"This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 30, 2025, 07:40:19 PM #2
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 28, 2025, 07:40:12 PM
Also, I have completely disabled the IPv6 gateway so that only the IPv4 is active, and the internet works fine even though it's reporting 100% packet loss on that gateway. As if I'm browsing offline with 100% packet loss.
#3
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 28, 2025, 07:27:54 PM
I tried the suggestion of setting the Monitor IP to the address of the modem itself, and it shows online again. However that doesn't indicate the internet is working, so I switched back to 1.1.1.1 and it's offline again. Tried 8.8.8.8 also, stays offline.
#4
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 28, 2025, 07:13:40 PM
It didn't hold up. WAN shows 100% loss for days now, having never recovered again. I show DHCP6 online for the last week.
#5
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 19, 2025, 08:07:07 PM
Today, for no reason what-so-ever the IPv4 gateway now shows no packet loss, but the IPv6 gateway is still offline. I haven't changed the configuration, but it just recovered all on its own. I have no idea... Let's see if it holds up.
#6
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 18, 2025, 10:31:21 PM
Maybe some strange and obscure issue because of the Double NAT that cellular internet causes? But it always worked until now, so I suspect something changed on the OPNSense side.
#7
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 18, 2025, 09:07:02 PM
They seem to be there... I've always had this set to automatic, and this is what is there...
You cannot view this attachment.
You cannot view this attachment.
#8
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 18, 2025, 08:18:08 PM
Here you go. 1.1.1.1 has always been set as the Monitor address.
You cannot view this attachment.
You cannot view this attachment.
#9
25.7 Series / Re: DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 18, 2025, 07:59:25 PM
It's configured via DHCP, and is from a cellular modem.
You cannot view this attachment.
I can ping 1.1.1.1 from a PC on the network, and the firewall is processing rules and traffic. Yet, the gateway monitor reports the network as offline with 100% loss. There have been no configuration changes, just the upgrade. Any specific configuration you need to know?
Thanks for the help...
You cannot view this attachment.
I can ping 1.1.1.1 from a PC on the network, and the firewall is processing rules and traffic. Yet, the gateway monitor reports the network as offline with 100% loss. There have been no configuration changes, just the upgrade. Any specific configuration you need to know?
Thanks for the help...
#10
25.7 Series / DPINGER Error 65 After Upgrade, Both Gateways Show Offline
August 18, 2025, 04:50:14 AM
Immediately after the upgrade to 25.7, both of my gateways show "100% Loss" in the widget, and the log has numerous "Warning dpinger WAN_GW 1.1.1.1: sendto error: 65" messages. I've tried rebooting the router, rebooting the modem, restarting services, etc... In all different orders. All I managed to do was get the initial IPv4 gateway showing 100% packet loss, to getting both the IPv4 and IPv6 gateways to show 100% loss.
I can browse, so the internet is working. Been working for years, until the moment I upgraded.
Any ideas what could cause this?
Thanks.
I can browse, so the internet is working. Been working for years, until the moment I upgraded.
Any ideas what could cause this?
Thanks.
#11
24.7, 24.10 Series / Re: Can Others More Experienced Check My Rule Logic, Please
October 03, 2024, 06:34:32 PM
Thank you for the help!
#12
24.7, 24.10 Series / Re: Can Others More Experienced Check My Rule Logic, Please
October 03, 2024, 03:39:59 AM
Thanks,
I just want to make sure my understanding is sane...
I'm setting rules for things that pass as normal, and the reason I was doing it this way is to allow me to log the redirection rules to see which devices are trying to circumvent my internal NTP (and DNS, etc...). If a device is requesting something from my internal servers, fine... They pass with no problems. If something hard codes a different server, I want a log entry saying so.
That's my thinking, I just want to make sure this makes sense in terms of normal firewall procedures. I figured I'd ask to see if there was anything wrong with doing it this way...
So I'm assuming this is fine functionally? Thanks for the advice, I'm by no means an expert. Better to get second opinions. 8)
I just want to make sure my understanding is sane...
I'm setting rules for things that pass as normal, and the reason I was doing it this way is to allow me to log the redirection rules to see which devices are trying to circumvent my internal NTP (and DNS, etc...). If a device is requesting something from my internal servers, fine... They pass with no problems. If something hard codes a different server, I want a log entry saying so.
That's my thinking, I just want to make sure this makes sense in terms of normal firewall procedures. I figured I'd ask to see if there was anything wrong with doing it this way...
So I'm assuming this is fine functionally? Thanks for the advice, I'm by no means an expert. Better to get second opinions. 8)
#13
24.7, 24.10 Series / Can Others More Experienced Check My Rule Logic, Please
October 02, 2024, 06:52:09 AM
Good day,
I have a NAT Redirect Rule to port forward any NTP traffic originating from an Alias consisting of all internal networks...
192.168.0.1/24
192.168.1.1/24
192.168.2.1/24
That rule uses an inverted match of the same Alias as a destination, which as I understand, means it would be destined for an IP outside the local network (server on the internet)...
It then forwards that request to 192.168.0.1 NTP to be handled by my internal NTP server.
Does that sound reasonable? My goal is to allow the interface rules to permit NTP traffic locally, but use this redirection to protect against hardcoded devices using an address of their own liking. I intend to do a similar approach with other things, such as DNS... So I want to make sure I'm not insane.
Thanks for the help!
I have a NAT Redirect Rule to port forward any NTP traffic originating from an Alias consisting of all internal networks...
192.168.0.1/24
192.168.1.1/24
192.168.2.1/24
That rule uses an inverted match of the same Alias as a destination, which as I understand, means it would be destined for an IP outside the local network (server on the internet)...
It then forwards that request to 192.168.0.1 NTP to be handled by my internal NTP server.
Does that sound reasonable? My goal is to allow the interface rules to permit NTP traffic locally, but use this redirection to protect against hardcoded devices using an address of their own liking. I intend to do a similar approach with other things, such as DNS... So I want to make sure I'm not insane.
Thanks for the help!
#14
24.7, 24.10 Series / Re: Question About Log Files
September 30, 2024, 12:43:23 AM
Thanks, that helps... 8)
#15
24.7, 24.10 Series / Re: Question About Log Files
September 29, 2024, 06:23:33 PM
I think my confusion is with these default rules.
If they are created by default, and can't be modified, why on earth does OPNSense clog your logs with them in the first place?
It makes setup so much more difficult.
If they are created by default, and can't be modified, why on earth does OPNSense clog your logs with them in the first place?
It makes setup so much more difficult.
