Topics

Any idea why this wouldnt be working?

__timestamp__   2025-11-24T10:28:48-08:00
ack   1184052709
action    [block]
dst   X.X.X.X

label   Default deny / state violation rule

reason   match

Pass
 Interface   
LAN
 Direction   
in
 TCP/IP Version   
IPv4
 Protocol   
TCP
 Source / Invert    Use this option to invert the sense of the match.
 Source   
Single host or Network
192.168.2.214/32

Source   
Destination / Invert    Use this option to invert the sense of the match.
 Destination   
Any

 Destination port range   
from:
 Destination port range   
from:   to:

any

How do I troubleshoot a defunct WAN connection? It looks okay to me but is in a defunct state. The data in the gateway log looks the same as the ones that are not defunct.

Wireless3 Wireless3 IPv4 defunct 9.9.9.9 43.3 ms 8.0 ms 0.0 %

I have a hyper-v vm running opnsense that has been working for years. I rebooted it the other day and notice its stuck on Configuring WAN12 interface. It never gets past this spot. So I removed a nic, let it reset the defaults and added a new nic. Configured everything, rebooted and I get the same thing. How do i get to the bottom as to why this is getting stuck?

I am having trouble with a single device for internet access.

I have 4 devices set up in my Gateway group.

When 1 of the 4 is set as the Tier 1 device, I am able to ping out through the device and the firewall shows that is allowing http(s) requests, but I am unable to browse and get a Hmmmm....cant reach the page error. Browsing works fine if I connect via wireless to this same device.

Any thoughts as nothing seems obvious and I dont know where else to look in logs that would help?

I have several vlans on my network. I am trying to get traffic to traverse from the LAN to a network I have labeled Server. The firewall logs show that the traffic makes it through yet it is not making it through as I cannot reach the resources. I have a rule in the firewall set up to allow all traffic from Lan to Server. I do not have this same problem with a different vlan called Kids. It has the same rule and is able to traverse.

What am I missing?

Is there a way to get the DHCP server to stop handing out my local DNS Suffix. I do not have it set so I assume its inherited but there is an application that I cannot use on my network because it's appending the local DNS Suffix.

When I have gateway monitoring on, i get random alerts that an interface is down. However, it is not actually down (from what I can tell). What can I investigate to get to the bottom of this?

We have 3 Xboxes on a dedicated vlan and setup upnp. After setup, everything was rebooted. It was not working and I gave up on the setup. Then after months, I received an alert that one of the devices setup a upnp port. That was last night. Any pointers here as I'm unsure what to do next?

I have several VLANs that are set to deny unknown clients but I am able to connect with clients that are supposed to be available on other VLANs only. Running 21.7.7. Known issue?

Looks like this is by design.

As I am viewing the firewall logs, almost all of the traffic shows that it originates from the WAN interface as opposed to the actual internal interface that it originates from. I think this is causing me other problems (multi-wan doesnt work, cant use UPNP, etc). Did I do something funky that would have caused this? None of my firewall rules seem to be used either as they all default to the "let out anything" rule.

Thanks

Can someone point me to working instructions to load balance multiple WAN connections? My implementation seems to just randomly choose which connection to use.

Hopefully this is just a newbie error as it doesnt seem like im doing it right.

I set up CARP with my LAN connection (And each of my VLAN connections) as well as my 3 WAN connections.

Everything syncs and the status looks right.

If i remove a connection from one machine, it drops 1 ping and then transitions to the other machine and resumes pinging. The problem is that some of the VIPs are sitting on each node and services dont work so I cant actually do dns lookups for example. I have the checkbox for disable preempt off on both nodes and set up the outbound NAT rules as well. Is there something else that I am missing?

I have a new installation and am finding that DNS stops working randomly and I could use some advise on where to go to troubleshoot.

Unbound was serving up requests last night and this morning I was seeing DNS errors in a browser. So I went into diagnostics to perform a DNS lookup and it shows failed to 127.0.0.1 but the other external DNS servers (set up in the General section) resolve. A restart of Unbound resolves the issue.

These are the logs (I didnt cut anything out) from the point they last wrote until when I kicked off the restart

2021-12-09T06:21:22   unbound[87125]   [87125:0] info: service stopped (unbound 1.13.2).   
2021-12-08T21:39:19   unbound[87125]   [87125:0] info: generate keytag query _ta-4f66. NULL IN   
2021-12-08T14:39:41   unbound[87125]   [87125:1] info: generate keytag query _ta-4f66. NULL IN   
2021-12-08T14:39:41   unbound[87125]   [87125:0] info: generate keytag query _ta-4f66. NULL IN   
2021-12-08T14:39:41   unbound[87125]   [87125:0] info: start of service (unbound 1.13.2).

While I want to get to the root of the issue and could use pointers to further troubleshoot as I'm stuck, I could also use some pointers on how to detect and automatically remediate in the short term.

Thank you.

I am trying to manage our multiple WAN connections by ordering them in a Gateway group (ordered by Tier). I have a rule set as the first in my firewall (testing of course) to allow anything using that group for its gateway but the selected connection is tier 2 (instead of Tier 1). I opened the Firewall Live logs and filtered by source address of the device and I see no traffic.

What am I doing wrong?

Solved

Deleted the existing rules and recreated and is now working.

I have a new installation and DHCP works fine on the LAN interface.

I created a new vlan, assigned it, enabled the interface, assigned an IP, set up a dhcp scope and enabled it. Created a temporary allow all rule in the firewall to test. When I move a device to the new vlan, the DHCP request (in the log) tries to be served by the LAN address.

So I assigned a static address and tried to ping the gateway and cant ping. Where do I look to troubleshoot?

For context, this is a hyper-v vm and I have another firewall as a vm (from another vendor) that I am migrating from with the same settings on the same switch and the same hyper v settings and it works over there, so I can say the switch and the hyperv network are not the issue.

Thank you