[SOLVED]18.1 will not route to some sites and services, 17.x works fine.

[slickdakine]

Hi Franco,

Thanks for the help. Sloppy didn't work, but "none" does on the default LAN firewall rule.

You have any suggestions on where to start troubleshooting what could be wrong with my network?
I didn't have this problem till the upgrade from PFsense 2.3 to 2.4. I then moved to Opnsense to see if it was any better.
Have been getting it on both platforms.

Could this be due to the FreeBSD update from 10.3 to 11.1?
If its set to "none" doesn't that disable packet inspection?

Thanks again for your help.

[Davesworld]

Does not look like the problem described previously, which was addressed in a patch that is queued up for inclusion in 18.1.6.

Default deny usually means state tracking was too aggressive, which could be the case due to retransmits, switch gear, network loops, asymmetric traffic, etc. You can try to set your OpenVPN gateway rule to "slopply" or "none" state tracking and see if that helps.


Cheers,
Franco

OK, I missed the part about it not being included until 18.1.6. I would guess it would be best to uninstall the patch just prior to 18.1.6 when it comes?

[franco]

Yes, 18.1.6 due to an extra round if testing. No need to do anything when it hits. Manual patches to core files are overwritten on firmware updates for consistency. You don't have to revert it again, only check whether the incoming updates (all of them) include the fix you want and skip or reapply the patch in the meantime.


Cheers,
Franco