Server pinging external network but not its own Gateway!..

[tryllz]

Hi,

I'm facing this issue where the server cannot ping its own gateway but can access other networks. I believe this to be a misconfigured rule but I'm not sure which one as all the rules are simple and same.

I have setup Virtual IP (HA setup) as the Gateway of the server.

Server - 192.168.28.40/27
Gateway Virtual IP - 192.168.28.34/27
Primary Firewall IP - 192.168.28.35/27
Backup Firewall IP - 192.168.28.36/27

I found in the firewall logs the server is blocked access to its own Gateway just not sure why.

Firewall Interfaces - https://i.ibb.co/Z82LGwV/Firewall-Interfaces.png
Server IP - https://i.ibb.co/cDbtc2m/ServerIP.png
Server Network Virtual IP - https://i.ibb.co/qnMPy7h/VIP.png
Server Ping to Gateway and different network - https://i.ibb.co/cFmkvjt/Server-Ping-Results.png
Firewall Rule - https://i.ibb.co/BjCLfdc/Server-Rule.png
Firewall Log - https://i.ibb.co/g6R4Fnc/Block.png

Any thoughts what is going ont.

[Gauss23]

The destination "This Firewall" is missing in your rules as far as I can see that from a short glimpse.

[tryllz]

The destination "This Firewall" is missing in your rules as far as I can see that from a short glimpse.

Thanks,

also if I may ask what is the actual difference between using "This Firewall" and the "Firewall net" as they both are referring to the same interface as I understand.

[Gauss23]

As far as I know:
This Firewall means all IP addresses of all interfaces the OPNsense has i.e. 127.0.0.1/32, 192.168.1.1/32, 10.0.0.1/32

I don't have "Firewall net" in my OPNsense boxes. Is that some Alias you created by yourself?

The "LAN net" alias means the network which is connected to that interface i.e. 192.168.1.0/24.

[tryllz]

As far as I know:
This Firewall means all IP addresses of all interfaces the OPNsense has i.e. 127.0.0.1/32, 192.168.1.1/32, 10.0.0.1/32

I don't have "Firewall net" in my OPNsense boxes. Is that some Alias you created by yourself?

The "LAN net" alias means the network which is connected to that interface i.e. 192.168.1.0/24.

Sorry, yes the Firewall is my Firewall network name as set in interfaces.

Also as I understand the firewall has the network interface 192.168.28.34/27 so if I use This Firewall or Firewall net either ways its referring to the same thing, isn't it ?!

From your reply what I'm understanding is that This Firewall means ALL interfaces while Firewall net means IP addresses in the Firewall Network

Sorry just trying to understand this.

[Gauss23]

Also as I understand the firewall has the network interface 192.168.28.34/27 so if I use This Firewall or Firewall net either ways its referring to the same thing, isn't it ?!

From your reply what I'm understanding is that This Firewall means ALL interfaces while Firewall net means IP addresses in the Firewall Network

Sorry just trying to understand this.

"This Firewall" is 192.168.28.34/32, "Interface net" is 192.168.28.32/27, This Firewall (at least the IP of this interface) is included in "Interface net". The cleanest thing is to create an Alias with the single IP of the OPNsense interface you want to reach. This is at least the way I do it.

[tryllz]

"This Firewall" is 192.168.28.34/32, "Interface net" is 192.168.28.32/27, This Firewall (at least the IP of this interface) is included in "Interface net". The cleanest thing is to create an Alias with the single IP of the OPNsense interface you want to reach. This is at least the way I do it.

Thanks for clarifying that, appreciate it.

[ligand]

Hi!  Thanks to this thread I was able to get policy based routing working.  One thing I struggled with was making sure the new VPN Gateway was set to the same priority as the WAN Gateway.  Wanted to share this because I don't believe it was mentioned in any of the instructions.