Messages

More recent versions of OPNsense appears to have an issue reconnecting the WAN interface after an outage from our provider. I'm using a cable modem that provides DHCP ethernet. In the past I've simply rebooted OPNsense and everything would return to normal. OPNSense is setup as our home gateway, so this solution isn't very wife friendly when I'm away, so it would be ideal if it fixed itself.

I've done some forum digging, and others have put in crontasks to toggle the WAN interface (this and this). When this occurred yday, I tried doing this manually and it didn't work, as the interface ALREADY had the correct DHCP ip address from my provider so nothing really changed.

Doing some more digging, I found the running a RENEW from the Interfaces / Overview / WAN interface page DID solve the issue, with the following in the logs:

Code Select Expand


2023-04-13T19:33:20   Notice   opnsense   /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.   
2023-04-13T19:33:20   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : openvpn_configure_do(,wan))   
2023-04-13T19:33:20   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : ipsec_configure_do(,wan))   
2023-04-13T19:33:20   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (,wan)   
2023-04-13T19:33:19   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_DHCP6))   
2023-04-13T19:33:19   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure monitor (,WAN_DHCP6)   
2023-04-13T19:33:19   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway '159.196.116.1'   
2023-04-13T19:33:19   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 159.196.116.1   
2023-04-13T19:33:19   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan   
2023-04-13T19:33:19   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'   
2023-04-13T19:33:19   Notice   opnsense   /usr/local/etc/rc.newwanip: IP renwal starting (new: 159.196.119.169, old: , interface: WAN[wan], device: vtnet2)   
2023-04-13T19:33:19   Notice   opnsense   /status_interfaces.php: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_DHCP6))   
2023-04-13T19:33:19   Notice   opnsense   /status_interfaces.php: plugins_configure monitor (,WAN_DHCP6)   
2023-04-13T19:33:19   Notice   opnsense   /status_interfaces.php: ROUTING: setting IPv4 default route to 159.196.116.1   
2023-04-13T19:33:19   Notice   opnsense   /status_interfaces.php: ROUTING: IPv4 default gateway set to wan   
2023-04-13T19:33:19   Notice   opnsense   /status_interfaces.php: ROUTING: entering configure using 'wan'   
2023-04-13T19:33:19   Notice   dhclient   Creating resolv.conf   
2023-04-13T19:33:19   Notice   dhclient   New Routers (vtnet2): 159.196.116.1   
2023-04-13T19:33:19   Notice   dhclient   New Broadcast Address (vtnet2): 159.196.119.255   
2023-04-13T19:33:19   Notice   dhclient   New Subnet Mask (vtnet2): 255.255.252.0   
2023-04-13T19:33:19   Notice   dhclient   New IP Address (vtnet2): 159.196.119.169



This line in particular suggests OPNsense didn't think there was ANY IP address associated with the WAN link.

2023-04-13T19:33:19   Notice   opnsense   /usr/local/etc/rc.newwanip: IP renwal starting (new: 159.196.119.169, old: , interface: WAN[wan], device: vtnet2)   

FWIW I have setup a Monitor IP for the Gateway. When returning from an outage, this shows as Online so it appears as OPNsense is aware the connection has returned but doesn't refresh the interface properly and so no routes are refreshed.

Digging further, it appears I can use the CLI to automate the renewal process, by running `configctl interfaces reconfigure wan` either by cron or manually. I CAN do that - but why is OPNsense not doing this automatically? Is this a bug OR am I missing some config somewhere?

Writing it down gets the 'ole noggin going.

So I also use ZenArmor and turning this into passthru mode confirmed that it was responsible for the blocking action. Looking at the settings further, I've added that domain to the Allowlist and it's now functioning. The reports show it was being flagged as a 'Potentially Dangerous Site'. Because I'm using the FREE version, there is no block message or template, so it's not clear when ZenArmor is doing this from the request.

I'm using OPNsense at home as the border gateway and largely it's working fine. I'm having one strange issue with a single site. If I try and access anything on the 'passport.online' domain in a web browser on multiple clients (only tested Mac, but on Chrome, Safari and Android Chrome) I get an error:

This site can't be reached
stratechery.passport.online unexpectedly closed the connection.

If I tether to my phone's cell network, the issue goes away and the websites work as expected. I'm not using any of the web filtering / outbound proxy functions in OPNsense (Services / Web Proxy is disabled).

I suspect a SSL / certification issue of some sort as the browser reports the web page (eg. https://stratechery.passport.online) is NOT secure. Again, if I simply switch to mobile tethering, same pages are secure, so root certs in Chrome or ay settings on my Mac don't appear to be causing the issue. If I try the same on my phone on the wifi going through OPNsense - it also fails. Suggests to me something in the gateway is causing a problem. The problem occurs whether I'm connected via WIFI or ethernet.

I'm a little stumped. Any suggestions are welcome.