OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • NAT issue
« previous next »
  • Print
Pages: [1]

Author Topic: NAT issue  (Read 1516 times)

bigops

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 2
    • View Profile
NAT issue
« on: January 27, 2023, 11:54:01 pm »
I had posted this in the 22 forum earlier.  https://forum.opnsense.org/index.php?topic=31961.msg154477#msg154477

The issue with outbound NAT seems to still persist in the 23 version also.  The issue is that if there is a gateway group with dual WAN interfaces in it and for operational reason a specific outbound traffic is redirected to a gateway with a lower priority (other than the gateway group) sometimes the outbound traffic seems to land up on the wrong gateway.  Rebooting the appliance does not seem to solve the issue, but manually clearing the state table again puts the traffic onto the correct gateway. 

This used to work fine in all earlier versions so seems to be some kind of bug introduced recently.

Skip rules when gateway is down is checked to prevent gateway rewrite on failure.

Logged

sorano

  • Full Member
  • ***
  • Posts: 153
  • Karma: 21
    • View Profile
Re: NAT issue
« Reply #1 on: January 28, 2023, 11:28:45 pm »
Yeah I'm seeing the same behaviour.

Had a failover occur and traffic did not not switch back to primary gateway even though it was up.
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover

--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left

bigops

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 2
    • View Profile
Re: NAT issue
« Reply #2 on: February 07, 2023, 04:25:29 pm »
Has this been observed by anyone?  The issue is becoming more frequent and I have to reset the table every couple of days for this to keep working.  Is this a bug introduced in OpnSense / FreeBSD?
Logged

voideris

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: NAT issue
« Reply #3 on: February 07, 2023, 09:44:02 pm »
I am really not sure if this issue is affecting me but symptoms do look like it can.

I have WAN1 and WAN2, with multiwan failover and vpn network that should be routed only through WAN1.
What I observed was really flaky VPN behaviour after update to 23.1. I tried to diagnose it but I have not really change anything from last 22.7 version and it was rock solid before the update (Wireguard).

I assume the problem flow would be something like that:
  • Failover  from WAN1 to WAN2.
  • Some time when routing is still working.
  • WAN2 fails.
  • Routing is stuck with WAN2 (conjecture).
  • I notice problems with VPN connections
  • Gateway monitoring shows the same status for VPN gateway and WAN2 (packetloss/red/dead).
  • Restaring VPN does not help, sometimes changing wg peer helps but flakes out really quickly.
  • I need to reboot opnsense box.

From what I remember, when I configured VPN it should really only use WAN1 connection and in case of failover to WAN2 just die. I am not sure it ever worked that way but before current version (23.1) I have never had such issues.

This behaviour is persisting since my update to 23.1, so since few days after it went up for download. I did not do clean install, I updated through web interface.

So I am stuck rebooting the router every few days.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • NAT issue
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2