Messages

I have 2 wireguard site-to-site tunnels.  Both tunnels have the most current release of opnsense on both ends.  They share my home instance in common.  Meaning instance one is Home—>Location 1 and the other instance is Home -> Location 2.   They are identical in configuration, except of course the keys and tunnel addresses.

The first functions exactly as I would expect: all clients can access the resources through the tunnel and the fw itself can also access the tunnel.  For example, a ping from one opnsense machine to the other would work.

The second is functioning different.  All clients on either end of the tunnel can communicate, including to Opnsense webgui(s).  However, direct communication from either opnsense instance doesn't work across the tunnel.  The opnsense machines cannot communicate across the tunnel. So, for example, I can't utilize git-backup, I can't ping from one fw to any resource across the tunnel.  It seems to only be communications from the firewall machines that are impacted.  All clients on either end of the tunnel can connect fine.

I'm presuming that I somehow missed a firewall rule someplace, but right now everything looks to be identical, and I am not even sure where to start looking for an answer.

This is pretty fringe, and there are probably 100000 things that could cause this, so I know it's a bit of a long shot.  Any one have any ideas?


EDIT: subnets and paying attention matter my friends.  10.10.0.1/32 vs 10.10.0.2/32 in the end points caused my issue.   :-[

I figured I should close a loop on this.  It appears to have been a faulty battery on the RAID card.  Because of the faulty battery, the card defaulted to Write Through mode, resulting in significant (sometimes 30-50%) IO Delay.  Apparently, if this got too bad, the the OpnSense VM wouldn't entirely crash, but the LAN would disconnect and not come back on.  Since this really wasn't an issue with OpnSense, it didn't log anything.

I don't even know where to begin, so hopefully someone can help me there. 

Somewhat frequently (at least every 48 hours), I completely lose LAN.  All devices connected to opnsense are inaccessible and cannot connect to internet.  However, from an external network, I am able to connect via OpenVPN.  Doing this and rebooting resolves the problem.

There are no entries under any log that I can find in the webgui, including System->Log Files-> General, Configd,Webgui. 

A few notes, that may or may not be relevant:  this installation is on a VM on a Dell R710.  I was receiving some disk read errors on the host, which I attributed to a slow drive that ProxMox was installed on.  I replaced this with a more appropriate drive.  The read errors went away, but this issue has persisted. 

Where can start to diagnose this issue?