meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
sw:opnsense:issues [2020/05/13 14:07] niziaksw:opnsense:issues [2025/08/20 12:12] (current) niziak
Line 1: Line 1:
-====== ISSUES ======+====== OPNSense issues ====== 
 + 
 +===== WAN bandwidth limited ===== 
 + 
 +4 port ''Intel(R) PRO/1000 Network Connection'' 
 + 
 +  * last post in: [[https://forum.opnsense.org/index.php?topic=17277.0|[Help] troubleshooting high latency issues]] 
 +  * [[https://forum.opnsense.org/index.php?topic=39763.0|Bandwidth cut in half when traversing system but direct bandwidth test is fine]] 
 +  * [[]] 
 +https://forum.opnsense.org/index.php?topic=15019.0 
 + 
 +https://forum.opnsense.org/index.php?topic=9693.0 
 + 
 +[[https://forum.opnsense.org/index.php?topic=6590.0|Performance tuning for IPS maximum performance]] 
  
 ===== flowd ===== ===== flowd =====
Line 9: Line 23:
  
 ===== Multiwan ===== ===== Multiwan =====
 +
 +==== multiwan: when primary WAN fails, local connectivity stops ====
 +Primary WAN fails:
 +  - Local (from OPNSense host) DNS doesn't work
 +  - local connectivity also doesn't work ``No route to host``
 +  - internet for LAN users works (switched to WAN2)
 +  - one LAN device cannot connect to 8.8.8.8 DNS server, because this request is still forwarded to WAN1
 +
 +SOLUTION ?
 +PROPOSALS: 
 +  - Allow DNS server list to be overridden by DHCP/PPP on WAN = CHECKED  <– uncheck this
 +
  
 ==== multiwan: port reflection not working ==== ==== multiwan: port reflection not working ====
Line 36: Line 62:
  
  
-=====multi wan: lan gw was chosen ====+===== multi wan: lan gw was chosen ====
 If gateway switching is used, it is needed to set all not WAN gateways as forced down. If gateway switching is used, it is needed to set all not WAN gateways as forced down.
  
Line 65: Line 91:
 Firewall --> Settings --> Advanced: Tick **Disable force gateway** (Outgoing packets from this firewall on an interface which has a gateway will normally use the specified gateway for that interface. When this option is set the route will be selected by the system routing table instead.) Firewall --> Settings --> Advanced: Tick **Disable force gateway** (Outgoing packets from this firewall on an interface which has a gateway will normally use the specified gateway for that interface. When this option is set the route will be selected by the system routing table instead.)
  
 +
 +====== cannot reach another VLAN from VPN ======
 +
 +Check for asymetric routing. Firewall cannot track one way packet flow so packets are blocke by default rule.
 +Solution is to add pass rule without connection tracking enabled (tracking ''none'').