Messages

@pfry Thank you. That has appeared to fix my issues as far as I have been able to tell so far. I'm not seeing the things I was seeing previously.

Can you enlighten me on how you thought to look at the ARP Table? Just curious about how you came to reason I might find an issue there.

The first thing I'd check is your ARP table

There are only 9 entries, not sure what I would have expected to see, but since the ASUS is the router maybe that makes sense. Nothing about the entries seem off. Appreciate the suggestion.

*EDIT*
Maybe I spoke too soon. I was watching the ARP Table while I just had an issue and I noticed that the MAC address of my ASUS router (gateway IP) changed. I have a second ASUS router in the garage and it's MAC address was showing as the gateway IP. I am going to go disconnect it and see what comes of that.

Hello everyone. A couple of weeks back, I started having this issue where my connection to work over a VPN and then through an RDP would pause for about 10 - 30 seconds. I believed originally it was just that connection (interface) but as I have been dealing with this, I found that my entire internet connection pauses / hiccups.

It seems like I may have done an update to OPNSense the night before I started having the issues. Overall, nothing new about my network except that I blocked internet access to some IoT devices on my ASUS Router that same weekend.

One Sunday, I was on the couch scrolling YouTube and the feed would stop. I'd go to Reddit and same thing, nothing would come up. Then after a few seconds it would be back. On Monday, when the hiccup would happen while working, I'd grab my phone and try to check YouTube to see if it was working and it wasn't. It's like my entire OPNSense box just freezes.

The OPNSense Box is a Neosmay N100 firewall appliance. One of those $250ish Amazon buys. It has 32GB of RAM and something like 100GB of diskspace.

OPNSense is running as Transparent Filtering Bridge. It sits behind my ISP Modem and in front of my ASUS Router.

My work notebook is connected to 1 of the OPNSense ports, on and on a different subnet. It's traffic is passed through the MGMNT interface. (as been this way for about 2 months).
MGMNT interface connected to ASUS.
IN interface connected to ASUS.
OUT interface connected to ISP Modem.

BRIDGE interface consists of IN and OUT.

Versions:
OPNSense 24.7.12-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

Plugins:
os-amce-client v4.7 (not enabled)
os-clamav v1.8_2
os-crowdsec v1.0.8_1
os-sensei v1.18.4 (Zenarmor not currently enabled)
os-sensei-agent v1.18.4 (Zenarmor not currently enabled)
os-sense-updater v1.17 (Zenarmor not currently enabled)
os-sunnyvalley v1.4_3 (Zenarmor not currently enabled)
os-theme-rebellion v1.9.2

To start, I am really just trying to figure out where to look for issues to try and better understand what might be going on. A recent assumption was that it was Zenarmor that was causing the issue. I don't think that is the case because as noted above, it is not enabled and I am still having the issues ... although maybe less frequent?! One reason I thought that it was Zenarmor was because I would find that the Cloud Nodes would show DOWN when the problem would present.

Another thought I had was that it was somehow related to CrowdSec. I'd see a lot of Block Activity on the firewall log around the same time that things would pause. It didn't seem to always be the case. I also had on occasion where CrowdSec would go down and it could not be restarted. I'd get a 'jwt' error and I would need to restart OPNSense completely in order for things to come back up.

Sometimes, things would not come back up completely. I'd need to unplug the ethernet from OPNSense to the ISP Modem and plug it into the ASUS router in order for OPNSense to respond. Almost like a DNS issue.

Speaking DNS, I do run in an LXC, PiHole and Unbound. Originally, I pointed OPNSense (System > Settings > General) at the ASUS router IP for DNS and as a second entry the PiHole IP. Last night I put QUAD9 in the first position and I have had issues today as well.

I'm sure there is likely some detail that I missed that might help, but again, what I am trying to get help with is ideas for where I should be looking to try to see what is going on. I've stared at the CPU graph looking for spikes (didn't see any), watch for memory issues (didn't see any), but I don't know what else to be looking for nor where.

Yesterday, I did turn on Suricata since I turned Zenarmor off. It was on the OUT interface opposed to Bridge. Probably did that wrong!

I had hoped the OPNSense update over the weekend would have solved things, but it didn't.

Obviously, the ASUS could be the issue, but it's been solid for the time I have had it. Recently I have been having Wi-Fi issues. Trying to use FaceTime lately has not been fun. There are no firmware updates for it at this time. I don't have any alerts for there being any issues but doesn't mean there aren't.

Additional details from my first post here: https://forum.opnsense.org/index.php?topic=44382.0

Appreciate the help in advance. Let me know if you need any additional details to better assist.

I did add the Outbound NAT rule where I used the MGMNT interface for WORK and everything actually seems to be working without needing to do anything on the ASUS. Not that this makes sense to me but I wasn't expecting it to work given the comments. I might test this out for awhile and see what isn't working.

dseven, thanks. This transparent filtering bridge was my post cool down attempt so to speak ;) I had given up a couple months ago and was going to give pfSense a try because it looked to be a little less customizable and my hope was that less levers would mean success. As I was getting ready to start, I saw the video and thought I'd give this a try first because it would leave my network largely intact. Allowing me to take a baby step.

That WireGuard link looks familiar. I think I referenced that or something at least really similar. I recognize the term "Road Warrior".

My DHCP / Static mapping was more of comment about having to redo them every time. I got to a point where I could just restore my ASUS config but each time I blew out OPNSense that work needed to be redone as playing with the config xml wasn't something I was comfortable doing. If I'm being honest, this is just above me it feels and I probably should just hire someone to spend time teaching me in a hands on approach. That way I'm working on my setup and can ask questions and not blindly following a guide that isn't 1:1.

Originally, my goal was to use the OPNSense box as the router and put the ASUS into AP mode (acting as a switch and providing Wi-Fi). Every attempt I made just failed. One sort of problem or another. I use a lot of static / manually assigned IPs for devices so the back and forth in failed attempts was becoming burdensome. I also have a number of devices that need to go through a VPN and while I found some tutorials on setting up WireGuard client on OPNSense they almost all were routing all traffic through the VPN and I didn't want that. So mainly the driver for keeping the ASUS doing what is doing is because I can actually manage it and have it do what I need. The flexibility of OPNSense makes managing a challenge for me and while I love learning, I need a working network.

The ASUS can't do VLANs at this time on the stock firmware. The ASUS does get the Public IP. I don't think I've ever been double NATd.

I'm not really following so I think I just plug my work computer back into the ASUS and live with it. I did wonder about using an outbound NAT on the OPNSense where I used the existing MGMNT interface following viragomann's first comment. Sounds like that would not have worked without something more being needed.

Sorry, a  piece I missed, the cable modem is in bridge mode. It is not performing any routing functions.

I get the first part, get an ip address on one of those interfaces. I think I tried to do that before and ended up having issues where nothing could get out to the internet and ended up having to start over and not stray from the video. Maybe I needed the second piece which I don't understand enough to make it work.

I'll do some more research with the idea I need to be using outbound nat rules.

Good day. First, I am horrible when it comes to networking. Doesn't matter how hard I try, I just struggle.

Starting Point: https://www.youtube.com/watch?v=Rb4vlN_Hf-U
Appears to be a video of: https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

Network Topology
ISP Modem > 4 Port N100 (OPNSense Device) > ASUS Router

OPNSENSE Box
1 Port is connected to the ISP Modem. (Labeled as OUT)
1 Port is connected to the ASUS Router (Labeled as IN)
1 Port is connected to the ASUS Router (Labeled as MGMNT)
1 Port is connected to a work computer (Labeled WORK)

Bridge Interface members: IN and OUT

HOME SIDE (IN OUT BRIDGE MGMNT)
ASUS Subnet 192.168.1.0/24

BRIDGE Firewall Rules: Allow all (IPv4)
MGMNT Firewall Rules: 4 different to allow access to webui, ssh, and a couple of services
OUT Firewall Rules: None
IN Firewall Rules: Default allows

NAT OUTBOUND: Disabled per video / documentation

Gateway (In OPNSense) on MGMNT Interface and 192.168.1.1

All of this side of the setup works as expected. No issues. The ASUS is still doing the majority of the work, the OPNSense is just adding some firewall pieces to my existing network

WORK SIDE
Interface is active, 192.168.2.0/24 (192.168.2.1)
DHCP is active, range from 100 to 199
Work Computer received 192.168.2.100
Firewall Rules: IPv4, WORK net, ANY / ALL (Allow all)

Problem: No internet access

Goal: I want to be able to get to the internet from my work computer. I simply wanted to get the work computer off my local network and on to its own for separation. I don't know what I need to do in order to get the traffic from the work computer out to the internet.

I have tried searching the forum and internet in general. Part of the problem I have is not having the necessary knowledge to know what I am exactly searching for. Attempts to use CHATGPT have been unsuccessful and I am fearful of 'just doing things' which might cause what works now to stop working.

Thanks in advance.