Messages

Also found the same issue in Services: DNSCrypt-Proxy: Configuration.

Anyone have information on this?

Capture the packets on the firewall and you'll be able to see what is exactly is happening and when. 

I used a load balancing configuration before.  The policy based routing will dictate which traffic goes through which interface ( out to the net). 

With respects to gateway grouping.  You select all the gateways you want to use in the group.  Let's say you are using a VPN to transmit traffic accessing the Internet (aside from WAN0).  VPN0, VPN1, VPN2.  VPN0 and 1 connect to texas.  VPN2 connects to florida.  Where you live, Texas connects much faster. 

I would group all 3 VPN into a single group.  List VPN0 and 1 as a higher priority so they are equal, and set VPN2 as a lower weight.  Traffic will flow between either VPN0 or 1, and bounce between the 2 depending on your setup.  When the connectivity means any threshold you configured to "switch" connectivity, the traffic will route through VPN2.  When the configured threshold is no longer met (connectivity for VPN0/1 has subsided) traffic will automatically resume to be sent through VPN 0/1.

It can work with both.  You need to enter the correct SAN information when creating the certificate. I.E. in the drop down menu.

Since some time has passed, has the situation improved?  If fix, can you change the subject to resolved?

Contact your VPN provider / documentation.  It's possible they are blocking all inbound connectivity. I have seen VPN providers do this and required a specific configuration for you to use in order to allow inbound.

Freebsd does not use multiple routing tables as with linux.  I have heard (although not see proof) it is possible to have freebsd with multiple routing tables.  But either way, it would not be supported. 

What your looking for is called policy based routing.  You would use that term or pbr when searching the documentation / forum.  There is quite a bit of information on the topic and can become complex very fast.

Both of you may want to post to the github ticket as opnsense currently thinks this is an issue without that much impact.  The more people reporting on this issue, the more they will see a larger impact and be inclined to work on it.

Have you tried re-installing your system when running, not reinstalling from an ISO?

https://docs.opnsense.org/manual/virtuals.html?highlight=opnsense%20bootstrap

look at opnsense-bootstrap.  A word of caution, it is not recommended to do this unless otherwise told to do so, (by opnsense). 

I have done this several times to my system, and have not had unresolvable issues. The only thing I would warn is saving a backup and then after the system reboots,  install the plug-ins (will be missing).

With opnsense, Anything marked with upstream will allow traffic through it.  The high the priority dictates which interfaces to use.  (logical)

However, when GW are not marked as upstream, they STILL can be used for send / receiving traffic.  (Found out the hard way). 

What you are trying to accomplish is listed in the docs.  Although you are not trying to send lan traffic from multiple interfaces, the FW itself would use this.

https://docs.opnsense.org/manual/how-tos/multiwan.html?highlight=multi%20wan

https://docs.opnsense.org/manual/multiwan.html?highlight=multi%20wan

It is possible you received a replacement modem which is bad.  Highly unlikely, although not unheard of.

Something could be radiating causing interference against the cable, or it could be the cable itself.    I'm still thinking its the coaxial cable.  You can ask Spectrum to go out and conduct a line test.  If the cables were not properly terminated, that would cause this issue.  They shouldn't charge for the tech to go out and check. 

Have you tried replacing the Ethernet cable?  Unlikely, but it could be the cable itself.   Perhaps some interference if it's not shielded?

You can ask your ISP to test your connection. It's a simple test to check out the quality of your connection.  Also ask them what the results are such as attenuation, and signal to noise ratio.    It's possible something on your line is cause this issue especially since you are sharing it with your neighbors. 

Also, you stated you replaced the hardware.  Which exactly, the computer running your FW; could be your modem has failed / not operating correctly.

I'm not quite sure what the issue is exactly as I don't use unbound.  But considering you speaking of dnssec, why not use dns-crypt?  It has dnssec by default (exactly why it was written for), you have whitelisting, configure individual listening ports for each vlan (if needed).  Also has overrides, and simple to configure which servers you want to point to.

Not to mention, if you want to query servers that honor tracking, filtering, if you don't need a server to require dnssec, etc.

Can you change the subject to solved?

What do you have setup as your default connection when looking at  your GW (single) priorities?  That will be the interface all the traffic defaults (I believe) including traffic originating from the FW itself.