Interesting Issue After Upgrade

[dd2594opn]

Upgraded to 24.1_1 and everything at first appeared to be working ... but:

Now I can get to the internet from either one of my two LAN segments - provided I either go directly to an IP or change my DNS server on the host to a DNS server outside my opnsense.

So a picture:

PC1 (10.1.1.10) ------> OPNSENSE (10.1.1.1)

PC2 (10.2.2.10) ------> OPNSENSE (10.2.2.1)

OPNSENSE (10.10.10.10) -----> COMCAST RTR (10.10.10.9) -----> Internet (say 1.1.1.1)

PC1 can ping 10.1.1.1
PC2 can ping 10.2.2.1
PC1 can ping 10.10.10.10
PC2 can ping 10.10.10.10
PC1 cannot ping 10.10.10.9
PC2 cannot ping 10.10.10.9
PC1 can ping 1.1.1.1
PC2 can ping 1.1.1.1
DNS - if set to the internal 10.1.1.1 -- resolves only "internal" (Unbound overrides), if DNS set to external 1.1.1.1, no internal resolution (obviously)

Opnsense itself:
Can ping 10.1.1.10 and 10.2.2.10 (PC1 and PC2)
Can ping 10.1.1.1 and 10.2.2.1 (the internal side of itself)
Cannot ping 10.10.10.10 (the external side of itself)
Can ping 10.10.10.9 (upstream gateway)
Cannot ping 1.1.1.1
No DNS resolution (even though defined in setup)

Anyone got hints?

[GunterO]

We had the same issue. We fixed it by checking the box "Firewall"-"Settings"-"Advanced"-"Disable force gateway"

[iorx]

Hi!
*edit "have not deep"

Any follow up here why the change of behaviour and this setting now is needed?
I also noticed some oddities after the upgrade to 24.1

Unbound was behaving more than strange if not set to listen to all interfaces i think, have not deep dived into it yet.
In particular conf I hade AdGuard running on port 53 and Unbound on 8053, and after the upgrade they were acting up really strange like not responding and it looked like unbound and adguard crashed/hung.

For now I've inactivated adguard and is back running unbound on 53 on "all" interfaces.