subnets
Post by: elektroinside on February 20, 2018, 07:55:10 am

Take a look at this:
https://forum.opnsense.org/index.php?topic=7364.0

Maybe you should replace your LAN nets with CIDR as well in your rules. And don't forget to enable logging on all of them, otherwise, alerts will not be logged for that rule.

Title: Re: 18.1.2_2 Won't route traffic to differant subnets
Post by: weberbn on February 20, 2018, 03:22:36 pm

Did the CIDR trick, no dice.

Tried contacting the paid support line and have not heard back from them. Anyone know what time zone they are in etc?