Messages

1

General Discussion / Re: Unusual ip showing in the log

« on: October 22, 2024, 11:12:30 pm »

Further investigation has revelaed that 192.168.1.116 is the ip address of one of the mesh nodes.  I see this as a bug in the Asus firmware.  These packets shouldn't be going out to the WAN.  Thanks everyone for all your help.

2

General Discussion / Re: Unusual ip showing in the log

« on: October 21, 2024, 10:42:04 pm »

bartjsmit, Yes, I can capture packets, here is one packet:

ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 64, id 49801, offset 0, flags [DF], proto TCP (6), length 72)
    192.168.2.102.59963 > 192.168.1.116.7788: Flags , cksum 0xc5fd (correct), seq 4265057839, win 64240, options [mss 1460,sackOK,TS val 1998323531 ecr 0,nop,wscale 6,mptcp 12 join id 8 token 0x87a2e95e nonce 0x2173f5db], length 0

Attempt to downlod the package fails, unknown error

EricPerl, you have it correct.  The LAN side of Asus is 192.168.1.1/24.  The WAN side of Asus is connected to the Ofice interface of opnsense, 192.168.2.1/24.  The DHCP ip assigned ip on the WAN side of Asus is 192.168.2.102,  No port mirroring.  Steam isinstalled on some computers but packets appear even when those computers are turned off, In fact they appear if all computers are turned off.  I don't know what Unreal Tournament is so not that.  Asus has stock firmware, no packet capture ability.

Sample of the logs I am seeing:
   Office      2024-10-21T16:37:58-04:00   192.168.2.102:49825   192.168.1.116:7788   tcp   Block everything else in office   
   Office      2024-10-21T16:37:57-04:00   192.168.2.102:51411   192.168.1.116:7788   tcp   Block everything else in office   
   Office      2024-10-21T16:37:54-04:00   192.168.2.102:49513   192.168.1.116:7788   tcp   Block everything else in office   
   Office      2024-10-21T16:37:28-04:00   192.168.2.102:40767   192.168.1.116:7788   tcp   Block everything else in office 

3

General Discussion / Re: Unusual ip showing in the log

« on: October 21, 2024, 02:51:44 pm »

Thanks for getting back to me.  I did think of packet capture but not wireshark.  Unfortunatly when I try to download the captured data I get Unexpected Error  Check Log for details.  I don't know which log to check.

4

General Discussion / Unusual ip showing in the log

« on: October 21, 2024, 12:19:04 am »

This is kind of a shot in the dark but here goes, has anyone seen this kind of behavior?  First let me describe my setup.  From the isp modem I connect into the opnsense box wan interface, no surprize there.  I am not using the LAN interface except for device admin.  I have an interface named office that all computers and printers connect to.  I have an interface named iot that all iot devices and phones connect to.The office interface has a static ip of 192.168.2.1.  It connects to an Asus Zen Wifi Mesh router (this existed prior to building the opnsense router)  which has a static ip of 192.168.1.1.  Some computers connect via cable, others connect via WiFi.  I see in the firewall log blocked connections coming into the office interface from the Asus router with a destination ip of 192.168.1.116:7788, protocol tcp.  Since they are coming out of the router I cannot see the original source unless one of you can describe a way to do that.  I see these packets coming from the router even when all devices connected to the router are turned off (unless there is somthing on the router I am not aware of - possible).  Clearly 192.168.1.116 is not an internet ip so I have no idea why the router is sending it.  Let me add that there is no device on the Asus router with an ip of 192.168.1.116.  Any thoughts?

5

General Discussion / Re: Question on DNS Queries

« on: October 17, 2024, 11:30:39 pm »

Thanks for your help.  The entries were coming from my iot interface.  Apparently some iot devices use these DNS servers.  I put in a NAT port forward rule to redirect all port 53 requests to local host.  That then routes them through the DOT server I selected.  I now see the port 853 requets logging on wan.

To answer your two questions, there are no DNS servers in system->settings->general but I did have "Allow DNS server list to be overridden by DHCP/PPP on WAN" checked.  I unchecked it.

Thanks again for your help, this is a great forum and opnsense is a great product.

6

General Discussion / Question on DNS Queries

« on: October 17, 2024, 02:44:35 pm »

I am trying to direct all DNS queries to the provider of my choice and I want to use DOT from opnsense to go there.  I know the issues with DOH and that I can't completely block it, that is not my question.  My question is that when looking at the log I see entries going to 9.9.9.9:53 and 8.8.4.4:53 only on the wan interface with a description "let out everything from the firewall host itself (forece gw)".  From this I gather that opnsense is doing queries on its own, not coming from any interface and it chose to use these DNS providers.  Am I correct?  If not can someone explain what this means?  If I am correct then where are the settings to tell opnsense which DNS provider I want to use?

7

General Discussion / Re: Can't access opnsense.org

« on: October 16, 2024, 03:36:40 am »

Everything is working now.  Don't know why the site worked on my phone when connected to cellular or on my computer when plugged directly into the isp modem but would not work going through the appliance but now is working through the appliance.  My computer is setup to only use ipv4, the phone likely can use ipv6 on cellular only since I have ipv6 blocked on the appliance.  Apparently the issue was on their end.  I just put the appliance into production yesterday so I though I messed up a setting.

8

General Discussion / Can't access opnsense.org

« on: October 15, 2024, 04:47:26 am »

Here is a head scrtacher.  Recently inserted opnsense appliance into my network.  Working great... until I try to go to opnsense.org.  Then nothing.  Also can't update.  All other websites that I have tried work.  All my iot devices work.  Only opnsense .org does not work.  To do this post I had to connect my computer to the isp modem directly.  My LAN interface has only default rules.  No block floating rules apply to LAN.  I created separate interfaces, one for computers, one for iot devices.  Even on LAN with only default rules can't get to opnsense.org.  Before putting the appliance into production I was using it through the existing router and then I was able to access opnsense.org.  Now, directly connecting to the isp modem I cannot.  Anyone else see this behavior?

9

General Discussion / Re: New Install can't connect to internet

« on: October 12, 2024, 12:31:06 am »

OK, found the DNS issue, it was on my computer, not opnsense.  The factory reset solved the problem.  The first time I installed I changed the LAN ip during the install.  That is the only thing I can think of that may have broken it. 

10

General Discussion / Re: New Install can't connect to internet

« on: October 11, 2024, 06:26:40 pm »

I made some small amount of progress.  But still no joy.  I reset to factory defaults, then made only the following changes:

interfaces->wan-> unchecked block private networks and block bogon networks
interfaces->lan->changed static ip to 192.168.77.1
services->ISC DHCPv4->changed range to 192.168.77.100-192.168.77.199

Rebooted.

I can now ping 192.168.1.1 successfully
I can check for updates successfully
I can ping 8.8.8.8

I can't go to any website from firefox/
I am thinking some king of DNS issue.  Still ivestigating. 

My plan is to wait until this evening when everyone is off the network and then try directly connectiong to the isp modem again.

11

General Discussion / Re: New Install can't connect to internet

« on: October 10, 2024, 10:38:21 pm »

Routs show as follows:
Proto   Destination       Gateway       Flags    Use    MTU    Netif    Betif (name)
ipv4     default              182.168.1.1  UGS     NaN   1500   igc0     wan
ipv4     127.0.0.1          liink#7          UH        NaN   16384 lo0      Loopback
ipv4     192,168.1.0/24 link#1           U          NaN   1500   igc0     wan
ipv4     192.168.1.62    link#7           UHS     NaN    16384 lo0      Loopback
ipv4     192.168.2.0/24 link#3           U          NaN    1500   igx2    opt1
ipv4     192.168.2.1      link#7           UHS     NaN     16384 lo0     Loopback
ipv4     192.168.140.0/24 link#2       U          NaN     1500   igc1   lan
ipv4     192.168.140.1  link#7           UHS     NaN     16384 lo0     Loopback
ipv6     ::1                     link#7           UHS     NaN     16384 lo)     Loopback

I can ping 192.168.140.1
I cannot ping 192.168.1.1 - times out

I am once again connected to the original router so the network can stay active until I set opnsense up.  The router's ip is 192.168.1.1.  I did uncheck the block on the wan interface for private ip's

Firewall logs live view shows everything passing

Under System->Log Files->Audit I see Error configd.py  action rfc2136.reload.lan not found for user root
Under System->Log Files->Backend I see Error Script action failed with command /usr/local/opnsense/scripts/firmware/query.sh remote returned non-zero exit status 1....

Don't know if these errors are significant.  If you need the full text please let me know.

Looking at NAT rules under port forward I have the abti-lockout rule.  Under one-to-one I have nothing.  Under Outbound
I have two autocreated rules.  Thee first one has source networks of LAN networks, Loopback networks, OPT1 networks, 127.0.0.0/8, destination port 500, NAT Address WAN, static port yes.  The second has the same source networks, no port and Static port No.

Clearly since the ping to 192.168.1.1 failed I cannot get to the upstream router's gateway.  As to fitewall rules under the LAN interface my first two rules are the auto generated rules that allow all ports and Ip's on ipv4 and ipv6

12

General Discussion / Re: New Install can't connect to internet

« on: October 10, 2024, 06:46:22 pm »

In my initial post I noted that I connected tje firewall to my existing router so as not to disrupt my current network during setup.  The existing router uses the range 192.168,1,1/24.  That is why I changed the LAN interface address to 198.168.140.1 so as not to interfere.  So initially the WAN was assinged an address of that router which was 192.168.1.xxx.  In my second post I attached it directly to ny isp modem so I got a WAN address of 35.xxx.xxx.xxx, don't remember the exact address.  Anyway, no joy there either.

13

General Discussion / Re: New Install can't connect to internet

« on: October 10, 2024, 01:14:53 pm »

The box has no internet.  Attempting to do an update failed - no address record found for the mirror.  I connected the wan port directly to the isp modem.  DHCP with isp worked, got ip of 35....  Could I have a hardware issue?  Should I try changing interfaces, I have 5 ethernet ports on the box.  I do see errors on other logs, everything is passing on firewall logs.

14

General Discussion / New Install can't connect to internet

« on: October 09, 2024, 05:00:37 pm »

I created a new install.  Only changes - changed ip of LAN to 192.168.140.1.  Put DHCP on LAN with range 192.168.140.100 - 199.  Removed blocks on WAN interface for private networks and bogon networks.  I did this because I am connecting through my existing router which has an ip of 192.168.1.1 because I don't want to disrupt anything until I get this up.  Can't connect, can't ping 8.8.8.8.  Tried running under live using install USB.  Again changed LAN to 192.168.140.1 and removed blocks on WAN.  This time I didn't setup DHCP, gave my computer a static ip of 192.168.140.99.  Still, no joy.  When I go to the dashboard everything looks good.  Added interfaces widget.  It shows LAN as 192.168.140.1/24 and WAN 192.168.1.6/24  WAN DHCP is 192.168.1.1. When I look at firewall logs I see igmp blocks, udp blocks to 192.168.1.255 with a comment defaul deny /state violation rule but most everything seems to be passing.  I see NTP passing for example.