Devices in my network dont have internet access

Started by SideSky, July 16, 2022, 01:44:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 16, 2022, 01:44:02 PM
Hey, I have a problem with my OPNsense setup.
I can access the internet from the OPNsense router but not from the devices on the network.
Devices and router are pinging each other.

I think the problem is with the gateway address or firewall (default settings).

I followed this german guide when setting it up:
https://forum.opnsense.org/index.php?topic=21839.0

Screenshots: Vigor Modem & OPNsense Settings + PC ipconfig
https://imgur.com/a/lNm9vFA

Hardware:
Internet provider: 1&1
Internet (DSL) -> Vigor Modem -> OPNsense Router -> Devices
Everything on the latest version.

Settings:

Vigor Modem:
- Switched to modem mode.
- Physical Interface:
   - DSL WAN: Default 5.12.24.0
- WAN:
   - Customer VLAN: Disabled
- LAN:
   - IP address: 192.168.1.1 changed to 192.168.0.1

OPNsense:
- Interfaces->Other Types->VLAN
   - New VLAN created
      - Parent Interface: Interface leading to the modem (igc0)
      - VLAN Tag 7
      - Description: VLAN
- Interfaces->Assignments
   - WAN = created VLAN interface
- Interface->WAN
   - IPv4 Configuration Type: PPPoE
   - IPv6 Configuration Type: DHCPv6
   - PPPoE Configuration
      - Username = Internet access ID
      - Password = Access password
      - Dial on Demand: Check
      - Idle Timeout = 00
   - DHCPv6
      - Request onyl an IPv6 prefix: check
      - Prefix delegation Size: 56
      - Send IPv6 prefix hint: check
      - Use IPv4 connectivity: check
- Services->DHCPv4->LAN
   - Enable DHCP server on the LAN interface: check

All other settings should still be unchanged.


It would be really great if someone could help me and maybe fly over the settings once.
July 16, 2022, 03:17:11 PM #1
Your Vigor likely doesn't have a route to your LAN, so return packets from internet sites get dropped.

Best to use the modem as a modem and let OPNsense handle the PPPoE: https://draytek.co.uk/support/guides/kb-router-as-dsl-modem

Bart...
July 16, 2022, 04:17:53 PM #2
But my OPNsense has access to the internet through my Vigor modem (Vigor 167).
I was able to update my OPNsense through it.

I disabled all other features, so that it functions only as a modem
July 16, 2022, 05:55:44 PM #3
Did you change the DHCP configuration to match your new LAN address?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 16, 2022, 10:37:59 PM #4
Quote from: SideSky on July 16, 2022, 04:17:53 PM
I disabled all other features, so that it functions only as a modem

Does your OPNsense WAN interface show a public IP (non-RFC1918) address?

If it doesn't then your Vigor is acting as a router, not a modem
July 16, 2022, 11:15:25 PM #5
@bartjsmit He wrote multiple times that the OPNsense device does have Internet access over that Vigor modem and DSL line.

OTOH he did not answer any of my suggestions, either to leave the OPNsense LAN settings at their defaults for initial tests or check if they adjusted the DHCP settings to match the changed LAN IP address.

That plus repeatedly opening new threads about the same problem  ::)

@SideSky if you need help, this is supposed to be a conversation, you know?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 18, 2022, 04:51:02 PM #6
Quote from: pmhausen on July 16, 2022, 05:55:44 PM
Did you change the DHCP configuration to match your new LAN address?

I enabled DHCP for my LAN and it works like it should. All my clients get an IP address (range: 192.168.1.11 - 192.168.1.245)
July 18, 2022, 04:53:21 PM #7
Quote from: bartjsmit on July 16, 2022, 10:37:59 PM
Quote from: SideSky on July 16, 2022, 04:17:53 PM
I disabled all other features, so that it functions only as a modem

Does your OPNsense WAN interface show a public IP (non-RFC1918) address?

If it doesn't then your Vigor is acting as a router, not a modem

In the terminal of my OPNsense WAN is set to PPPoE but there is no IP address behind it.
July 18, 2022, 04:56:12 PM #8
So to repeat

- your devices have LAN access and get an IP address, default gateway and DNS server
- both of which are your OPNsense firewall (192.168.1.1)
- your OPNsense firewall does have an active PPPoE connection
- you can ping devices on the Internet from your OPNsense (like 8.8.8.8)
- you can ping devices on the Internet by name from your OPNsense (like www.opnsense.org)

All of this true?

Then what does NOT work? Can you ping 192.168.1.1 from any device on your LAN? Can you ping 8.8.8.8 from any device on your LAN? Can you ping www.opnsense.org from any device on your LAN?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 18, 2022, 04:57:36 PM #9
Quote from: SideSky on July 18, 2022, 04:53:21 PM
In the terminal of my OPNsense WAN is set to PPPoE but there is no IP address behind it.
Please show the complete configuration of your WAN interface in the UI - minus username and password.

Thanks.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 18, 2022, 05:28:28 PM #10
Quote from: pmhausen on July 18, 2022, 04:56:12 PM
So to repeat

- your devices have LAN access and get an IP address, default gateway and DNS server
- both of which are your OPNsense firewall (192.168.1.1)
- your OPNsense firewall does have an active PPPoE connection
- you can ping devices on the Internet from your OPNsense (like 8.8.8.8)
- you can ping devices on the Internet by name from your OPNsense (like www.opnsense.org)

All of this true?

Then what does NOT work? Can you ping 192.168.1.1 from any device on your LAN? Can you ping 8.8.8.8 from any device on your LAN? Can you ping www.opnsense.org from any device on your LAN?


1. My devices have lan access and get up addresses. The default gatey and DNS address is the one of my OPNsense router (192.168.1.1) (uploaded screenshot of ipconfig /all with the other opnsense settings.
2. I don't know if my OPNsense firewall has a PPOoE connection. I set my my WAN configuration type to PPPoE and added my username and password. The firewall options of Opnsense I left as default.
3. I can ping IP addresses and domains from OPNsense

Yes, I can ping 192.168.1.1 from my devices and the other way around.
I can't ping www.opnsense.org from my devices. Host couldn't be found.

Here can you found the complete configuration of my WAN
https://imgur.com/a/4Q0g3W7

I think the problem is that I have not set a Firewall or NAT rule as of now. I left all as default.
July 18, 2022, 06:42:38 PM #11
All necessary rules including NAT are in place by default. Disable the dial on demand mode - that's not necessary for DSL, unless you are billed by the hour, which you certainly are not.

And disable IPv6 for debugging purposes. We can re-enable that later.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 20, 2022, 06:06:39 PM #12
Quote from: pmhausen on July 18, 2022, 06:42:38 PM
All necessary rules including NAT are in place by default. Disable the dial on demand mode - that's not necessary for DSL, unless you are billed by the hour, which you certainly are not.

And disable IPv6 for debugging purposes. We can re-enable that later.

Okay, thanks for the tips. Adjusted the settings.
Print
Go Up Pages1
User actions