Issues with OpnSense

Started by Angel038, August 03, 2024, 10:16:02 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 03, 2024, 10:16:02 AM
Hello There,

I have a HomeLab with a baremetal Proxmox Server.
On this, i run many Vms like Synology DSM, LXC container like Plex, Homepage, AdGuard...
I have a fiber channel box which work as router, firewall, DHCP server.
First i'm looking to replace DHCP server and router with a home made installation, so i look after PfSense, OpenWRT and OpnSense.
I decide to choose OpnSense, i made a VM with a fresh install, i configure network port, one for WAN, one for LAN and a third for OPT but i don't use it at the moment.
All work fine but, my network has malfunctions, i explain.
I try to play a online game like Fortnite, FinalFantasy XIV, but connexions to servers are difficult, sometimes it works, sometime the game can't join to the lobby.
I see other problems, with Whatsapp, i can't send picture with wifi.... and some other problems i can't explain.
I found a solution for Whatsapp in this forum in looking in the firewall settings is to set Enable syncookies in never, but on my setup, this feature is already on never.

My question is:
How can i setup OpnSense Firewall not to block most of the network trafic?
and
How can i block IPV6 address attributions from my box with OpnSense if its possible because, even if i disable this feature on my box, it continues to provide Ipv6 adress to my devices, i need to be on ipv4 for my Smart TV for exemple, to be able to block some services for my children.

Thanks for your help!
August 03, 2024, 06:38:18 PM #1
Can you please confirm whether the Proxmox firewall is off on the OPNsense VM? What services are still running on the fibre box (firewall? DHCP?)? Is DNS running on your fibre box or OPNsense?
August 04, 2024, 01:08:52 PM #2
Hi @juisssark, thank you for your answer.
On Proxmox, Firewall is disable on the OpnSense VM, on my box firewall is on but without any rules. DHCP is off when OpnSense is on, DHCP v6 is off, NAT is on.
DNS is manage by Adguard at the moment but the IPV6 provided by my box even if its off.... bypass my DNS filter.
August 05, 2024, 05:25:17 PM #3
Is there a reason you are running NAT on the fibre box? Can you disable NAT on the fibre box? You've configured OPNsense with a WAN and LAN and I assume you have NAT running on OPNsense too. A double NAT would create problems establishing a connection with devices on the LAN.



August 05, 2024, 08:16:34 PM #4
I haven't made my NAT rules on Opnsense yet, i test if the solution is stable, if nothing go wrong before migrating all my rules.
I don't understand why, for example, in Fortnite, we encouter difficulty to join a party, in Final Fantasy XIV same, impossible to send picture with Whatsapp with no rules on opnsense at all.
August 05, 2024, 10:18:46 PM #5
Having a double NAT (two NATs running at the same time) can create problems connecting for clients on the LAN network. See this article for a summary on the problem: https://www.purevpn.com/blog/double-nat/

I suggest turning off the NAT on OPNsense (I've never done it but some articles come up when I search the web for it) or turning off the NAT on your fibre box.
August 06, 2024, 09:04:22 AM #6
Ok Thank you, i will try this but, nothing is set up in opnsense about the nat, don't know why it make double job
August 06, 2024, 09:14:51 AM #7
Quote from: Angel038 on August 06, 2024, 09:04:22 AM
Ok Thank you, i will try this but, nothing is set up in opnsense about the nat, don't know why it make double job
Outbound NAT to the WAN address is the default for any newly installed OPNsense. You need to explicitly disable it if you don't want it.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions