Messages

I'm looking to see if this is possible too.
You can specify the interface for openVPN also. But I cannot find where to do it for wireguard tunnels.

I should add to this, I cannot ping the firewall either. I ended up making this rule:
Proto     Source    Port        Destination         Port    Gateway   
IPv4      LANnet    *        This Firewall           *             *

Is there a reason that this rule would be needed on a clean install?

Hi,
Does NAT reflection work in 18.1?
I'm trying to setup basic NAT reflection for a game and it isn't working.
The port forward rule works, and everyone on the outside can see the game, but no one can see on the inside.
I forced port reflection on the port forward rule, and also enabled the following under settings/advanced:
Reflection for port forwards
Reflection for 1:1
Automatic outbound NAT for Reflection
I noticed there is no longer a choice for PUREnat and Nat-Proxy that used to exist. Seemed like the Nat-Proxy is the one that I had to use in the past. Now it only lists enable/disable.
Anyone know?
Thanks-

I am using multi wan and openvpn. Not sure if it still matters:
https://forum.opnsense.org/index.php?topic=3808.0

Did you happen to read this:
https://forum.doozan.com/read.php?3,35295,35295
Found it while looking around.

Here is another fix that would be similar on opnsense:
https://www.ceos3c.com/2017/07/26/strict-nat-pfsense-ps4-xbox-fix/

Hi All,

I finally found out what was causing the problems I was having with the default deny rule I posted out about in two postings here:
https://forum.opnsense.org/index.php?topic=7277.msg34964#msg34964

Franco was right, there seemed to be something wrong about the setup I had on my LAN. The LAN interface was bridged to a Linux bridge interface (br0), and that is what was causing the problems. I had to originally do that as PFsense had issues with the VM being bridged right to the LAN (eth0) interface. Anyway, I put it back to the way I originally set it up years ago and it works fine, and the states seem to be tracking correctly. No more default deny blocking all traffic! This wasn't a problem until pfSense 2.4 or the current opnsense. I think it maybe related to Freebsd 11.

I am having a few problems still:
1. For some reason both the DNS resolver and DNSmasq will not work correctly on the LAN without a specific rule allowing packets from the LAN to the firewall. See the attached rule (DNS Fix) and log I made in order to get this to work.
2. I would like to keep IP6 disabled for now. But my log is filling up with "Block all IPv6" entries on the WAN. Is there a way I can keep this from being recorded in my firewall log?

Loving opnsense so far now that I have it functioning well. Glad to join the community!
Thanks!

Nevermind, tested adapter in FreeBSD and couldn't get it to work.

Hi all,

Wondering if anyone might now how to install subversion. I tried:
pkg install subversion
But it says the package isn't in the repos. Is it ok to install on opnsense?
I need to install this driver for my wireless adapter:
https://github.com/s3erios/rtwn
The version in opnsense is too old.

Thanks for any help you may have.

Hi,

I've been having similar problems, only mine are on the LAN. You can see my post here:
https://forum.opnsense.org/index.php?topic=7277.msg34964#msg34964

Franco suggested turning off sticky connections on my default firewall rule. That seemed to solve my problem.
In the live log view I would see default denies before, even though the rule allows. He said it had something to do with state tracking.
Thinking there maybe something with it being virtualized. Been playing with different drivers, etc. to see if I can get stateful working again.

Hi Franco,

Thanks for the help. Sloppy didn't work, but "none" does on the default LAN firewall rule.

You have any suggestions on where to start troubleshooting what could be wrong with my network?
I didn't have this problem till the upgrade from PFsense 2.3 to 2.4. I then moved to Opnsense to see if it was any better.
Have been getting it on both platforms.

Could this be due to the FreeBSD update from 10.3 to 11.1?
If its set to "none" doesn't that disable packet inspection?

Thanks again for your help.

Here are the other two photos of my setup:

Hi All,
I have a new opnsense install, just moved over from pfsense (4+ years). I found this thread and it looks like I maybe having some of the same problems.
I applied the above patch, but I'm still having issues. Setup is basic, with an openVPN client setup as a gateway. Whenever the openVPN client is active, DNS goes down, even on the lan side with local clients. I can still ping the ip addresses of local and external clients like 8.8.8.8.
I found if I made a firewall rule allowing local clients to send DNS packets to the firewall, it will resolve the names. But there are still almost random requests being denied with "default deny rule".
Anyone else having these issues?
They are only present when I have the openVPN client active.
When I deactivate it, everything works as normal.
Check the attached photos for an idea of what it looks like.
Appreciate any ideas or help any of you may have.
Thanks!

PS-love what you guys are doing with opnsense, was frustrated with the last pfsense 2.4 release, the web GUI is horrible.