OPNsense 26.7-BETA images

Started by franco, June 26, 2026, 03:09:20 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
Today at 11:49:19 AM #15 Last Edit: Today at 11:50:57 AM by patient0
Quote from: Monviech (Cedrik) on Today at 11:22:16 AMegardless of automatic or manual being selected after the apply?
Yep, the output of `pfctl -s nat` is identical for both Automatic or Hybrid (not using Manual) (the "inet all -> (vtnet1:0)" line):

Code Select
root@OPNsense:~ # pfctl -s nat
no nat proto carp all
nat on vtnet0 inet all -> (vtnet1:0) port 1024:65535
nat on vtnet0 inet from (vtnet1:network) to any port = isakmp -> (vtnet0:0) static-port
nat on vtnet0 inet from (lo0:network) to any port = isakmp -> (vtnet0:0) static-port
nat on vtnet0 inet from 127.0.0.0/8 to any port = isakmp -> (vtnet0:0) static-port
nat on vtnet0 inet from (vtnet1:network) to any -> (vtnet0:0) port 1024:65535
nat on vtnet0 inet from (lo0:network) to any -> (vtnet0:0) port 1024:65535
nat on vtnet0 inet from 127.0.0.0/8 to any -> (vtnet0:0) port 1024:65535
no rdr proto carp all
no rdr on vtnet1 proto tcp from any to (vtnet1) port = ssh
no rdr on vtnet1 proto tcp from any to (vtnet1) port = http
no rdr on vtnet1 proto tcp from any to (vtnet1) port = https
Deciso DEC740
Today at 12:09:04 PM #16
Can you open a ticket on github with this issue? We will look into it. Thanks for testing.
Hardware:
DEC740
Today at 12:10:28 PM #17
Quote from: Monviech (Cedrik) on Today at 12:09:04 PMCan you open a ticket on github with this issue?
Yes, I'll do that later this evening.
Deciso DEC740
Today at 12:44:31 PM #18
I may be affected by this NAT issue as well, however my experience is a bit different ( or @patient0 didn't test for it)


My tests so far:

- test vm on 26.1 upgraded to 26.7.b, pretty much bare bones in terms of settings ( the only two rules there allow me to https/ssh from wan to manage it ). One Linux vm behind it. Traffic works as expected. Rules not migrated to New. NAT untouched.

- local hardware FW upgraded to 26.7.b. Rules not migrated. Traffic flows through the FW from vlans. NAT on hybrid. WireGuard server operational and allows me to connect to the FW mgmt but I don't have access to internet over WireGuard post upgrade - which sounds like a NAT issue
Interestingly IPsec works fine and I can remote into machines in various vlans.


- another FW and the first one who saw 15.1 couple weeks ago. Worked just fine with the kernel and when I installed base no traffic passed through. Rules not migrated and NAT hybrid.


- last FW, same HW as the first one in this post, upgraded to 26.7.b. Rules not migrated and NAT hybrid although now only the LAN exists. No traffic passing through from lan to wan however I can ZeroTier and manage it remotely and everything works apart from the lan-wan traffic issue.



I kept the one with the WireGuard issue on 26.7.b for now and I'll see what happens in the meantime.


When testing only the 15.1 kernel ( before 26.7.b was ready ) all these firewalls ran fine on it which is a good sign.
Print
Go Up Pages 1 2
User actions