Messages

Now that ISC DHCPv4 has been deprecated to a plug-in, should I be looking to switch DHCP service on my OPNSense router?  I've looked at DNSMasq and it doesn't appear do everything I'd want, namely the ability specify a specific DNS service for a certain group of devices, for example, pointing all of my smart TV and media devices to Adguard Home or Pi-Hole. Kea seems to have all the features of ISC DHCP but much of it can't be configured via the GUI and requires diving into an SSH shell, so for now I'll continue using ISCv4 for DHCP but the question is, will OPNSense ditch it completely in the near future and if so, will Kea be updated to the degree that everything about it can be configured via the web UI?

Had another chance to take a look at this issue, checked my firewall rules, outbound NAT (set to Auto) and the WAN shows as UP so tried pinging 9.9.9.9 from an SSH session in OPNSense and it worked, so it would appear that the WAN is working fine as far as routing outbound traffic is ocncerned, but doing the same from an SSH session on my PC connected to the OPNSense LAN fails with "host unreachable" errors, even though the PCs ip config shows the correct client IP handed out b DHCP and the gateway being the LAN ip of 192.168.1.1
I've created firewall rules to allow traffic in and out of the LAN but that made no difference.

Yes, the WAN IP as well as the default gateway are on Plusnet. However, neither is reachable from here as well. This looks like a new development area where connectivity is not yet established.

On the other hand, if it works with an Asus router... I would check what WAN IP and default gateway you get with the Asus router. But heck, ask your ISP what is wrong there. Obviously, they give your the PPPoE credentials, so they must be able to deal with a different router.

I can't reach the remote WAN IP 195.166.130.255 but I can reach the local WAN IP 80.229.251.220 (which is my public static IP address). The Asus router doesn't show the default gateway in it's UI, but would the gateway be the remote IP address 195.166.130.255 which shows up in it's logs?

Some ISPs detect a router change and give you a temporary non-routable network in which you can register your new hardware. Some do this for ONTs only, others even want to know when the router changes. Ask them, they must know.

Maybe your WAN IP is now something like 10.x.x.x, which would give an indication.

The WAN is an FTTC connection via a fibre modem whose output is connected to my router, whether it's my Asus router or my OPNSense router (which I'm clearly struggling to get working) and the Asus router connects just fine to the WAN and I can surf the web from any connected clients.

A newly installed OPNsense is not blocking anything from LAN and comes with NAT enabled on WAN. Also it does not block anything outbound from the firewall itself.

Looking closer at your screen shots - why do you have routes for 8.8.8.8 and 9.9.9.9 to your loopback interface? With these active it's natural you cannot ping e.g. 8.8.8.8.

The logfile entries look good.

Those entries are the DNS servers I specified in the general config, I didn't add them to my loopback interface.  Should I remove them?  I have tried pinging 1.1.1.1 and amazon.com to no avail.

So

- PPPoE authentication and IP address assignment works
- ICMP echo (ping) does not

Of course there can be a dozen more things amiss that would prohibit your clients from accessing the Internet but before your OPNsense can ping 8.8.8.8 it does not make sense to look any further.

I'd open a ticket with your ISP. You also wrote you did not receive your assigned fixed IP address, correct? So something is wrong.

Connecting my Asus router to the modem instead of the OPNSense router works fine, so I'm not sure it's worth raising a ticket with my ISP.  The correct (static) IP is returned, according to the logs which state "treating 195.166.130.254 as far gateway for 80.229.251.220/32"

What would I need to look for to see if the firewall is blocking outbound requests from LAN interface clients?

Can you ping e.g. the ISP gateway or 8.8.8.8 from the OPNsense itself?

I didn't try pinging the ISP gateway but pinging 8.8.8.8 or any other well-known public IP fails

If you do not get the IP address you expect per your contract, only your ISP can fix that.

It appears that the IP address 195.166.130.254 is a remote IP address for my ISP which returns a local IP address of 80.229.251.220 which is what I'd expect.

I know the WAN is connecting okay because successful authentication is confirmed in the logs, but the IP address shown isn't the correct static IP address that should be assigned by my ISP.

The IP assignment is part of the PPPoE handshake. You can as well see in the log, which IP is offered to you by the ISP.
So what does the log show regarding the IP?

And which IP do you get in fact? Is it a public one?

The System: Gateways: Configuration page shows WAN_PPOE bound to the WAN interface with an IP Address of 195.166.130.254 and a Monitor IP of the same, with the status icon showing that it's down. If I edit the gateway entry and tick the box Disable Gateway Monitoring then the gateway shows as being UP
If I look at the terminal screen showing the current interfaces details and the menu options, I see that the correct public static IP of 80.229.251.220 is being picked up.

Here are some screenshots from my config, first the WAN interface config, do I need to specify an MTU figure?
You cannot view this attachment.

The PPoE device settings - I'm guessing I only need to specify the underlying adaptor vtnet1 and not the wan interface?
You cannot view this attachment.

The interfaces overview shows my ISP-assigned static IP for the WAN and gateway address 195.166.130.254, the latter which I've never seen before but looking it up shows the following info which does seem to make sense considering my ISP is Plusnet which uses BT infrastructure:

Code Select Expand

Hostname:254.core.plus.net
ASN:6871
ISP:British Telecommunications Plc
You cannot view this attachment.

Finally here are the logs showing the WAN address binding-related messages.
You cannot view this attachment.

With my Asus router connected back to the WAN (OPNSense router unplugged from WAN), I checked it's logs and found entries for "local  IP address 80.229.251.220" and "remote IP address 195.166.130.255", the latter which is in the same subnet as the earlier-mentioned gateway address 195.166.130.254 so I'm guessing that's expected?

Otherwise, what could be causing clients connected to my OPNSense router to not be able to connect to the internet?

Hi all,
I've created a WAN interface associated with a PPoE device that's connecting to an FTTC service that's provided by a modem and connected to my N100-based mini-pc installed with OPNSense in a Proxmox VM to replace my Asus router, but it doesn't work despite the status showing as green in the interfaces overview page, as I'm unable to browse the web via the LAN.  I know the WAN is connecting okay because successful authentication is confirmed in the logs, but the IP address shown isn't the correct static IP address that should be assigned by my ISP. What setting for getting the IP address should I get specifying in the WAN interface itself?

My Asus router uses the following WAN settings to successfully connect:
Connection type: PPoE
Enable NAT: Yes
NAT type: Symmetric
Get the WAN IP automatically: Yes

There is no VLAN requirement from my ISP to connect.