This close to giving up

[OPNonsense]

Hi,


As you will see from my posting history, I have tried installing OPNsense a number of times.

I would post on this forum and usually be told that I am doing it wrong/lacking fundamental knowledge/whatever, would take that on board, and take it to the next level.

You can see my configuration from the previous posts.

Essentially a Linux box on a 192.168.178.xxx network, connected via a FRITZ!Box 7530 on 192.168.178.1.

Bought a dedicated host which usually sits at 192.168.10.1.

Found that the FRITZ!Box was not really playing ball, so bought a Draytek Vigor 130 modem and set up PPPoE via OPNsense.

Things were looking promising and I got a public IP address on the WAN interface.

Despite setting up a DHCP server on both interfaces, opening up my entire firewall, configuring DNS etc. -- nothing. Nothing whatsoever. I get no WAN traffic through.

I ordered a new modem, new cables, everything.

Maybe I am just not cut out for it. I thought I was decent with networking, but being unable to set this up when everyone just goes "you plug it and thar she blows LOL" is utterly defeating.

Anyone with any last-minute tips? I don't know if PFSENSE is somehow better -- I like open source. But it just Does. Not. Bloody. Work.

It's either that my set-up is somehow cursed or that I am too stupid.

[newsense]

Things were looking promising and I got a public IP address on the WAN interface

First things first, if you got that far, can you update OPNsense ? Successful connectivity check ? Installing a plugin like os-chrony (don't worry about configuration, only talking basic functions for now)


If the answer to all the questions above it Yes, then next step is to plug into the Lan directly, see if you get a DHCP and access https://1.1.1.1


If all the above is working we can continue...

[seed]

i guess that you havent configured a gateway or have not assigned the gateway on the WAN interface

[OPNonsense]

Things were looking promising and I got a public IP address on the WAN interface

First things first, if you got that far, can you update OPNsense ? Successful connectivity check ? Installing a plugin like os-chrony (don't worry about configuration, only talking basic functions for now)


If the answer to all the questions above it Yes, then next step is to plug into the Lan directly, see if you get a DHCP and access https://1.1.1.1

I have never been able to ping a remote host. Well, once, ages ago. That was it. LAN stuff is fine.


If all the above is working we can continue...

[OPNonsense]

i guess that you havent configured a gateway or have not assigned the gateway on the WAN interface

I have configured a gateway, and I have assigned it to WAN. I have tried it in a number of ways. Sadly to no avail.

[Seimus]

Looks like you story didnt yet end even thou you at least moved a bit :)


Alright so lets go step by step and put the puzzle together.


1. Your current setup is as following? ISP > Draytek (in Bridge mode) > OPNsense (with PPPoE)
2. Your OPNsense get a public IP?
3. What are your NAT rules? Did you do your own? What mode did you set (is it hybrid)?
4. Do you have internet connectivity from OPN to Internet? (can you within OPN GUI go to Diagnostics section and try to ping 1.1.1.1 and 8.8.8.8 )?

5. If possible make print screens of NAT rules, Floading Rules, WAN rules and your LAN rules
6. Do the same above as well WAN & LAN interfaces and DHCP servers
7. Do the same for the routing table
8. Do the same for gateway tab

Regards,
S.

[OPNonsense]

Looks like you story didnt yet end even thou you at least moved a bit :)


Alright so lets go step by step and put the puzzle together.


1. Your current setup is as following? ISP > Draytek (in Bridge mode) > OPNsense (with PPPoE)
2. Your OPNsense get a public IP?
3. What are your NAT rules? Did you do your own? What mode did you set (is it hybrid)?
4. Do you have internet connectivity from OPN to Internet? (can you within OPN GUI go to Diagnostics section and try to ping 1.1.1.1 and 8.8.8.8 )?

5. If possible make print screens of NAT rules, Floading Rules, WAN rules and your LAN rules
6. Do the same above as well WAN & LAN interfaces and DHCP servers
7. Do the same for the routing table
8. Do the same for gateway tab

Regards,
S.

1. Yes. Didn't have modem in bridge mode originally, configured it to be, and still nothing. Yes, with PPPoE. Also constantly keep losing connection to the web GUI.

2. Nope, 99% of the time it doesn't get a public IP.

3. I just set it as open as possible - either no rules, or all outbound rules, or nothing. Whatever I change -- and I have changed it all -- does not help.

4. Nope, 99% of the time I don't. Only once I tried to resolve (weeks ago) and got a ping from www.google.com.

5. I can do this once I am mentally ready to reattempt this again. I just try to allow all rules just to get past that initial point.

7, 8. OK, will do once I have the mental energy to go through this again.

Thanks for responding anyway.

[abulafia]

Sounds more like an issue with getting internet connectivity to OPNsense than the routing/firewalling.

Just checking that you
- do not use USB NICs
- do not use Realtek NICs (or if you do, have installed the plugin drivers)
- do not use Intel i225 / i226 NICs ?
- do not run OPNsense virtualised
- have checked and re-done the cabling

[Patrick M. Hausen]

To add to @abulafia - don't try too many things at once.

Install OPNsense, connect client system to LAN interface.
You will get an IP address in the 192.168.1.x range and the UI will be at http://192.168.1.1.

There is absolutely no need to change any of this. It will continue to work, just don't mess with the settings.

Next connect WAN to your modem.
Configure WAN interface for PPPoE in the UI using your ISP's documentation and your credentials.

This will never interrupt your LAN connectivity or your UI access!

Unless the PPPoE connection is established and the Dashboard shows a public IP address for WAN there is no need to mess with anything else but the WAN and PPPoE settings. None.

Once the WAN connection is established Internet access will generally work.

Don't change anything but your Internet uplink configuration. There is no need to. If you can't get Internet access the connection is not yet established. There is nothing else to fix. OPNsense works out of the box for a simple home network, not to mention a single client PC.

Until you get that working, don't touch anything else.

[MikeH]

Fritzbox and Draytek, no public IP, this sounds like Germany?
What ISP do you use? Some need VLAN, some not (google it). Somtimes the Drayteks have VLAN enabled by default. Check this first and then go according to @Patrick M. Hausen.

[rfox]

My two cents once again -  ;D

I would recommend having the Draytek Vigor 130 perform the PPPOE and establish the internet from the modem side - then just plug it into the WAN side of the router - One less thing to worry about on the OPNSense config . . .  ;)

I would also start from a fresh install from OPNSense - maybe using this guide:
https://www.youtube.com/watch?v=Qrglquxw-6I

Take a deep breath and keep trying - Out of the box, OPNSense should just work for your scenario . . . and it's well worth the learning curve!  :D

Cheers,
R.Fox