Messages

Hello,
in addition to this, why nat reflection from internal lan to wan ip (public ip) behind double nat is now working correctly (very slow/not loading)?

mainly in different ports redirected (ex. port 5001 wan (behind double nat) to port 5000 internal )

is there something else to check?

Hello all,

I recently setup a dhcp wan connection behind NAT. The strange problem is with dynamic dns.
The dyndns gets the internal ip 172.x.x.x and not the real wan ip. It is strange that i have also a 3g wwan connection in the same setup that also gets a private range ip 10.x.x.x but if i choose this interface for the dyndns it correctly picks the public wan ip. The problem is with the wan.

When i run curl -4 url (and any ip site like checkip ecc). It shows the correct wan ip.
Why the opnsense client only for this interface shows the internal ip?
What can be the cause of that?

Thank you

Hello to everyone one.
I would like to know if someone can help, since i have a multi wan setup, on ow to better use and what the purpose of packet size in the gateway monitoring system instead of leaving default.
What can change depending on the packet size?

Thank you in advance.

*Update*

One thing regarding my packet loss problem, what i noticed in my configuration (i use multiwan setup),
is that the packet loss on my pppoe interface occurs only when i give priority to the pppoe gateway as default gateway. (All 3 gateways are chosen as upstream ones)

If i give for example priority 253 to pppoe gateway and 254 to the wan2 and 3gwwan gateways, i have the packet loss, if i leave all at the same priority no packet loss to my pppoe wan connection (the faster one) occurs.

The problems is that leaving all at the same priority, the opnsense default gateway is chosen randomly and sometimes the 3g wwan gateway becomes default and uses many data, that i don't want too.

Thank you.

Hello all,

could someone please explain me this new option in the interfaces configuration:

Dynamic gateway policy    
This interface does not require an intermediate system to act as a gateway
If the destination is directly reachable via an interface requiring no intermediary system to act as a gateway, you can select this option which allows dynamic gateways to be created without direct target addresses. Some tunnel types support this.

I use pppoe and 3g wan-usb ppp with dynamic ip for wan , wireguard and openvpn.
In which case should i use it, i cannot understand "intermediate system" meaning.

Thank you

Just my 2 cents.

OPNsense's PPPoE performance is notoriously bad when you have a weak CPU. Probably this could explain your woes. What hardware do you run it on?

This is alas a FreeBSD legacy and also affects Pfsense. Even if you have capable NICs in the router, when the CPU is underpowered, PPPoE will suffer. Look up PC Engines APU2 related topics here, Pfsense issue 4821 or FreeBSD bug 203856 for examples.

I'd try a Linux-based distrib on the same hardware, like a current OpenWRT to see if the problem persists.

hi thank you for the reply.

I run my opnsense in a vm in proxmox with an Inter Xeon 1220 v6 as cpu.
in the past both with pfsense or first opnsense installations i never encountered this problem. It is something happening now.

I tried to use a windows pc making a pppoe call with the cable that goes to opnsense and i had no packet loss at all.

I am trying changing mtu mru values but nothing happens, packet loss continues.

Just a thought... could it be an MTU related problem?

By the way, double NAT is not a problem. Here in Argentina I've installed a number of OPNSense boxes wid double NAT and work just fine.
The only problems I've found is that to do NAT reflection you have to create extra NAT rules, and if the ISP changes the public IP, which they usually do, could break some VoIP registers if you are using a PBX.
To open ports you just have to make a DMZ in the ISP router pointing to your OPNSense WAN IP.

hi and thank you for the reply.

i tried to lower the mtu, first 1492, then 1488 then 1480 and so on until 1430 but still had the packet loss.
the double nat creates problem to the outside clients connecting to vpn and voip server behind opnsense (since wan ip is not reachable).

I would like to avoid the isp modem doing the dmz and nating since i cannot set it to bridge mode, only way is pppoe passthrough.

*UPDATE*

i changed from pppoe to dhcp (ip from isp modem / double NAT) and internet works without packet loss.

The problem is that with this way i have double NAT and no public ip to opnsense.

Could it be a problem with the pppoe of opnsense?

Hello all,

i have a pppoe wan connection which makes the call through the providers vdsl modem.
The modem has it's own wan connection with ppoe passhthrough enabled so opnsense can make it's own pppoe connection.

The problem is that the pppoe connection on opnsense has packet loss 3-18% (which i see on the gateway monitor too) instead if i connect a pc to another lan port of the modem (through the modems pppoe connection) there is no packet loss.

I changed modem, i resetted it i changed ports, decreased MTU nothing.
Packet loss on opnsense pppoe connection persists.

The setup of the main wan connection through pppoe has remained the same for many months, this has starded lately with the last versions.

If someone with pppoe passthrough can test pppoe through passthrough, and tell me the results please i would be grateful.

Thank you.

[Reporting -> Health]

Hello Pfirepfox,

I spent the last few days setting up 4G on my OpnSense machine. There is built-in signal strength metering available (at least with my Huawei E3372h USB 4G modem). Signal strength in the real world is measured using RSSI. If you go to Reporting -> Health there should be a tab called Cellular which shows a graph of the RSSI.

RSSI shown is using the scale that is retrieved using AT commands to the modem. These are not the absolute RSSI numbers. For an overview of RSSI values see https://m2msupport.net/m2msupport/atcsq-signal-quality/

Hope this helps.

Hi,

Can you tell me which at command setport mode you have the 3372h set on? Also in the status page and interfaces overview what you see as mode? Cause i have many crash problems with the same usb stick.
Than you

Hello all,

i have resolved temporaly the problem by disabling the gateway monitor at the wireguard and the 3g ppp gateway.

With gateway monitoring enabled to wireguard and/or 3g usb gateway, when i try to reboot or shutdown the firewall crashes.

If i disable monitoring on both gateways then i can reboot snd shutdown normaly.

If someone with similar setup can verify please so we can open a bug case.

Thank you.

Hello, i have a 20.1.3 setup, with multiwan (pppoe,3g ppp and dhcp). I have setup a mullvad wireguard vpn, with interface setup, disabled auto routing and created a gateway (1.9.9.1) setup as wireguard gateway on the Local wireguard settings. Everything including the wireguard vpn is working okay.

The problem is when i try to reboot or shutdown the machine. It hangs without responding on console or it crashes and then reboots.

I don't know what to look. What i have noticed, is that after the crash the 3g does not connect (the usb stick is blocked on the old connection so i have to reset or unplug it). If i reboot it while the 3g connection is not working, it does not crash.

The thing is that before installing the wireguard vpn, with the 3g connection there were no problems rebooting.

The problem only exists when both the 3g ppp connection and wireguard vpn are working.

I would like some help how to resolve this issue.

I have submited the crashes with the button so i don't know if that helps.
Thank you.

For Road Warrior setup, you have to assign the wireguard interface (Interfaces ‣ Assignment ) and create rules inside there. (Better after assignment to reboot so the NAT outbound rules get updated with the new interface)

Also since behind NAT at the client add the option "persistent-keepalive=25".

If you want to redirect all the traffic from the client through wireguard, you will have to change at the client configuration: "AllowedIPs = 0.0.0.0"

Hello all,

recently i had posted twice at the forum regarding connectivity problems i had.

https://forum.opnsense.org/index.php?topic=16081.0
https://forum.opnsense.org/index.php?topic=16075.0

After testing and searching, i found a strange behavior in my multiwan setup, and would like to know if it's normal or in someway it can be resolved.

At the beggining i thoung it was a DNS (unbound problem), after i saw that very often the ntpd and unbound service restarted related to the wan2 dhcp continuously trying to reload the connection (maybe providers problem).

Also since my connections have dynamic ips, and i use voip, the firewall option to kill stated when ip changes is enabled, and is the reason why i had the connectivity problems.

What i found out is, that even in a Failover setup, while the main connection (wan1) is active, if the wan2 connection, (which is set up as "UPSTREAM" in order to become default gateway in case wan1 fails) , for some reason restarts, then it triggers the option to kill the states (like if the dynamic ip changed) althouhg the default gateway from WAN1 is still active, so i remain without internet for a while, until the default gateway reloads.

If i disable the "upstream" option in the WAN2 gateway, then even if it reloads/restarts, it does not kill the states (from the firewall option).

If in some way i can provide more info so we can look at this problematic please let me know.

Best regards.

Hello,

i have a wan dhcp connection and since i use voip providers i have the option Dynamic state reset    "Reset all states when a dynamic IP address changes" enabled.

Now i have A LOT of disconnections from this options and in the logs i found this:


2020-02-29T18:50:23   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:50:22   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:42:53   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:42:52   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:35:23   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:35:22   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:27:53   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:27:52   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:20:23   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:20:22   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:12:53   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:12:52   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:05:23   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.

Is this normal? why is it running so often? can i do something with an option?

thank you in advance