Messages

Mine failed when I tried to update it. Still asks me for a "private key password"

Okay so it works when I do the Export "File Only" Instead of "Archive"

I remember a while ago there was a problem with openvpn where we couldn't install openvpn client 2.6.x or newer because of compatibility issues. Is this problem now fixed with the latest version of opnsense? can I simply replace my 2.5.x with 2.6.x openvpn gui clients for windows?

trying to delete an openvpn instance static key, but unable to do so. get an error message

So in summary:

Client's on OPNSENSE LAN -> can ping the WAN router (192.168.1.1)
Opnsense BOX (192.168.1.2) -> CANNOT ping the WAN router (192.168.1.1)

Funny part is -> UDP comms work, but ICMP does not. See attached.

I am convinced its the ISP's router that's the problem

Both WAN and LAN are on RFC1918 networks? Maybe bogons rule is blocking.

Yes. Because the ISPs are shitty and whenever there's a problem, they'll lay the blame on "your firewall" if something goes wrong. So we do it like this (I know Double Nat, bad practice etc...  ;D)

Both Bogons and Private IP Blocks are disabled

There is nothing in live view other than some default deny on IGMP on WAN interface.

However, I did notice something odd. I had the firewall box brought in, plugged it into a different network, reconfigured the interfaces and everything seems to be working. But in that network specifically on the WAN side, its not letting ping go.

My guess is the ONT device (ISP's box) is doing something funny here. I don't think OPNsense is the problem in this case.

Current setup is like this:

ISP ONT device -> LAN IP -> 192.168.1.1 ->> OPNsense WAN IP (192.168.1.2 with gateway set to 192.168.1.1)

LAN side OPNsense IP -> 192.168.2.1

If you see the attached ping jobs, no icmp traffic is being blocked by pfsense.
end-user (windows) clients can ping anything on the internet (8.8.8.8 / 8.8.4.4)

My bad. I ran a ping from a local client to 2 different IPs, log shows it passes

Local ping works and live view shows packet pass

attached. Log says "pass" But ping probe says "100% loss"

I can only imagine that you have something screwed up in your Firewall rules.  What do your WAN rules look like, including the floating and automatic rules?

You are correct. There are an unusual amount of automatic rules.
attached WAN and floating Rules

What does your network look like?

How are you testing ping?

Can you test with a fresh install?

Very simple: 2 Interfaces:

WAN - connects to internet
LAN - connects to lan with a /24 subnet

Testing ping using the ping diagnostics in interfaces menu
Testing with a fresh install is NOT possible as it is on a remote location. That would be my absolute last resort
I am using the latest version.

I have a very weird problem - opnsense box cannot do any ping to WAN/Internet.
(which is why even the WAN gateway shows offline)

- All computers on LAN can ping and access ALL resources on the internet.
- opnsense box can't ping anything on the internet
- opnsense box CAN ping everything on the LAN side
- port probe works fine (I ran a 443 check on google.com)

- for test purposes I even did a allow all rule for all protocols everywhere, it didn't work.

While making a new openvpn server in Opnsense (road warrior / remote access)
I saw "Encryption Algorithm" had a text saying "depcrecated"
with the following line:

"Cipher selection for older clients. Only preserved for backwards compatibility reasons."

Does that mean that it will auto negotiate select the encryption algorithm when the client connects to the openvpn server on opnsense? (for a while I thought encryption altogether is disabled, but that seemed silly :P)

I just updated to OPNsense 23.1.7_3

Do I need to do anything else? At thhat time I went into gateways and checked the "Disable Host Route" option to fix the problem. I could not find any documentation on what exactly that option is used for other than the help item which said "Do not create a dedicated host route for this monitor.".

I use multiwan with different priorities for gateways.
default gateway switching is enabled.
all three gateways are marked as upstream gateways. Everything was fine until I upgraded to 23.1.17

Now all three gateways go offline and online repeatedly at the same time. This has caused a major outage.

In the release notes I read the line
:"system: restructure routing to carry out default gateway switching and address family specific reconfig"

Would this have anything to do with my problem?
Thank you.