"
Hello! I am having an issue deploying OSPF on our WAN, hope someone can shed a light.
We have as topology (simplified) [LAN/Servers]->OPN1->[internet w/wireguard]->OPN2->[Servers] - with latest 21.1.5.
The OPN1 is doing NAT for the users going to internet, but not for the remote network, making it a normal routed LAN. For connectivity I have a wireguard interface connecting both sites. With servers expansions from both sides, A bunch of static routes that I am trying to change to OSPF dynamic routing.
OSPF on OPN2 to servers = OK
OSPF between OPN2 to OPN1 = OK
OSPF on OPN1 to the local interface (lan) servers = outbound packets dropped
I think I have hit the issue on bug #346:
https://github.com/opnsense/plugins/issues/346
The OP's comments on PR1149 highlighting that there was some other rule blocking, was unreplied:
https://github.com/opnsense/plugins/pull/1149
The similarity is that like him, our system that has the bug was not upgraded, but recently installed latest and imported config from old host. On the remote machine that had older OPNsense and upgraded, OSPF for the LAN is working fine.
As with the OP of the issue #346 linked here, adding an allow-all rule to the LAN did not succeed.
The hosts have differing roles, so cannot really compare the full ruleset, but could not find the block on /var/log/filter.log
If I am NOT affected by some autogenerated rule, or if I can do something to somehow bypass it... could someone point me in the right direction?
Thanks!
--
Eliphas
We have as topology (simplified) [LAN/Servers]->OPN1->[internet w/wireguard]->OPN2->[Servers] - with latest 21.1.5.
The OPN1 is doing NAT for the users going to internet, but not for the remote network, making it a normal routed LAN. For connectivity I have a wireguard interface connecting both sites. With servers expansions from both sides, A bunch of static routes that I am trying to change to OSPF dynamic routing.
OSPF on OPN2 to servers = OK
OSPF between OPN2 to OPN1 = OK
OSPF on OPN1 to the local interface (lan) servers = outbound packets dropped
I think I have hit the issue on bug #346:
https://github.com/opnsense/plugins/issues/346
The OP's comments on PR1149 highlighting that there was some other rule blocking, was unreplied:
https://github.com/opnsense/plugins/pull/1149
The similarity is that like him, our system that has the bug was not upgraded, but recently installed latest and imported config from old host. On the remote machine that had older OPNsense and upgraded, OSPF for the LAN is working fine.
As with the OP of the issue #346 linked here, adding an allow-all rule to the LAN did not succeed.
The hosts have differing roles, so cannot really compare the full ruleset, but could not find the block on /var/log/filter.log
If I am NOT affected by some autogenerated rule, or if I can do something to somehow bypass it... could someone point me in the right direction?
Thanks!
--
Eliphas
