OSPF won't form a relationship from the OPNsense on 25.1

[Deathmage85]

Hello all,

Introduction: I've been in IT for 15 years, but doing tinkering with networking since I was 8 years old in the 1990's. I'm a MCSE x4, CCNA, CCNP, VCAP5-DCA, VCP5-DCV/NV, VCP6-DCV/NV, VCP7-DCV, CompTIA: A+, N+, Sec+, Stor+, Linux+, CySA+, CASP+; AZ-103/104, AZ-305, AZ-500, AZ-700, MS-203, MS-100/101, MS-500, SC-200, SC-300, SC-400, SC-100, CISSP, CISM. I have an extensive 42U server rack for all my hobbies and toys. I admit to being a life learner that knows nothing and even with all that I know, I know that I still know nothing. I will happily admit to not knowing something. I'm hoping one of you can find an error in my configs that I'm missing for this problem. Thank you again for helping me. ^_^

The problem has been resolved.

[Deathmage85]

problem resolved.

[Deathmage85]

problem resolved.

[Deathmage85]

problem resolved.

[My_Network]

Good Evening Deathmage85,

Please try removing what is configured in your network tab since the firewall is not actualy the gateway for any of your networks. Only have OSFP configured with the interface section, witch is what OFPS uses to form relationships (Interfaces, routers, next hops). Also, have a go at it with "type" configured to "none", since it's not a point-to-point network. You should also not configure your VLANs in your firewall since their gateways are in your LAYER 3 switch. The only interface that should be present in your OSPF configuration is your LAN interface aka the "NEXT HOP". In your gateway's, did you check the box "far gateway" witch tells opnsense that the network is external to it's lan interface? Regarding NAT, your internal router should not do the actual natting turn that off. That fonction should be configured in the outbound nat section, using the wan interface with the sources beeing your internal RFC's natted to your wan ip inteface.

Nick

[Deathmage85]

@My_Network - interesting, I didn't think of this way with these things you pointed out.

problem resolved.

[Deathmage85]

@My_network - thank you for your help.

[My_Network]

Hi Deathmage85,

Glad I was able to help. For forcing trafic to go were you want and not letting the routing fool you. I would advice using the Policy base routing fonction. You shoud see a option called "Gateway" in your firewall rules. Im currious to why you are redirecting back your DNS trafic in your LAN? Why not just tell your dhcp server to assign the correct DNS server to it's clients and permit only recurtions of those DNS request in your firewall rules to your wan. Another way of doing what you want, would be to redirecting to unbound.  It's built in Opnsense in the Service section. Basicaly, your clients would use your FIREWALL lan ip has their dns server and Opnsense would catch that and rebind them on the port of your choise. I would advise against using HTTPS and go the DOT way (TCP 853). Makes it transparent and it dosent get mixed up in the "real" https trafic.

Nick

[Deathmage85]

problem resolved.

[Deathmage85]

problem resolved.

[Deathmage85]

problem resolved.

[Deathmage85]

@My_Network - thank you for your help. Finally got the OPNsense fully configured, all in all took me about 3 weeks in the evenings till about 3 am to finally figure it out.

@Moderators - please feel free to delete this entire posting.