UK EE Broadband <seems borked> - PPPoE <Zyzel Modem>--<> Opnsense

[dan_mnkeh]

Hi all
[this is a home install ]

I recently received a miniPC with OpnSense pre installed to replace my EE Broadband Fiber router with - firstly i did an update to the latest version.

I am new to OPNSense, but have used Linux/*nix/BSD for a long while and previously used pfSense at another company..

I've  configured a Zyxel Router (connected to the vdsl Port on the wall socker) that supports vdsl where the interface is in bridged mode, so that it can be used as a modem to allow opnsense to use PPPoE over eth1 (igc0) and eth2 (igc1) is being used for local lan.

I tested the authentication creds on the Zyxel router using factory defaults in 'routing' mode to check the creds were good before switching the vdsl port to bridged mde

My ISP (EE BB) is configured on pppoe using the credentials user/pass from the provider, I see the auth chat in /var/log/ppps/active.log, i get a valid ISP IP Address

Also configured DHCP on the lan to use the DNS IP's provided by the isp when the PPPoE chat auth happens.

my laptop is configured to use dhcp on the lan port, I created some blanket allow in/out rules from lan <>wan etc in the OpnSense firewalls UI,

i have two issues.

1. no dns resolution is happening - even tthough the opnsense box is configured as dns resolver on lan, also no lan traffic is able to resolve.

15-mbp:~ dan$ ping www.google.com
ping: cannot resolve www.google.com: Unknown host

2. no traffic appears to be sent out/back, even though i've got the automatic NAT rule from Lan <> Wan in place

does anyone have any idea what ive done wrongly  and why this isn't working "as per a regular ISP/VDSL router" ?

Yesterday PM, i configured OpnSense lan as 192.168.10.254, plugged laptop in to the lan port with dhcp, got an IP, then used the 3rd port as "tempLan" as a DHCP client, connected the opnsense box into my 'regular' home lan with the EE broadband router to get internet access, I was able to get internet traffic, so I know that the routing from the "192.168.10.0/24" net is being forwarded out eth3 -> EE Router lan (192.168.1.0/24) and out t'internet.

If my ISP issues me an RFC 1918 gateway IP, shouldn't i be disabling the Block incoming RFC1918 option in the Wan/PPPoE interface? i disabled this but it made no difference

I can't figure out whats happening - other than, the traffic from my lan isn't being sent to wan/PPPoE ..


Any help  /advice is gratefully appreciated.

Regards
Daniel.

[dan_mnkeh]

Anyone got any clues about this - if possible?

[cookiemonster]

Is it agreeable to reset to factory and reset from scratch? The suggestion is because then the OPN initial routines checks for what appears to be the WAN and the LAN interfaces and configures them accordingly, including the appropriate firewall rules on each interface to sane defaults i.e. block private incoming into WAN, allow all out of LAN, etc.
It would be almost impossible to pinpoint what is "wrong" with the preinstallation that came with it.
If you're determined to keep troubleshooting, I'd set logging on all firewall rules temporarily and packet capture. Fun for sure but a rabbit hole