New Install can't connect to internet

[headbanger]

I created a new install.  Only changes - changed ip of LAN to 192.168.140.1.  Put DHCP on LAN with range 192.168.140.100 - 199.  Removed blocks on WAN interface for private networks and bogon networks.  I did this because I am connecting through my existing router which has an ip of 192.168.1.1 because I don't want to disrupt anything until I get this up.  Can't connect, can't ping 8.8.8.8.  Tried running under live using install USB.  Again changed LAN to 192.168.140.1 and removed blocks on WAN.  This time I didn't setup DHCP, gave my computer a static ip of 192.168.140.99.  Still, no joy.  When I go to the dashboard everything looks good.  Added interfaces widget.  It shows LAN as 192.168.140.1/24 and WAN 192.168.1.6/24  WAN DHCP is 192.168.1.1. When I look at firewall logs I see igmp blocks, udp blocks to 192.168.1.255 with a comment defaul deny /state violation rule but most everything seems to be passing.  I see NTP passing for example.

[EricPerl]

Where did you insert the OPNsense router in your existing network?

Everything on the LAN side of OPNsense should get new IP addresses via DHCP in the 140.xx subnet.
If the blocks to 1.255 are on the LAN interface, check the source. If the source still shows a 1.xx address, unplug and replug its network cable.
The machine used for management is connected on the LAN side, right? with a 140.xx address, right?
Does the OPNsense box have internet? e.g. check for updates or Interface diagnostics.

[headbanger]

The box has no internet.  Attempting to do an update failed - no address record found for the mirror.  I connected the wan port directly to the isp modem.  DHCP with isp worked, got ip of 35....  Could I have a hardware issue?  Should I try changing interfaces, I have 5 ethernet ports on the box.  I do see errors on other logs, everything is passing on firewall logs.

[mooh]

What do you mean with "WAN DHCP is 192.168.1.1"? Is this your default route? Do you have one?

[headbanger]

In my initial post I noted that I connected tje firewall to my existing router so as not to disrupt my current network during setup.  The existing router uses the range 192.168,1,1/24.  That is why I changed the LAN interface address to 198.168.140.1 so as not to interfere.  So initially the WAN was assinged an address of that router which was 192.168.1.xxx.  In my second post I attached it directly to ny isp modem so I got a WAN address of 35.xxx.xxx.xxx, don't remember the exact address.  Anyway, no joy there either.

[stapel]

I created a new install.  Only changes - changed ip of LAN to 192.168.140.1.  Put DHCP on LAN with range 192.168.140.100 - 199.  Removed blocks on WAN interface for private networks and bogon networks.  I did this because I am connecting through my existing router which has an ip of 192.168.1.1 because I don't want to disrupt anything until I get this up.  Can't connect, can't ping 8.8.8.8.  Tried running under live using install USB.  Again changed LAN to 192.168.140.1 and removed blocks on WAN.  This time I didn't setup DHCP, gave my computer a static ip of 192.168.140.99.  Still, no joy.  When I go to the dashboard everything looks good.  Added interfaces widget.  It shows LAN as 192.168.140.1/24 and WAN 192.168.1.6/24  WAN DHCP is 192.168.1.1. When I look at firewall logs I see igmp blocks, udp blocks to 192.168.1.255 with a comment defaul deny /state violation rule but most everything seems to be passing.  I see NTP passing for example.

1. What is your routers default route? System>Routes>Status?
2. What is your outbound nat setup? Is it still set to auto? Firewall>NAT>Outbound.
3. Can you ping your lan default gateway: 192.168.140.1?
4. Can you ping your new routers gateway? 192.168.1.1?
5. If so, can you ping your original router's gateway? 35. whatever?

You should be able to determine where the problem is coming from if you logically test from the inside out. Start at the lan, can your device get to it's gateway? Then go to the next hop, then the next, etc. If you can get to your local gateway, but not to the next gateway, then I would look at your NAT setup, because traffic is not being translated properly at your new router.

[EricPerl]

You might want to stick with one setup until you get it working.

Trying out with OPNsense connected to your existing LAN should work. You'll get double NAT to the internet but that's not different from using multiple wireless routers on your network (for isolation).
In that configuration, you need to connect your management PC on the LAN side of OPNsense, which should get an IP in the OPNsense range (140). The OPNsense WAN IP finishing in 1.6/24 seems fine. Gateway should be your old router LAN IP (apparently finishing in 1.1).
From there, per @stapel, check config and connectivity from OPNsense's point of view (interfaces -> diagnostics).
If you're at least there, your management PC clearly has OPNsense connectivity.

The blocks you see on the 192.168.1.0/24 side are not of concern if they are on the WAN interface and sourced from your existing network. That's because by default, all incoming on the WAN side is blocked.

HTH

[headbanger]

Routs show as follows:
Proto   Destination       Gateway       Flags    Use    MTU    Netif    Betif (name)
ipv4     default              182.168.1.1  UGS     NaN   1500   igc0     wan
ipv4     127.0.0.1          liink#7          UH        NaN   16384 lo0      Loopback
ipv4     192,168.1.0/24 link#1           U          NaN   1500   igc0     wan
ipv4     192.168.1.62    link#7           UHS     NaN    16384 lo0      Loopback
ipv4     192.168.2.0/24 link#3           U          NaN    1500   igx2    opt1
ipv4     192.168.2.1      link#7           UHS     NaN     16384 lo0     Loopback
ipv4     192.168.140.0/24 link#2       U          NaN     1500   igc1   lan
ipv4     192.168.140.1  link#7           UHS     NaN     16384 lo0     Loopback
ipv6     ::1                     link#7           UHS     NaN     16384 lo)     Loopback

I can ping 192.168.140.1
I cannot ping 192.168.1.1 - times out

I am once again connected to the original router so the network can stay active until I set opnsense up.  The router's ip is 192.168.1.1.  I did uncheck the block on the wan interface for private ip's

Firewall logs live view shows everything passing

Under System->Log Files->Audit I see Error configd.py  action rfc2136.reload.lan not found for user root
Under System->Log Files->Backend I see Error Script action failed with command /usr/local/opnsense/scripts/firmware/query.sh remote returned non-zero exit status 1....

Don't know if these errors are significant.  If you need the full text please let me know.

Looking at NAT rules under port forward I have the abti-lockout rule.  Under one-to-one I have nothing.  Under Outbound
I have two autocreated rules.  Thee first one has source networks of LAN networks, Loopback networks, OPT1 networks, 127.0.0.0/8, destination port 500, NAT Address WAN, static port yes.  The second has the same source networks, no port and Static port No.

Clearly since the ping to 192.168.1.1 failed I cannot get to the upstream router's gateway.  As to fitewall rules under the LAN interface my first two rules are the auto generated rules that allow all ports and Ip's on ipv4 and ipv6

[loganm]

Have you tried following: https://forum.opnsense.org/index.php?topic=37352.0

[headbanger]

I made some small amount of progress.  But still no joy.  I reset to factory defaults, then made only the following changes:

interfaces->wan-> unchecked block private networks and block bogon networks
interfaces->lan->changed static ip to 192.168.77.1
services->ISC DHCPv4->changed range to 192.168.77.100-192.168.77.199

Rebooted.

I can now ping 192.168.1.1 successfully
I can check for updates successfully
I can ping 8.8.8.8

I can't go to any website from firefox/
I am thinking some king of DNS issue.  Still ivestigating. 

My plan is to wait until this evening when everyone is off the network and then try directly connectiong to the isp modem again.

[EricPerl]

...
I can now ping 192.168.1.1 successfully
I can check for updates successfully
I can ping 8.8.8.8

I can't go to any website from firefox/
I am thinking some king of DNS issue.  Still ivestigating. 
...

Per the other thread mentioned by loganm, this should just work out of the box as long as you disabled bogons (you did) and chose a LAN IP range that does not conflict with your existing network's range (you did that too).
It's somewhat better than the previous attempt, although it's not clear what you did differently.

I assume the WAN interface is getting its settings via DHCP.
It would be nice if you indicated where you ran these tests from.
Using Interfaces->Diagnostics? If not, test DNS from there (any domain using internal DNS, then 192.168.1.1 -router's DNS-, then 1.1.1.1 or other external DNS), etc
From a machine connected to the LAN side of OPNsense? In which case, adding network details would help (IP, gateway, DNS...).

[someone]

Did you check shasum of installation media
I downloaded from another site and could not get online
Downloaded from opnsense
unchecked bogons in wizard
changed lan ip
thats all
It rebooted after the wizard and I was onlin
Didnt change firewall, before needed to open 443 and 53
Didnt change names or anything till after update and rules downloaded
Download firmware status kept saying cant confirm certificate, bad certificate
On the bad softwarw
Just an idea

[headbanger]

OK, found the DNS issue, it was on my computer, not opnsense.  The factory reset solved the problem.  The first time I installed I changed the LAN ip during the install.  That is the only thing I can think of that may have broken it.