Sudden loss of access to some sites, Loss of Wlan, reboot fixes it.

[Aurel81]

Hello, i am working on my homelab and switched from Fritzbox as router to Fritzbox bridged + baremetal Opnsense + another Fritzbox for WLAN/Mesh

So far so good, at the moment NAT is working, WireGuard as well.

Now it happened 3 times, that i something strange happened.

What is happening: some internetsites (i.e. this forum), arent reachable anymore (my bad, that i didnt remember the error, but next time i will serve it to you ;-) but some are accessible, and the WLAN stops working

1st time during trying to get NAT working => restored the last backup as i thought i made a mistake XD
2nd during gaming => opnsense reboot
3rd was cooking in the kitchen and suddenly my TV lost the connection (thats the moment i realised, that it happened again) => opnsense reboot

meaning i cant relate this occasion to actions of mine, but - as a reboot of the opnsense helps - i am assuming there is something wrong ;-)

Tried to lookup in the plain firewall logs, but as i dont know the exact time, and there are so many entries and i have no clue what i am looking for, it wont help me at the moment

Any idea what i am looking for that you may be able to help me in future ?

[Aurel81]

just came home, same ...
- web.de : not available, typing error ? DNS_PROBE_FINISCHED_DOMAIN
- opensense forum: timeout ERR_CONNECTION_TIMED_OUT
- twitch.tv : DNS_PROBE_STARTED
- wlan gone

facebook, tuta.io, youtube, google kalender, di.fm, myminifactory were fine

rebooted proxmox, and everything is smooth again...

[cookiemonster]

Not enough to go on. For instance you failed to mention proxmox at the start. That is a big omission.
First describe all your infrastructure and setup, then we can start looking at what could be something worth checking.
p.s. DNS is looking a bit strange but who is to know what you have ie. unbound enabled or not, what are your OPN settings for DNS, firewall rules for your LAN clients, and how are they going to it (or not) based on your virtualised setup.
Can't guess it.

[Aurel81]

ok, thank you for your attention, lets see, if i will get your question answered.

Proxmox ? as i said, baremetal Opnsense. No virtualizing atm. Thinking about switching later on, but first i like to get it running.


In the meanwhile, i made clean install of opnsense, thought i messed something up while configuring NAT/WG, but now this is a permanent problem. Some sites arent reachable and when i connect to my wlan, there is no internet at all (but i can access the 2nd Fritzbox via LAN, and it shows me, that there is a internet connection)


Infrastructure ? hm

WAN (Dualstack, static IPv4+IPv6 prefix) ->
FB 6660 in bridgemode ->
Opnsense (WAN = LAN1, LAN = LAN2 192.168.0.1/24, DHCP) ->
unmanaged switch and the rest of the LAN (including another Fritzbox connected to the mesh devices).

i could provide it graphically if you prefer.

System -> General -> DNS 8.8.8.8, 8.8.4.4, no gateways selected (tried it without and selecting gateways as well)
Allow DNS server list to be overridden by DHCP/PPP on WAN checked, nothing excluded (i tried it unchecked as well)

Unbound enabled, Networkinterfaces tried "LAN, WAN" or "LAN" only
Unbound advanced, i just enabled logging querries and replies to get some information

Firewall:
NAT Protforwarding: -> Anti-Lockout Rule
NAT Outbound -> automatic rules (LAN Networks, Loopback networks)
Rules: LAN -> Default allow LAN to any rule (IPv4+6)



And thats what is logged when i try to open forum.opensense.org

2024-10-07T02:40:15   Informational   unbound   [15247:2] info: 192.168.0.18 forum.opnsense.org. A IN SERVFAIL 0.000000 1 36   
2024-10-07T02:40:15   Informational   unbound   [15247:2] info: 192.168.0.18 forum.opnsense.org. A IN   
2024-10-07T02:40:15   Informational   unbound   [15247:3] info: 192.168.0.18 forum.opnsense.org. AAAA IN SERVFAIL 0.000000 1 36   
2024-10-07T02:40:15   Informational   unbound   [15247:1] info: 192.168.0.18 forum.opnsense.org. HTTPS IN SERVFAIL 0.000000 1 36   
2024-10-07T02:40:15   Informational   unbound   [15247:3] info: 192.168.0.18 forum.opnsense.org. AAAA IN   
2024-10-07T02:40:15   Informational   unbound   [15247:1] info: 192.168.0.18 forum.opnsense.org. HTTPS IN

[Aurel81]

my FritzBox lost the ability to use IPv4 ... although its connected... that sucks, its not a problem of opnsense ...