Messages

Fortunately I have figured it out! Unbound DNS was set only to use WAN1 not both 1&2!
I noticed because today there was an outage on WAN1 but internet was working for the few devices that were hardcoded to external DNS!

All resolved and worked perfectly.

I tested the PPPoE directly using the same credentials etc and it worked flawlessly as expected meaning the configuration is definitely at the OPNsense end.

Anyone have any advice on how to troubleshoot this?

[My idea of dual WAN is that they're two connections, independent of each other.]

My idea of dual WAN is that they're two connections, independent of each other.
I agree and that is what I have here, except when I turn the original/primary WAN off, physically disconnect it etc. I can only ping and do DNS lookups from the 2nd connection but no general web traffic. I do believe it to be an OPNsense configuration issue or potentially a PPPoE issue but I haven't been successful in ruling out either.

I'll test the PPPoE directly to a spare laptop this weekend that should rule that side out at least.

Unfortunately not.

Bump

[Add monitor IPs to the gateways Add a gateway group Configure DNS for each gateway Use policy based routing to utilize our gateway group Add a firewall rule for DNS traffic that is intended for the firewall itself]

Thanks for the quick reply bartjsmit.

I have followed this documentation, although I have a feeling that this connection might not work in a single WAN setup - unsure.
Steps in bold are completed as per documentation.

    Add monitor IPs to the gateways

    Add a gateway group
    Configure DNS for each gateway
    Use policy based routing to utilize our gateway group
    Add a firewall rule for DNS traffic that is intended for the firewall itself

I have a new internet connection at my place, which I was hoping to use as load balance or failover. However I cannot get traffic to go out via this new interface.

I have an ISP modem in bridge mode connected to OPNSense providing a DHCP v4 address - this is my WAN and works normally.

I have another connection Australian NBN FTTP, connected to OPNSense on another interface that connects via PPPoE. When enabled - gateway comes to life, interface gets an IP address etc etc. I am using Hybrid NAT and appears all rules are auto generated for the interface. When I disable WAN 1 or disconnect it, OPNSense appears to kick over to WAN2 but web traffic doesnt flow. On both my laptop and on the OPNSense appliance I can traceroute, ping and do DNS lookups, however neither can browse the web. i.e I cannot CURL www.google.com from either device.


Any pointers on where to look?

bump

I have a similar issue, let me know if you fix it.

So I tried expanding the RFC to include all private networks, that made no difference.

What is really, really weird here is that whilst I can't browse the web, but I can ping OPNSense and the VPN DNS server.

Signal messenger, manages to get messages out - appears to be the only application, no clue how that is working!

The only place my config differs from the linked guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html is in the DNS config for the gateway, monitor IP is different to the VPN endpoint (I cant get any traffic so can't test that first hop) and my private networks alias only includes the following, 192.168.0.0/16 as my network is quite small.

There seems to be something commonly misconfigured between the OP and my setup, do you have any guesses as to what it might be?

Hi Greelan,
It certainly would appear to be DNS from traceroute but I'm not sure how to troubleshoot the WG configuration/rules to work around it; output below.

#Not in VPN Alias
username:$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1  192.168.1.1 (192.168.1.1)  8.225 ms  1.449 ms  1.417 ms #OPNSense
2  172.22.0.1 (172.22.0.1)  8.687 ms  8.385 ms  8.262 ms
3  ISP (IP Address)  10.872 ms  10.697 ms  9.949 ms
4  ISP (IP Address)  10.341 ms  11.581 ms  10.005 ms
5  ISP (IP Addres)  10.025 ms  9.979 ms  10.008 ms
6  74.125.51.92 (74.125.51.92)  12.206 ms  10.523 ms  10.002 ms
7  * * *
8  dns.google (8.8.8.8)  13.176 ms  9.384 ms
    142.250.230.160 (142.250.230.160)  9.966 ms
#VPN Alias
username:$ traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1  192.168.1.1 (192.168.1.1)  8.630 ms  2.213 ms  1.968 ms #OPNSense
2  * * *
3  * * *
<> Snip
63  * * *
64  * * *

WG appears up:
allowed ips: 0.0.0.0/0
  latest handshake: 6 seconds ago
  transfer: 461.95 KiB received, 1.34 MiB sent

Any advice you can offer me?

I have the exact same output from following the exact same guide! My gut is DNS somehow but not sure where its falling down