"
Hello there ( General Kenobi 8) )
I've had few problems before with the update from 23.1 to 23.1.9, offload with suricata, sad AX210 WIFI6 card and Cie but all were resolved by this forum and few reddit/github topics.
I now have another problem which makes me turn around since the fresh install (and few other reinstall/BackUp/Restore to default setting) : There's connection to my ISP/Internet from my FW (like I updated+installed plugins) but nothing from LAN.
Here's few details :
-FW: Firewall Micro appareil, 4 ports i225 2,5 GbE LAN sans ventilateur Mini PC J4125, 2 x DDR4 Gigabit Ethernet AES-NI VPN Routeur Openwrt Barebone
(https://www.amazon.fr/dp/B0BKZP61LY?psc=1&ref=ppx_yo2ov_dt_b_product_details)
-Topology:
PC <-- 10.10.0.1(FW LAN) <-10.10.0.0/29 LAN- [FW] -WAN 192.168.1.0/24-> 192.168.1.1(FW WAN) --> ISP Router
GW: LAN 10.10.0.7 / WAN 192.168.1.254
-If I unplug OPNSense from my ISP's router and plug a pc into the same port, there's connection.
-Same in other RJ45 ports
-There's a any-any rule on both sides, with few automatics rules created by Wizard.
Even tried with IN/OUT on those, as I may have forget some things on my last IT diploma where I had PFSense configurations.
-NAT Outbound (hybrid, with two automatically generated rules):
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN LAN net * WAN net * Interface address * NO NAT LAN_2_WAN
(Hybrid)
WAN LAN networks, Loopback networks, 127.0.0.0/8 * * 500 WAN * YES Auto created rule for ISAKMP
WAN LAN networks, Loopback networks, 127.0.0.0/8 * * * WAN * NO Auto created rule
-Two Plugins installed :
os-c-icap (installed) 1.7_3 50.1KiB 3 OPNsense c-icap connects the web proxy with a virus scanner
os-clamav (installed) 1.8 47.7KiB 3 OPNsense Antivirus engine for detecting malicious threats
-WebProxy Configured, with or without "Use alternate DNS-servers" there's no change (DNS used when ain't cleared: 8.8.8.8 - 1.1.1.1)
-Got GeoBlockIP in Firewall:Aliases but nothing happens on the LAN internet connection when ticked or not.
-"Unbound DNS" Enable with no Overrides
-"Web Proxy" Enable, Remote Access Control with UT1.
-"Overwrite global settings" ain't tick on both Interfaces
-Connectivity Audit from Firmware Status:
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.1.9 at Wed Jun 14 03:02:32 CEST 2023
Checking connectivity for host: mirror.dns-root.de -> 172.67.206.93
PING 172.67.206.93 (172.67.206.93): 1500 data bytes
1508 bytes from 172.67.206.93: icmp_seq=0 ttl=55 time=10.325 ms
1508 bytes from 172.67.206.93: icmp_seq=1 ttl=55 time=10.597 ms
1508 bytes from 172.67.206.93: icmp_seq=2 ttl=55 time=10.426 ms
1508 bytes from 172.67.206.93: icmp_seq=3 ttl=55 time=10.444 ms
--- 172.67.206.93 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 10.325/10.448/10.597/0.097 ms
Checking connectivity for repository (IPv4): https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 825 packages processed.
All repositories are up to date.
Checking connectivity for host: mirror.dns-root.de -> 2606:4700:3036::ac43:ce5d
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***
-Health Audit from Firmware Status:
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1.9 at Wed Jun 14 03:03:14 CEST 2023
>>> Check installed kernel version
Version 23.1.8 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.1.8 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-c-icap 1.7_3
os-clamav 1.8
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: ................................................................... done
***DONE***
-Interfaces: Diagnostics: DNS Lookup:
Type Answer Server Query time
PTR 8.8.8.8.in-addr.arpa. 5157 IN PTR dns.google. 8.8.8.8 7 ms
-Interfaces: Diagnostics: Ping to 8.8.8.8 from no source -> OK
-Interfaces: Diagnostics: Ping to 8.8.8.8 from 10.10.0.1 -> OK
-Interfaces: Diagnostics: Ping to 8.8.8.8 from 192.168.1.1 -> bind: Can't assign requested address
-Same error with Trace Route like the last ping (UDP+ICMP)
Am I forgetting something, or did something wrong ?
Ain't tested on a VM yet as it'll be on the barebone physically at the end of the journey.
Btw, i've got few backups to tests as I restored to default few times.
As said on top of this topic, I've tried all possibility I can see as I'm new here. I may have forget something or used a bad habits from PFSense/Fortinet tho.
Don't hesitate to ask if you need further informations, I'll answer ASAP (with jetlag, as I'm in France).
Thanks by advance, wishin' you all a great day ! :)
I've had few problems before with the update from 23.1 to 23.1.9, offload with suricata, sad AX210 WIFI6 card and Cie but all were resolved by this forum and few reddit/github topics.
I now have another problem which makes me turn around since the fresh install (and few other reinstall/BackUp/Restore to default setting) : There's connection to my ISP/Internet from my FW (like I updated+installed plugins) but nothing from LAN.
Here's few details :
-FW: Firewall Micro appareil, 4 ports i225 2,5 GbE LAN sans ventilateur Mini PC J4125, 2 x DDR4 Gigabit Ethernet AES-NI VPN Routeur Openwrt Barebone
(https://www.amazon.fr/dp/B0BKZP61LY?psc=1&ref=ppx_yo2ov_dt_b_product_details)
-Topology:
PC <-- 10.10.0.1(FW LAN) <-10.10.0.0/29 LAN- [FW] -WAN 192.168.1.0/24-> 192.168.1.1(FW WAN) --> ISP Router
GW: LAN 10.10.0.7 / WAN 192.168.1.254
-If I unplug OPNSense from my ISP's router and plug a pc into the same port, there's connection.
-Same in other RJ45 ports
-There's a any-any rule on both sides, with few automatics rules created by Wizard.
Even tried with IN/OUT on those, as I may have forget some things on my last IT diploma where I had PFSense configurations.
-NAT Outbound (hybrid, with two automatically generated rules):
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN LAN net * WAN net * Interface address * NO NAT LAN_2_WAN
(Hybrid)
WAN LAN networks, Loopback networks, 127.0.0.0/8 * * 500 WAN * YES Auto created rule for ISAKMP
WAN LAN networks, Loopback networks, 127.0.0.0/8 * * * WAN * NO Auto created rule
-Two Plugins installed :
os-c-icap (installed) 1.7_3 50.1KiB 3 OPNsense c-icap connects the web proxy with a virus scanner
os-clamav (installed) 1.8 47.7KiB 3 OPNsense Antivirus engine for detecting malicious threats
-WebProxy Configured, with or without "Use alternate DNS-servers" there's no change (DNS used when ain't cleared: 8.8.8.8 - 1.1.1.1)
-Got GeoBlockIP in Firewall:Aliases but nothing happens on the LAN internet connection when ticked or not.
-"Unbound DNS" Enable with no Overrides
-"Web Proxy" Enable, Remote Access Control with UT1.
-"Overwrite global settings" ain't tick on both Interfaces
-Connectivity Audit from Firmware Status:
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.1.9 at Wed Jun 14 03:02:32 CEST 2023
Checking connectivity for host: mirror.dns-root.de -> 172.67.206.93
PING 172.67.206.93 (172.67.206.93): 1500 data bytes
1508 bytes from 172.67.206.93: icmp_seq=0 ttl=55 time=10.325 ms
1508 bytes from 172.67.206.93: icmp_seq=1 ttl=55 time=10.597 ms
1508 bytes from 172.67.206.93: icmp_seq=2 ttl=55 time=10.426 ms
1508 bytes from 172.67.206.93: icmp_seq=3 ttl=55 time=10.444 ms
--- 172.67.206.93 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 10.325/10.448/10.597/0.097 ms
Checking connectivity for repository (IPv4): https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 825 packages processed.
All repositories are up to date.
Checking connectivity for host: mirror.dns-root.de -> 2606:4700:3036::ac43:ce5d
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***
-Health Audit from Firmware Status:
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1.9 at Wed Jun 14 03:03:14 CEST 2023
>>> Check installed kernel version
Version 23.1.8 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.1.8 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-c-icap 1.7_3
os-clamav 1.8
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: ................................................................... done
***DONE***
-Interfaces: Diagnostics: DNS Lookup:
Type Answer Server Query time
PTR 8.8.8.8.in-addr.arpa. 5157 IN PTR dns.google. 8.8.8.8 7 ms
-Interfaces: Diagnostics: Ping to 8.8.8.8 from no source -> OK
-Interfaces: Diagnostics: Ping to 8.8.8.8 from 10.10.0.1 -> OK
-Interfaces: Diagnostics: Ping to 8.8.8.8 from 192.168.1.1 -> bind: Can't assign requested address
-Same error with Trace Route like the last ping (UDP+ICMP)
Am I forgetting something, or did something wrong ?
Ain't tested on a VM yet as it'll be on the barebone physically at the end of the journey.
Btw, i've got few backups to tests as I restored to default few times.
As said on top of this topic, I've tried all possibility I can see as I'm new here. I may have forget something or used a bad habits from PFSense/Fortinet tho.
Don't hesitate to ask if you need further informations, I'll answer ASAP (with jetlag, as I'm in France).
Thanks by advance, wishin' you all a great day ! :)
