Messages

well, I don't understand that at all.

Cerberus asked if they could remote in and look at the firewall.
Was slightly nervous about this, but nothing I'd done could make it work...

But they deleted all the NAT outbound and port forwards I'd tried.
deleted firewalls rules on WAN associated with SIP (I had done)
changed NAT:outboard from hybrid to automatic

Then did a fiddle on their side (no idea what that was)
Then SIP registered, no issue...
Have not tested for the 1 way voice issue you can sometimes get.... yet
Not sure what fixed this really....
But thanks for your input and hats off to cerberus tech guy, he obviously knows a thing or 2

is that all on the nat outboard ? or some on the port forward as well ?
My FTTP and SIP provider is Cerberus

I did wonder if I could do it via IPv6, but the phones don't seem to get an IPv6 address, but the PC s do.

on outbound I have
Interface    source (the phone)  source port     destination   NAT address          NAT port    Static port
WAN          192.168.0.55/32          *                      *               WAN address         *                     yes

Then on the rules WAN:
I have:

Protocol    source                                  port        destination            port
IPv4 *       IP of SIP provider server      *            192.168.0.55          *


Chris

Tried searches, google etc nothing helps... been at this for several days, almost decided that OPNsense and SIP don't work together.

I'm in the UK, just moved to fibre and been sent and ATA pre-configured.. ready to go.
I tried the ATA in a draytek router connected to the net elsewhere and the ATA works perfect.

Connect to the OPNsense network, SIP refuses to register.  Nothing at all.
tried the NAT static ports and conservative firewall settings... nothing (maybe have the NAT static port re-write settings wrong...?)
tried siproxd, Upnp, can't get that to work either.

Any help would be much appreciated, as I think I maybe faced with binning OPNsense and getting a draytek.... which I'd prefer not to do.
I'm not a network specialised, but I know my way round a fairly standard setup.
My OPNsense has multiple networks, VLANs, wireguard VPN, etc, bit considered there is a conflict somewhere...
Thanks for any help you can offer.
Chris

I'm no expert (far from it)
but after upgrade my zerotier is as expected.
local machines on opnsense side can route to zerotier clients and via versa.

Have you try a re-install?

Thanks, not thought of that, I'll def try on that when I get a few minutes.
Good idea,
Cheers

Thanks for your reply.
I expected as much, there is a few places where the dynamic ipv6 alias could be used a bit more to help with these sorts of issues.
i had considered some sort of DDNS setup.
Regards

Hi Guys,
My starlink gateway WAN IPv6 address generally doesn't change.
However occasionally the /56 delegation seems to get moved.

So I changed my LAN, to Tracked interface and set it to {whatever they give me}::0/64
Then the WireGuard IP endpoint for OPNsense I set to ::50:0:0:0:1/64
However, things seems to work weird, it connects using IPv6, but routing over IPv6 doesn't seem to work as expected (from what I can tell)
Does the wireguard interface endpoint not work as a tracked interface on ipv6 ?
If I set the full IPv6 addresses (as they are now) to everything (phone and OPN WG), all seems good.

I'm not really understanding your setup very well... but...
If you have 2 ip subnets on the same physical broadcast network, then you'd normally separate these with vlans.

If you don't want vlans, then uuummm, well,
so you say 241.0/24 and 5.0/24 are on the same phyisical network, ie on the 1 port of OPNsense?
do you have 2 DHCP servers on these, OPNsense and some other?  If so that won't end well.
Have you used all the ports on the firewall up, seems unclear from you message?
If you have 4 ports, 1 is wan, then you want 4 LAN networks separate, either you need another port or use vlans.

you could I suppose put lantv with offices, but those on the 241.0/24 network would need static addresses with no DHCP server.
But doing this isn't really good practise in my view, this is the reason for vlans.

A bit unsure of your setup, due to the router you have etc.
But not sure you can do what your doing with only a /64 subnet.
The reason I think this is because, you router, opnsense and lan network would all be on the same subnet.

I think you need a /56 from your provider and divide this down into /64 networks
Chris

do you mean like when away using your phone with zerotier and route browsing back to the OPNsense's WAN ?
If so try going on the zerotier portal and put in network to route 0.0.0.0/0  via <address of OPNsense on ZT network>

Chris

Well....
left it overnight and it started working....
weird.

Hi Guys,
Has ZeroTier stopped working since 22.7.4 ?
My OPNsense box is zerotier-ing from behind a starlink.
It was working fine until recently, now my phone can no longer ping OPNsense (when away from yard using zerotier app)
I can ping other machines that are connected to the zerotier network, so it must be OK at zerotier side.
OPNsense shows as being connected, but nothing routes.
Have tried pressing on the package reinstall, but no different.
I did a reboot the other day and that fixed it for a few hours, then nothing again.
Any ideas ?

have you maybe created a loop condition on the bridge? thus packets are flooding it?

The connection between the switches will always be at 10gbe.
But if your routing between vlans via the OPNsense, then the speed with be whatever the OPNsense is connected at 1gbe.

I also have found since updating to 22.1 that RA would not start.
After much messing and many reboots, I removed the DNS servers entries I had in all the interfaces on RA and rebooted and it started working.
I then put them back again (to the DNS servers I wanted in there) and rebooted again.

Now it SEEMS to be back to normal.... in that RA starts on boot up and the problem has gone.... I think....

Chris