Some Problems moving from 23.7 to 24.1 (DNS, OpenVPN, Firmware Upgrade, NAT)

Started by tb_one, March 26, 2024, 09:32:55 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 26, 2024, 09:32:55 AM Last Edit: March 26, 2024, 01:03:04 PM by tb_one
Hello there,

we're using opnsense as our main company router to the internet and VPN access for our employees.

last saturday we have upgraded from 23.7 to 24.1

after the upgrade internal dns server, openvpn and the firmware upgrade stopped working.
firmware upgrade itself ran without problems straight to 24.1.
Current installed version:
OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13

selected mirror: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1

I got openvpn to work by adding a floating rule for the 1197 Port incoming. as soon i add that rule to a specific interface it stops working with that error in the OpenVPN Logfile:
   Connection Attempt write UDPv4: Permission denied (fd=8,code=13)

It doesn't make any sense.

DNS i fixed it with a workaround: DNS Lookup does only work via LAN Interface, not for WAN Interfaces. We do have two corporate DNS servers on our active directory domain controllers. The router itsels should use 8.8.8.8 and 1.1.1.1 for quest wifi but it does not work, so i added these external resolvers directly in the dhcp config.
OPNsense cannot use external resolvers somehow. even if i add firewall rules to explicit allow dns.

after resolving the dns issue, firmware is not fixed, i got a new error when trying to check for updates:
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/24.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/meta.txz: Permission denied
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.pkg: Permission denied
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.txz: Permission denied

i don't know why this is happening. looks like the internals of the router can not communicate with the outer world. only with things on LAN Interfaces. But rules are there. Communication from the router itself is permitted.

does anyone ran in to the same problems and could find a working solution (and not just a workaround)?

kind regards and thanks in advance.
July 26, 2024, 06:43:23 PM #1
i think i ran into the same problem - my two gateways show up as offline - but connection from clients works without any problems, my router itself isnt able to pull any firmeware updates getting the same errors as u and dns lookups wont work either, intressting but maybe unrelated: only one vpn is working that other is running on the different isp and arent able to connect

did u slove ur problem? and how?
Print
Go Up Pages1
User actions