Messages

Here's the solution in case anyone else ever stumbles across this:


At the OPNsense boot screen, escape to loader prompt (option 3), and type the following VERY CAREFULLY (the screen will be jumbled and characters will appear 2 or 3 times in a row, just ignore screen output and type exactly as follows):

Code Select Expand

set hint.uart.0.flags=0x0
set hint.uart.1.flags=0x10
set comconsole_speed=115200
set comconsole_port=0x2F8
set console=comconsole
boot


once booted to live environment and logged in (default root/opnsense) run installer:

Code Select Expand

/usr/local/etc/rc.installer

Cool everyone, thanks for the replies.

I installed v18.1.6 amd 64 nano to an SG-2440.

The problem is that it hangs at "booting..." after a lot of text scrolls by (once it gets past the menu)

What should I do?

Franco, I finally founds some time to read through the notes. Unfortunately there are no instructions for performing the update, only a list of release notes. Do you know of a location to find the instructions?

That worked, thank-you!

Hi Franco, thank-you for your reply. How do I apply the coreboot update? The linked PDF seems to be corrupted and I can't get it to load in Firefox, Reader DC, or Chrome.

I have a Netgate SG-2440 running latest OPNSense 17.1 series.

Cannot for the life of me get wireless working. Radios are on, SSID assigned, etc but the network simply never shows up to any devices.

Is wireless broke in OPNSense (pfsense wireless support is no better..) or am I missing something obvious?

[EDIT]

I seems likely port forwarding is broken and a bug report needs to be filed. How do I get in touch with the dev team? This is a pretty major feature to be broken.

It's not broken just not working for you and hopefully it's just a config problem - all my NAT port forwards are working perfectly (IPv4 public IP and PPPoE).

Are there any errors logged in the System and/or Firewall logs? Blocked connections showing etc. Also, check in the Firewall, Diagnostics and do a Filter Reload, see if anything appears there.

That's good to hear, I think.

Checked the log, no errors about any connections getting dropped on the destination ports.

I do notice something really strange though.

When I do an nslookup on the LAN for my Dynamic DNS, I get one IP address (xx.xx.221.144). But when I go to whatismyip.com or similar sites, I get a completely different IP (xx.xx.209.192). Both are public IP addresses. What is going on??

The OPNSense box is the DNS server for the LAN.

EDIT

So, after doing some "dig"ing (literally...using dig) it appears the Dynamic DNS domain was seized or hijacked by a Google adwords domain. After registering a new DynDNS and flushing all caches, RDP port forwarding is working as intended from the LAN and WAN interfaces.

I suspect that was the issue all along, since my connection profiles are all saved using the Dynamic DNS name instead of the IP.

Thanks to everyone who contributed to the thread, I'll mark it resolved.

Can you show a screencap of the Firewall > Settings > Advanced page?

Sure thing, attached.

Try enabling reflection for port forwards (set to pure nat) and "automatic outbond nat for port forward"

This should allow your LAN to connect to the external ports properly, and test if port forwarding is working in general.

After enabling NAT reflection for port forwards and enabling automatic outbound NAT for port forward, attempting from externally still fails immediately, while attempting from the same network as the target simply times out then fails.

I seems likely port forwarding is broken and a bug report needs to be filed. How do I get in touch with the dev team? This is a pretty major feature to be broken.

Can you show a screencap of the Firewall > Settings > Advanced page?

Sure thing, attached.

When you say "router has a public IP address", are you refering to the OPNsense, or a separate device?

OPNsense

How exactly are you testing the port forwards? From inside the LAN or externally?

Externally from four clients:

1. Windows 7 machine on corporate network

2. Android device using RDP client over T-Mobile network and coffee shop wifi

3. Linux Mint 17.3 x64 laptop over coffee shop wifi, tethered cell, and at a neighbors house

4. Using this online tool

5. Using this other online tool

Internally from one client:

1. Port forward check in Resilio Sync on LAN server

Like I said in OP: very recently the same configuration worked in pfSense. The problem is with OPNsense.

Hi there,

Running v17.1.4 nano x64.

The following port forwarding rules are configured (see attached images). Created various NAT port forwards and associated firewall rules.

None of the forwards work. Especially tested were the RDP/RDC rules.

Information:

- Hardware is Netgate SG-2440

- ISP is not doing carrier-grade NAT; router has a public IP address

- Router responds to ICMP echo requests on the WAN interface

- This configuration worked 100% on pfsense 2.3.3-RELEASE AMD64

Can I provide any additional information? After doing some googling it appears that port forwarding is likely actually broken in OPNSense v16+

You are the true hero...thank-you!

Hi Franco,

Apologies for resurrecting a zombie thread, but related to my issues installing OPNSense on a Netgate SG-2440 (thread here), should this bootstrap script work to convert my current pfSense v2.3.3-RELEASE installation to OPNSense v17.1 (in theory)?