Messages

1

24.7 Production Series / DNS hijacking by provider

« on: August 10, 2024, 09:48:28 am »

I have an opnsense box with two connections. One the fibre line, the other a 4g modem.

When the fibre fails, the router falls back to the 4g.

This all works without issue.

However, when the 4g takes over, it rams in it's own DNS server, forcing safesearch which I don't want and which takes nigh a day to clear once the fibre is returned.

I've configured the Cloudflare DNS servers under System/Settings/General (why are they not under the actual interfaces as you'd expect them to be?) and these seemingly have no effect.

I've a pihole locally (behind the opnsense) for local DNS. Ideally I have opnsense use that for everything, only going out to the internet to a defined DNS server - regardless of interface I use) when pihole doesn't know.

I do have Unbound DNS enabled, but only to forward queries.

Clearly I am doing something wrong. If someone could point me toward how to resolve this I'd be very grateful.

2

24.1 Legacy Series / Re: Multi WAN setup

« on: February 18, 2024, 04:04:34 pm »

A minor note here. I created my setup entirely in VM (diagram attached) and fiddled about in that, running traceroutes and browsing, updating the VMs and then went through my settings almost page by page.

I noticed that the Outbound NAT rules were set to automatic and none existed for my 'real world' configuration.
Setting the option to 'Hybrid' I created manual rules copied from the VM for my two WAN interfaces.

Traffic is now moving without issue and I can disable/enable my gateways as I wanted to.

Is this why deleting and re-creating an interface was allowing traffic to flow - as the NAT outbound rules were re-created when the new interface was created?

I've read back and this automatic creation of outbound NAT rules has occurred before with others and has been addressed in this older post: https://github.com/opnsense/core/issues/2914#issuecomment-439904741.

What might have prevented the automatic rules from being created?

3

24.1 Legacy Series / Re: Multi WAN setup

« on: February 07, 2024, 04:06:24 pm »

No worries Thomas, I'm sort of trying to do failover but manually!

The modem is fine in itself. I can move that around all day long. The problem is opnsense.

When I  lose gateway A I want to manually enable gateway B.

A different way to explain it:

Given I've the fibre gateway enabled
and I've the 4g gateway disabled
and fibre disconnects/drops packets
when I manually disable the fibre gateway
and manually enable the 4g gateway
Then I want traffic to pass over the 4g gateway.

And it doesn't.

You can re-create this config in a VM (I've tried) with two ethernet interfaces to different networks. It being fibre and 4g modem isn't relevant.

The above process works (forwards traffic) only by deleting and re-creating the interfaces.

Therefore I surmised that a service/routing twiddle needed to be restarted to say 'Oi! Your gateway has changed. Send traffic over the active one!'

4

24.1 Legacy Series / Re: Multi WAN setup

« on: February 07, 2024, 03:38:30 pm »

Many thanks for your reply Thomas but I have specifically said I do not want to use failover or load balancing.

What I want to do is have both connections configured, with one disabled. Should that fail, enable the other - manually. Not using fail over. I don't need that level of complexity. I simply want to disable one interface and enable another by enabling/disabling the gateway by clicking on it. Surely this is possible?

Why did traffic not flow despite the connection being available? Why did I have to delete the interface completely and re-add it for traffic to flow?

5

24.1 Legacy Series / Re: Multi WAN setup

« on: February 07, 2024, 02:44:25 pm »

Hello, thank you for your reply  - I'm not using the LM1200's multi wan options - these are not in use and disabled. I'm just using it as a separate interface/gateway within opnsense.

6

24.1 Legacy Series / Multi WAN setup

« on: February 07, 2024, 02:06:02 pm »

Apologies for my tone - I'm struggling.

I've an opnsense box with 4 interfaces. opt0 is LAN, opt1 is my fibre line and opt2 is my 4g modem.

The fibre line has had a couple of outages at their end. Duly I've then connected and configured the 4g modem. Both fibre and 4g (an LM 1200 in bridge mode, for the interested) are simple DHCP ethernet.

I disabled the fibre gateway to send traffic out through the 4g and had internet access.

Later, from the shell I tried ping -S [fibre-ip] 4.2.2.4 and saw the ping return.
 
Setting up a monitor IP for the fibre connection also returns 0 ping failures.

I set about disabling the 4g gateway and enabling the fibre gateway and....

Nothing. No traffic moved, no ping responses despite the fibre gateway showing green in Gateways/Configuration.

Plugging the fibre ISPs router in provided access over the fibre connection, but not through opnsense.

I then reverted, disabling the fibre gateway and enabling the 4g gateway ... and... nothing. No web access, no ping responses, nothing.

I tried rebooting (which always seems a last resort) and no change. Despite the 4g gateway merrily reporting green and working (evidenced by the ISP router), no traffic moved.

To get opnsense to send traffic again I deleted the 4g interface and re-created it, using a timestamp for a name. I honestly don't know why I needed to do this but it did then start forwarding packets.

I would be grateful if someone would kindly explain what I am doing wrong, as - in my mind - this should be straightforward: gateway connection A drops off, switch to B. To see if A has come back, disable B, re-enable A. Rinse, repeat as necessary.

 I'm not trying to set up high availability or failover. I don't want or ned these. I just want to have both connections available and disable one connection while the other is working.

I am fully aware there's a configuration/service restart I'm missing. Would someone kindly tell me where I am going wrong?

Kind regards, Wibbling

7

23.1 Legacy Series / Unable to update from 23.1 to 23.1.11

« on: July 19, 2023, 11:50:55 pm »

Hello,

I've installed opnsense and after setting it up and using it as a router for a while I thought to update it to the latest firmware.

When I attempt this the update dialog displays:
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.1 at Wed Jul 19 22:39:29 BST 2023
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.pkg:
Host is down
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.txz:
Host is down
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

I checked that the client could ping the URL specified and it can.

I can also ping from the shell of the opnsense router itself.

When I visit the URL I am able to download the files directly.

I can curl the files to the opnsense router directly.

I tried running the command pkg update, and that did appear to update packages (see screenshot).

On returning to the web UI, the above output persists.

I must e doing something wrong, or have missed a config option. I would be very grateful if folk would kindly advise where I have gone wrong so I can learn how to resolve the update failure.

Kind regards,

Wibs