Messages

Removing those lines fixed the issue (at least on 24.7.12_4)

Thank you - removing those lines fixed the issue for me as well.

I have struggled getting Kea HA to work - it seems it only works for me, when I configure the Peer/HA ports to be the same as the Control Agent port. (contrary to what the GUI says).

When I run the CA on port 8000 and the Peers on port 8001. I can connect to the Peer HA port with telnet/curl from the local device only - it does not work from the remote/partner device. The traffic is not blocked by the firewall.

I can confirm with netstat -a that it is listening on port 8001, but it does for some strange reason not work...

Running everything on port 8000 works like a charm.

Thanks for debugging. Here is a patch: https://github.com/opnsense/core/commit/b52bf63e9

# opnsense-patch b52bf63e9

Plus this one: https://github.com/opnsense/core/commit/0e1aa4bcca6

I have a TRB500 as well.

Have you managed to get Teltonika to acknowledge the problem?

So far I've worked around the problem by putting the modem in bridge mode, and spinning up a virtual OPNsense to do the NAT part (I have a HA setup behind the virtual OPNsense, that needs the NAT to share the public IP) - But that introduces a single point of failure with the virtualized firewall; I can live with that for the time beeing, since the TRB500 is only my backup connection. But it would be preferrable if Teltonika could fix their NAT mode.

I've come the conclusion it's a weird combination of OPNsense, the router end perhaps Proxmox that is the cause of the issue. I have not found a solution.

I did a little more testing - and Proxmox doesn't seem to have any effect. It's simply that traffic originating from OPNsense itself doesn't work, or is extremely slow.

I had a thought that IPv6 might have something to do with it (since my Cable modem is IPv4 only, and the mobile router is IPv4/IPv6 dual-stack capable), but disabling IPv6 anywhere in OPNsense (and selecting 'prefer IPv4 over IPv6' doesn't help either.

I've attached my little test-chart - both my upstream routers were supplying IPs to the clients/firewalls with DHCP. So I merely moved the clients/firewalls around without changing any configs.

Hi,

I have the exact same problem - is your mobile router a Teltonika router by any chance?

I've come the conclusion it's a weird combination of OPNsense, the router end perhaps Proxmox that is the cause of the issue. I have not found a solution.

Please update here, if you ever get to the bottom of this...

-Kent

Extra info:

If I connect a VM to the OPNsense LAN, that client is able to download from the OPNsense repos without problems.

And if I connect the test VM to the same router (in parallel with OPNsense) it works fine as well.

The problem seems to be only on the OPNsense VM itself.

Hi,

I have a Proxmox virtualized OPNsense 23.1.11, and I'm unable to update it. It simply hangs (or are extremely slow to download) when I check for updates.

When I go to the shell, I'm able to download stuff at full speed - like an Ubuntu install iso (just a random example):

Code Select Expand

root@gw2:~ # fetch https://releases.ubuntu.com/22.04.2/ubuntu-22.04.2-desktop-amd64.iso
ubuntu-22.04.2-desktop-amd64.iso                2% of 4699 MB 7968 kBps 10m25s^C
fetch: transfer interrupted

(I interrupted it myself - I don't need Ubuntu on my firewall) ;)

But as soon as I try to download anything from an OPNsense repo, the download stops or stalls immediately:

Code Select Expand

root@gw2:~ # fetch https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.pkg
packagesite.pkg                                 0% of  234 kB    0  Bps


How do I get updating to work?