Messages

I found a workaround...on the DSL router there is a "supplemental network" option to add IP's behind the DSL router... Adding WAN1 to that seems work.

Traffic is flowing now with my work around. Still seems strange that packets were leaving WAN2 interface with WAN1 source IP.

Its holding steady right now since this morning.

I use a remote syslog server.... Most everything is pretty vanilla at the moment because I am battling a multi-wan issue and wanted to "start over".

I am having a weird problem with multi wan which I cannot figure out the solution. I have gone to the extent of a wipe and reload of my fw software and starting the config 1-by-1 only to still have the problem. Now asking for help.

When I put the LAN fw rule for outbound traffic into load balance group where both WANs are in same Tier1 - I experience intermittent traffic failures.

I have multi wan setup per the guide.

WAN1 = cable modem w/ dhcp public IP
WAN2 = opnsense is NAT IP behind DSL "router" which has public IP

After several days I finally made some discovery after looking into the WAN2 DSL router logs - it is denying traffic for reason of packets "invalid src IP address" of WAN1.

Traffic shouldnt be coming in an interface that did not originate from, correct...??

When I have either WAN configured as Tier1 and the other as Tier2, I have zero issues like this.

Only when they are both at the same Tier does it occur. Please help

Once I disable "circular logging" syslog-ng is able to start and I am seeing log events now.

I dont know what the remifications of disabling that are? Can anyone shed light?

FWIW once disabling circular logging, syslogd now shows as being stopped.

Same problem here. syslog-ng not working.

I see this in my logs too.

kernel: pflog0: promiscuous mode enabled
kernel: pflog0: promiscuous mode disabled

Every couple of minutes.

did u ever reach any conclusions on this?

When I see the problem occurring the Firewall liveview shows traffic denies incoming to one of the wan interfaces which I presume are asymmetric route traffic... looking for a solution...!

I too am facing the exact problem you described. Did you determine the proper settings to solve this?

Want to close the loop on this issue. I have been running 1.7.3 unbound since last friday and have not had a single recurrence of the problem. The issue is solved with 1.7.3 confirmed! Thanks!!

Hi Stefan,

Good, 1.7.3 will be in 18.1.11 early next week.


Cheers,
Franco

A test version would be great. I have been dealing with this for a little while, so monday or next week for a test version is definetly fine! Thank you

In the Unbound log I am seeing "useless dp but cannot go up, servfail"

It appears #4100 bug listed in the release notes relates to this.

https://github.com/NLnetLabs/unbound/commit/d3866418208f9a16c7bab09b424dbd90a973df0c

https://github.com/NLnetLabs/unbound/commit/53b1e11eba0614fa0c9196edda92d557286fde59

The logfile message I am receiving appears to be the command that is getting hit due to the code above it...

I am no programmer, but to me 1.7.3 looks kinda promising.

The problem does not appear to be resovled in unbound 1.7.2. Made it a few hours before seeing DNS queries to my override are failing.

I have turned up Logging on Unbound to Level 5. Maybe I will see something that can pinpoint the problem. :-/

If I wished to go back to 18.1.8 - what is the procedure - is there a KB article? thx...

FYI: 1.7.2 was shipped today, after non-reboot update the Unbound service requires a manual restart.


Cheers,
Franco

Thank you! I have installed the update & rebooted. Will let you know if this has solved the issue.

I will try adding @53 and see if it makes a difference.

My overide dns is my personal domain name hosted on a VM inside my network. It is resolving fine when I point my clients directly at the dns server.

When the names will not resolve through my opnsense unbound service I restart unbound and they immediately work again.

My override configuration was working perfectly for months and months. The 18.1.9 release included unbound 1.7.1 is the only change to point to.