Messages

I won't give up. I created an Image of my Opnsense-Installation and will try again to debug it as soon as I can make my network offline for a while..

Problem solved using Linux(with bridge, dnsmasq, shorewall, suricata, aso.) instead. Seems like it isn't a hardware problem. I would really really have known what the cause was.

Thanks but I don't have any explicit block-rules.

I deaktivated IDS now. It shouldn't block anything because I didn't configure IPS, but who knows. Since I am out of ideas this is my last try. If the problem occurs again, I will setup a Linux-Firewall. If this happens then it might be a hardware error or user-fail but if its fixed then, I'll let you know.

Right. DHCP is working

The NAS-Box, which was lately affected by this bug, is connected via cable and not wifi.  And even if it would be connected, the wifi is configured as access-point, not router. So there is no nat in this network.
The mac-adresses do not change. I checked it and can also see it in my tcpdump(on the client device).

What i don't understand is:
client sends ARP-Reply to the firewall. I see the arp-packet in the tcpdump on the client, but not in the tcpdump on the firewall. So even if the packet gets dropped by the firewall i expect to see that packet. Or am I wrong? 

Here is my setup:

1 Port -> WAN (configured with DHCP)
2 Ports -> bridge0(LAN)
2 Ports -> bridge1(WIFI)

Wifi-Ports:
  - igb8 connected to a NAS
  - igb9 connected to an access-point

All devices in Wifi are configured with DHCP and have static arp entries.

Sometimes, Ports "die" on the WIFI-Interface. This means, the device connected on this NIC-port is not available. The NIC-Port is marked as UP on both sides but if i do a tcpdump on the firewall and on the device-connected on this port, and try to make an arp-scan from the firewall to the device, then i can see arp-packets goint to my device, on the device I see that it replies correctly. But I can't see any replies on the tcpdump of the firewall.
That is strange, because the device is connected via ethernet-cable(Yes i also tried another cable too). And the problem is fixed as soon as i disable the WIFI-Interface and enable it again. The problem doesn't always occur. Somedays it doesn't occur at all, sometimes it happens many times.

If a device "died" i tried out some things:

- disconnect the device from the firewall, and directly connect it to another device. no problems.
- disconnect the diveice from the firewall and connect another device on the same port. same problems

I have no idea how to fix this or even how to find out the source of this strange behaviour.

Explicitly setting the gateway on all rules of the lan interface solved the problem. Thank you very much!

Hi,
I am a little bit lost with my openvpn configuration. I configured opnsense as a openvpn-client. The tunnel is "UP". I configured an interface with ovpnc1, created a gateway(with dhcp because openvpn pushes all the config) and even created a static route for the remote-network. I even created a few rules for lan-network and outbound-nat. But I am not able to ping from the lan-network into the remote-vpn-network. traceroute tells me, that opnsense routes even the traffic for the vpn to the defaultgateway instead of the vpn-gateway. If I connect via ssh to opnsense and try to ping the remote-vpn from there, it works as considered. I have no clue why opnsense routes my vpn-traffic to the defaultgw instead of the vpngw.
Any ideas?