My opnsense box will not use the default route

[tre4bax]

Sorry if I keep asking this.  As yet I've not had a reply that has helped.

I have to define a route for any server on the internet if I want to access it from the opnsense box itself.  This includes

    The opnsense update server
    The let's Encrypt servers
    The Cloudflare servers.

Why does the box itself not just follow the default route?  desk top Clients using opnsense to get to the internet can see the addresses and access them.   the opnsense box just cannot.


It feels like there is a setup issue which I am not understanding.  can somebody please help me?

[mimugmail]

DNS Resolution locally works?

[tre4bax]

Yes DNS resolution works locally, but only if I have a route to the DNS servers defined.  This happens automatically when setting a gateway to the DNS server entry in settings.

using Opnsense box:
Essentially if I ping a server it resolves to an IP but all packets are dropped

using my computer (which is connected to the internet via the Opnsense box):
When I ping a server it resolves to an IP address and 100% of packets are returned perfectly.

[mimugmail]

Really dropped? Do you see dropped packets in the log?
Do you use policy based routing via gateway groups?

Can you post your routing table (netstat -nr)?

[tre4bax]

For more info my system is fairly basic networking wise.

I have a Huawei HG612 connected to broadband and to the WAN port of the opnsense router.
I have a Network switch connected to the LAN port on the opnsense router to which every thing else connects.

The WAN gateway of my opnsense router is using PPPoE with the broadband passwords and settings setup.

When I first configured this nothing routed at all and there was no default route defined automatically(some of my other posts will have the details in).  After a while (with help from here) I found if I added the IP address for the WAN side of the gateway to the Gateway router field then devices connected to the LAN work.  This does not seem to resolve the issue for the device itself though.

This seems to be entirely routing related and I have varied a number of settings in the gateway to try to resolve this.  Either they have no effect or they break the connection for the LAN.
   eg.  Far Gateway  - won't turn off because the gateway is at the far end of the pppoe
          set default to the address of my router rather than far gateway - no function

I'm at work right now so cannot share my config.  I will do that tonight if nobody has any ideas based on what I have so far.  It feels like packets from the opnsense are being routed LANward rather than WANward for some reason.  It did not do this when I originally set it up, it started after it ran an upgrade.   I actually tried rebuilding from a downloaded ISO and it worked fine, again until it found an upgrade.  After that it reverted to this issue again.
         

[tre4bax]

@mimugmail yep 100% packet failure running a ping on the opnsense box.  100% packet success running it on a LAN connected device.

pretty weird eh!

[tre4bax]

Tonight I have a solution though I still do not understand what is going on.

I have now added a single static route  0.0.0.0/0 to my gateway and all is fine.

Even though before the routes setup showed a default route with the gateway it did not work.  Now it shows exactly the same, but does work.

Somehow something on this box is stopping the default "default route" working.  I am now working fine and this allows any address to be accessed.  I would like to know what is going on though if anyone wants to help me figure it out, just in case it is relevant to future builds.

[mimugmail]

Screenshots of routes and Gateways (only Overview) please

[tre4bax]

Snapshots included.


The interesting one is the routes.  That default entry looks exactly the same as before I added a static route for 0.0.0.0/0.  The difference is after I added that it all started working and previously it did not.

I would like to know what the Link# refers to.  They are there as destination but I don't understand what their definition is.  Also I have IPV6 turned off in LAN and WAN but still get these addresses.  My provider does not support IPV6 so I thought to turn it off to reduce complexity.

[mimugmail]

Why dont you enable "Default" for the gateway?
Why do you set a static IP for PPPOE?