Fresh installation but no internet Y-Y

[W.A.S.T.O.M]

Hello there ( General Kenobi 8) )

I've had few problems before with the update from 23.1 to 23.1.9, offload with suricata, sad AX210 WIFI6 card and Cie but all were resolved by this forum and few reddit/github topics.

I now have another problem which makes me turn around since the fresh install (and few other reinstall/BackUp/Restore to default setting) : There's connection to my ISP/Internet from my FW (like I updated+installed plugins) but nothing from LAN.

Here's few details :

-FW: Firewall Micro appareil, 4 ports i225 2,5 GbE LAN sans ventilateur Mini PC J4125, 2 x DDR4 Gigabit Ethernet AES-NI VPN Routeur Openwrt Barebone
(https://www.amazon.fr/dp/B0BKZP61LY?psc=1&ref=ppx_yo2ov_dt_b_product_details)


-Topology:

PC <-- 10.10.0.1(FW LAN) <-10.10.0.0/29 LAN- [FW] -WAN 192.168.1.0/24-> 192.168.1.1(FW WAN) --> ISP Router

GW: LAN 10.10.0.7 / WAN 192.168.1.254


-If I unplug OPNSense from my ISP's router and plug a pc into the same port, there's connection.


-Same in other RJ45 ports


-There's a any-any rule on both sides, with few automatics rules created by Wizard.
Even tried with IN/OUT on those, as I may have forget some things on my last IT diploma where I had PFSense configurations. 


-NAT Outbound (hybrid, with two automatically generated rules):

Interface   Source   Source Port   Destination   Destination Port      NAT Address      NAT Port    Static Port   Description
   
WAN           LAN net      *                     WAN net                     *           Interface address   *      NO           NAT  LAN_2_WAN

(Hybrid)

WAN   LAN networks, Loopback networks, 127.0.0.0/8   *   *   500   WAN   *   YES   Auto created rule for ISAKMP

WAN   LAN networks, Loopback networks, 127.0.0.0/8   *   *   *   WAN   *   NO   Auto created rule


-Two Plugins installed :

os-c-icap (installed)   1.7_3   50.1KiB   3   OPNsense   c-icap connects the web proxy with a virus scanner   
os-clamav (installed)   1.8           47.7KiB   3   OPNsense   Antivirus engine for detecting malicious threats


-WebProxy Configured, with or without "Use alternate DNS-servers" there's no change (DNS used when ain't cleared: 8.8.8.8 - 1.1.1.1)

-Got GeoBlockIP in Firewall:Aliases but nothing happens on the LAN internet connection when ticked or not.


-"Unbound DNS" Enable with no Overrides


-"Web Proxy" Enable, Remote Access Control with UT1.


-"Overwrite global settings" ain't tick on both Interfaces


-Connectivity Audit from Firmware Status:

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.1.9 at Wed Jun 14 03:02:32 CEST 2023
Checking connectivity for host: mirror.dns-root.de -> 172.67.206.93
PING 172.67.206.93 (172.67.206.93): 1500 data bytes
1508 bytes from 172.67.206.93: icmp_seq=0 ttl=55 time=10.325 ms
1508 bytes from 172.67.206.93: icmp_seq=1 ttl=55 time=10.597 ms
1508 bytes from 172.67.206.93: icmp_seq=2 ttl=55 time=10.426 ms
1508 bytes from 172.67.206.93: icmp_seq=3 ttl=55 time=10.444 ms

--- 172.67.206.93 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 10.325/10.448/10.597/0.097 ms
Checking connectivity for repository (IPv4): https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 825 packages processed.
All repositories are up to date.
Checking connectivity for host: mirror.dns-root.de -> 2606:4700:3036::ac43:ce5d
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/23.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***


-Health Audit from Firmware Status:

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1.9 at Wed Jun 14 03:03:14 CEST 2023
>>> Check installed kernel version
Version 23.1.8 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.1.8 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-c-icap 1.7_3
os-clamav 1.8
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: ................................................................... done
***DONE***

-Interfaces: Diagnostics: DNS Lookup:

Type   Answer                                                          Server   Query time
PTR   8.8.8.8.in-addr.arpa. 5157 IN PTR dns.google.   8.8.8.8   7 ms


-Interfaces: Diagnostics: Ping to 8.8.8.8 from no source -> OK


-Interfaces: Diagnostics: Ping to 8.8.8.8 from 10.10.0.1 -> OK


-Interfaces: Diagnostics: Ping to 8.8.8.8 from 192.168.1.1 ->  bind: Can't assign requested address


-Same error with Trace Route like the last ping (UDP+ICMP)


Am I forgetting something, or did something wrong ?

Ain't tested on a VM yet as it'll be on the barebone physically at the end of the journey.

Btw, i've got few backups to tests as I restored to default few times.
As said on top of this topic, I've tried all possibility I can see as I'm new here. I may have forget something or used a bad habits from PFSense/Fortinet tho.

Don't hesitate to ask if you need further informations, I'll answer ASAP (with jetlag, as I'm in France).

Thanks by advance, wishin' you all a great day !  :)

[littlepepper]

Try turning on the Prefer IPv4 over IPv6 under Settings -> System -> General

From your log where it was trying to update.. it seems to resolve ipv4 DNs but failed at ipv6 ips.