Messages

I was trying to comment each points of your configurations but it seems you deviated A LOT from the Road warrior guide:
first this https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
later this https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#step-3-turn-on-wireguard

pay attention that the second page has the first part that overlap the specific Proton guide, avoid that first part

The best way is to start with the simplest configuration, once it works you can start making changes otherwise you do not know what went wrong.

Please, backup you config, clean the additional settings of the VPN (nat, firewall rules, normalization, devices...just keep peer and instance).

The guide works, what is not there shall not be changed or implemented....and do not ask to IA but here.

Once you implemented the standard configuration, if you have doubts, just write here.


I have also Proton and I can guarantee that the guide works.

Another reference point: I was having the same issues as OP and could not fix it by checking settings. I went back and deleted each entry to start fresh. It worked.  I don't know what the initial problem was but now it's working.

Mine could be different:

Code Select Expand



***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.7.1_3 at Mon Oct 30 07:10:38 CDT 2023
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Child process pid=55281 terminated abnormally: Bus error
Child process pid=55452 terminated abnormally: Bus error
Child process pid=56205 terminated abnormally: Bus error
self: No packages available to install matching 'opnsense'
***DONE***



Same problem for me I think.

I have internet routing to an OpenVPN client with failover.  When the server is taken down for maintenance/etc, my gateway fails over properly. However, it never returns until I manually restart the openvpn client hours or days later (VPN->OpenVPN->Connection Status->Client Restart). 

Is there a way to have the client service retry and return it to the primary gateway automatically?

You say you lost internet access.  Did you perhaps only lose DNS?  Using Unbound?

If you happened to put anything in the Gateway on the Pass Rule, it will forward traffic to the gateway rather than route the traffic locally.

I'm not exactly sure what's going on here. But I'm having some struggles getting multi wan to fail back to primary interface once network is restored. 
...

Did you get this resolved?  I am having the same issue, and Sticky Connections is not set.

I think this was an issue with Unifi cameras not doing proper TCP when states get reset.  I put them on the same VLAN to circumvent the issue.

Nothing different but an easier configuration

I set one up with a simple pass rule just in case I lock myself out of the other LAN port.

I do a port forward with an associated WAN rule and it works flawlessly. Try a WAN rule.

It looks like you are using 10.0.0.0/16, so your router has nothing to do with this connection problem; it should connect direct through the switch.

It appears you have one or more static IPs assigned because they are not sequential.  I would check these settings and subnet masks on both the printer and PC.  You can run an 'arp -a' command before/after a ping to see if the printer shows up. 

This problem continues. 

It appears to only happen when there is a problem with a gateway.  I use a gateway group.  When an issue arises with a gateway, it causes VLAN -> VLAN routing to also fail.  I have one rule on that VLAN to allow traffic to my DVR and has Gateway set to Default.

Why would a Gateway problem affect local routing?

we should move these two config options to be enabled automatically

I didn't say it and don't agree

Too much clutter?

Not every night but almost, I am losing local routing around 0400, and it knocks my cameras offline. Following are my General Logs.

It takes a few minutes to return to normal and everything works for 24 or 48 hours.

There are no cron jobs at this time.

Advice would be appreciated.

2021-05-15T03:58:59   kernel   pflog0: promiscuous mode enabled   
2021-05-15T03:58:59   kernel   pflog0: promiscuous mode disabled   
2021-05-15T03:58:58   opnsense[91295]   /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway 'xxx.xxx.176.1'   
2021-05-15T03:58:49   kernel   pflog0: promiscuous mode enabled   
2021-05-15T03:58:49   kernel   pflog0: promiscuous mode disabled   
2021-05-15T03:58:47   opnsense[801]   /usr/local/etc/rc.filter_configure: Ignore down inet6 gateways : PIAUSTX_VPNV4   
2021-05-15T03:58:47   opnsense[801]   /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway 'xxx.xxx.176.1'   
2021-05-15T03:58:47   opnsense[801]   /usr/local/etc/rc.filter_configure: Ignore down inet gateways : PIAUSTX_VPNV4   
2021-05-15T03:58:46   kernel   pflog0: promiscuous mode enabled   
2021-05-15T03:58:46   kernel   pflog0: promiscuous mode disabled   
2021-05-15T03:58:45   opnsense[48654]   /usr/local/etc/rc.filter_configure: Ignore down inet6 gateways : PIAUSTX_VPNV4   
2021-05-15T03:58:45   opnsense[48654]   /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway 'xxx.xxx.176.1'   
2021-05-15T03:58:45   opnsense[48654]   /usr/local/etc/rc.filter_configure: Ignore down inet gateways : PIAUSTX_VPNV4   
2021-05-15T03:57:41   kernel   pflog0: promiscuous mode enabled   
2021-05-15T03:57:41   kernel   pflog0: promiscuous mode disabled   
2021-05-15T03:57:40   opnsense[24697]   /usr/local/etc/rc.filter_configure: Ignore down inet6 gateways : WAN_DHCP,PROTONCO7_VPNV4,PIAUSTX_VPNV4   
2021-05-15T03:57:40   opnsense[24697]   /usr/local/etc/rc.filter_configure: Ignore down inet gateways : WAN_DHCP,PROTONCO7_VPNV4,PIAUSTX_VPNV4   
2021-05-15T03:57:39   kernel   pflog0: promiscuous mode enabled   
2021-05-15T03:57:39   kernel   pflog0: promiscuous mode disabled   
2021-05-15T03:57:37   opnsense[41353]   /usr/local/etc/rc.filter_configure: Ignore down inet6 gateways : PROTONCO7_VPNV4,PIAUSTX_VPNV4   
2021-05-15T03:57:37   opnsense[41353]   /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway 'xxx.xxx.176.1'   
2021-05-15T03:57:37   opnsense[41353]   /usr/local/etc/rc.filter_configure: Ignore down inet gateways : PROTONCO7_VPNV4,PIAUSTX_VPNV4   
2021-05-15T03:57:37   kernel   pflog0: promiscuous mode enabled   
2021-05-15T03:57:37   kernel   pflog0: promiscuous mode disabled   
2021-05-15T03:57:36   opnsense[79105]   /usr/local/etc/rc.filter_configure: Ignore down inet6 gateways : PROTONCO7_VPNV4,PIAUSTX_VPNV4   
2021-05-15T03:57:36   opnsense[79105]   /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway 'xxx.xxx.176.1'   
2021-05-15T03:57:36   opnsense[79105]   /usr/local/etc/rc.filter_configure: Ignore down inet gateways : PROTONCO7_VPNV4,PIAUSTX_VPNV4