1
24.7 Production Series / Re: Access modem (Zyxel FWA710) behind firewall
« on: August 22, 2024, 01:44:00 pm »
I was able to get this working with a static route to 192.168.1.0/24 via the gateway.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
24.1 Legacy Series / Re: Properly recover from WAN outages (dpinger bug)?
« on: August 20, 2024, 09:27:10 am »
I have a similar issue: I have a Multi WAN setup with a PPPoE DSL connection and a 5G connection.
The ISP disconnects the PPPoE connection after 24h so I've added a Cron job for a periodic interface reset which worked perfectly fine. But after adding the 5G WAN this doesn't work anymore. After the interface reset the dpinger shows a 100% package loss and the gateway is down even though it got a new IP and would work fine. The dpinger service is still running and doesn't crash or anything. After a manual restart of the Gateway monitor it works again.
Here is the debug log of the gateway. Cron job at 4:00 and manual restart of the gateway monitor at 7:50.
8.8.8.8 is only used as a monitor IP not as a DNS server.
There are many similar posts here in the forum regarding this issue. I was hoping that 24.7 might fix this but it didn't.
The ISP disconnects the PPPoE connection after 24h so I've added a Cron job for a periodic interface reset which worked perfectly fine. But after adding the 5G WAN this doesn't work anymore. After the interface reset the dpinger shows a 100% package loss and the gateway is down even though it got a new IP and would work fine. The dpinger service is still running and doesn't crash or anything. After a manual restart of the Gateway monitor it works again.
Here is the debug log of the gateway. Cron job at 4:00 and manual restart of the gateway monitor at 7:50.
Code: [Select]
2024-08-20T07:50:50 Notice dpinger ALERT: WAN_GW (Addr: 8.8.8.8 Alarm: down -> none RTT: 14.5 ms RTTd: 0.1 ms Loss: 0.0 %)
2024-08-20T07:50:47 Notice dpinger Reloaded gateway watcher configuration on SIGHUP
2024-08-20T07:50:47 Warning dpinger send_interval 1000ms loss_interval 4000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 0ms loss_alarm 0% alarm_hold 10000ms dest_addr 8.8.8.8 bind_addr 2.241.65.39 identifier "WAN_GW "
2024-08-20T07:50:47 Warning dpinger exiting on signal 15
2024-08-20T04:00:07 Notice dpinger ALERT: WAN_GW (Addr: 8.8.8.8 Alarm: none -> down RTT: 0.0 ms RTTd: 0.0 ms Loss: 100.0 %)
2024-08-20T04:00:03 Notice dpinger Reloaded gateway watcher configuration on SIGHUP
2024-08-20T04:00:03 Warning dpinger send_interval 1000ms loss_interval 4000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 0ms loss_alarm 0% alarm_hold 10000ms dest_addr 8.8.8.8 bind_addr 2.241.65.39 identifier "WAN_GW "
2024-08-20T04:00:02 Notice dpinger Reloaded gateway watcher configuration on SIGHUP
2024-08-20T04:00:02 Warning dpinger exiting on signal 15
2024-08-20T04:00:02 Warning dpinger WAN_GW 8.8.8.8: sendto error: 65
2024-08-20T04:00:01 Warning dpinger WAN_GW 8.8.8.8: sendto error: 65
8.8.8.8 is only used as a monitor IP not as a DNS server.
There are many similar posts here in the forum regarding this issue. I was hoping that 24.7 might fix this but it didn't.
3
24.7 Production Series / Re: Access modem (Zyxel FWA710) behind firewall
« on: August 18, 2024, 08:03:46 pm »Anyway, downloaded it locally, that doesn't look correct. Destination should be the subnet where the router is, not *.
Got that from here: https://forum.opnsense.org/index.php?topic=12094.msg55483#msg55483
But changed it now without a difference.
But * should not make a difference. Outbound NAT with an explicit interface set is limited to packets leaving via that interface. Which they supposedly do. I'd use tcpdump to debug this.
I have a Packet Capture if that helps. I have no experience with tcpdump.
Code: [Select]
ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 12208, offset 0, flags [DF], proto TCP (6), length 52)
192.168.178.11.65529 > 192.168.1.1.443: Flags [S], cksum 0xf38d (correct), seq 3800393721, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
4
24.7 Production Series / Access modem (Zyxel FWA710) behind firewall
« on: August 18, 2024, 07:07:03 pm »
Hello,
I have a Multi WAN setup with a DSL connection and a Zyxel FWA710 5G Router.
I would like to be able to reach the GUI of the 5G router from my LAN. The Router is in IP Passthrough mode so I see the public IP in OPNsense.
I've read some other forum posts about this topic and added an outbound NAT rule + disabled the "Block private networks" option on WAN_5G without success.
Maybe you can point me in the right direction. I've included screenshots of the interfaces, my outbound NAT rules and the Zyxel router.
I have a Multi WAN setup with a DSL connection and a Zyxel FWA710 5G Router.
I would like to be able to reach the GUI of the 5G router from my LAN. The Router is in IP Passthrough mode so I see the public IP in OPNsense.
I've read some other forum posts about this topic and added an outbound NAT rule + disabled the "Block private networks" option on WAN_5G without success.
Maybe you can point me in the right direction. I've included screenshots of the interfaces, my outbound NAT rules and the Zyxel router.
5
Hardware and Performance / OPNsense vs. Proxmox Bridge with LAGG
« on: May 22, 2022, 12:32:03 pm »
I'm about to set up my first OPNsense instance as a virtual Proxmox machine.
For the WAN interface I'll use a PCIe passthrough NIC.
My question regards the LAN interface. I want to use LAGG with 2 NICs and I have two ideas how to set it up:
1. I set up the LAGG and bridge in Proxmox and use the virtual interface in OPNsense.
2. I create a bridge without NIC in Proxmox, passthrough both NICs to OPNsense, create the LAGG interface in OPNsense and create a bridge with the LAGG interface and the virtual Proxmox interface.
The connection to Proxmox isn't heavily used. The connection from Proxmox LAN to the switch has priority.
Which option would result in better performance and less CPU usage?
For the WAN interface I'll use a PCIe passthrough NIC.
My question regards the LAN interface. I want to use LAGG with 2 NICs and I have two ideas how to set it up:
1. I set up the LAGG and bridge in Proxmox and use the virtual interface in OPNsense.
2. I create a bridge without NIC in Proxmox, passthrough both NICs to OPNsense, create the LAGG interface in OPNsense and create a bridge with the LAGG interface and the virtual Proxmox interface.
The connection to Proxmox isn't heavily used. The connection from Proxmox LAN to the switch has priority.
Which option would result in better performance and less CPU usage?
Pages: [1]