Messages

1

23.1 Legacy Series / Re: Intersite routing issue - driving me mad!

« on: March 11, 2023, 08:19:50 pm »

It's 100% a routing issue.

Everything to WAN works fine. Trying to route out via IGB2 (Intersite) for defined routes means that it will send traffic only as far as HQ, then drop. Phone system is at HQ, so it hits it and the system makes the outbound call. Any traffic thereafter should flow in and out but IN works, OUT halts at HQ.

It's NOT the HQ router. With the old router in place, it works fine.

2

23.1 Legacy Series / Re: Intersite routing issue - driving me mad!

« on: March 03, 2023, 11:03:53 am »

Thank you for the reply, but that won't work.

The outbound is broken using Intersite. It just will NOT route correctly. It should be able to use the Intersite as a secondary WAN as well as route between my sites. It cannot PING or connect to anything past the first hop to HQ, but everything further out such as the USA can ping and connect back.

It's definitely something routing or firewall related.

3

23.1 Legacy Series / Intersite routing issue - driving me mad!

« on: March 02, 2023, 10:58:22 pm »

Hey folks

I have just replaced a router at a site that I believed to be configured okay, and it turns out it isn't working as intended. I've attached the diagram of the network and connections.

The OPN router has a WAN and 1Gb Dark Fibre to another site, so copying the previous config (which worked fine!) I have set the WAN to default GW and weighted it. IGB2 is Intersite and has 10.1.50.2 with a Gateway of 10.1.50.1 which is a pfSense at HQ. There are no issues getting from the site to the public internet via the WAN.

Here is where it gets weird. I've added the static routes for the other sites and allowed IPv4 any/any across the Intersite. I can ping everything at HQ and HQ can ping everything at the London/OPNSense site, it looks okay. Remote Desktop works, as do file shares. However, UDP from the Phone System SIP trunk hosted at HQ is filtered out for calls; we can hear the other person, but they cannot hear us. It is like the outbound is filtered out, but the inbound works. This is backed up with the fact that I cannot ping anything in the USA sites from OPNSense, but the USA sites CAN ping and see things at the London/OPNSense site.

Any ideas? I've been at this since 4am this morning, it's now almost 10pm at night. It has to be something to do with firewall rules. I know it's not the other routers as the Draytek that was removed worked fine.

I have bought a DEC3840 so I will contact Sales for support in this matter if you guys cannot shed any light on where I am going wrong.

4

22.7 Legacy Series / Port mirroring for Dark Trace

« on: September 09, 2022, 10:34:24 am »

Hi All

I'm new to OPNSense and have bought a DEC3840 to use on a small site. We have DarkTrace Cyber Security Probe which needs to mirror the LAN port on the router. On the Draytek that I am removing we can simply enable Port Mirroring in Promiscuous mode but I do not see such an option here.

Would anyone happen to know how to enable the port mirror function before I raise it with Business Support?

Thank you.