Need help with OPNsense and Unraid connectivity

[mushtafa]

Any networking gurus here?

Came back from holiday to find my network had partially gone down.
I believe the fault to be my port forwarding not working. I'm now on a fresh install of OPNsense, and it's still not working. (I'm now wondering if it's a networking fault with Unraid?

I'm about 20 hours in to troubleshooting, and still non the wiser.

Can anyone assist?

EDIT:
I lost outside connectivity via my own URLs via Xginx Proxy Manager, and Plex remote access.
I concentrated on the Plex fault - considering that should be the easier fault to fix. I restarted the docker service, force updated the docker containers, updated unraid, even reinstalled the container.
Still no luck.
Looking at OPNsense being the fault now, I found lots of IO failure messages. Suspecting a bad HDD or cable/connection, I threw a replacement SSD in the system. IO errors have now gone.
Using my config file, I was still unable to get Plex remote access working.
I did a fresh install of OPNsense, and still no good. I've followed numerous guides online, without success.
The remote access now shows it's OK for 10-15 seconds before failing and going red again.

I'm not sure where to go now, or what to blame for the issue. Unraid/docker connectivity issue, or OPNsense rules/NAT issue?

 

[ChrisD.]

Can anyone assist?

Probably not, you haven't really given any kind of detail for anyone to be able to help.

Also, stop port forwarding. Use a VPN instead.

 

[mushtafa]

I'm more looking for someone who's willing to help who I can message with details and potentially even remote into my system to assist.

Not sure how a VPN will assist with Plex remote access and Nginx Proxy Manager....

 

[Caged]

OPNsense offer commercial support packages if you needed someone to connect remotely and assist

 

[mushtafa]

I did look at their support, but not in the position of spending €400+ at the moment

 

[Caged]

Just to clarify because you opted out of posting details about your setup, you're wanting someone to engage you in a 1:1 session to go through your OPNsense config?

 

[mushtafa]

Yeah, that would be ideal. The issue might be found within a few minutes.
I will edit my original post though with all the info

 

[lmfy2k]

does plex work internally (movie watching)?

Have you set the port (32400) in your plex settings?

Have you got a hardwire firewall you can setup to see if its your opnsense pc/device causing ssues?

 

[mushtafa]

Yes, Plex is working internally.
yes, 32400 set.
OPNsense is installed on it's own appliance.

Using port checking websites shows the port closed

 

[mushtafa]

Been doing more reading... Would this suggest I'm behind CGNAT? Seems like a lot of hops. And the 172. IP range are private aren't they?

 traceroute to www.google.com (142.250.187.228), 64 hops max, 40 byte packets
TTL    AS#    Host    Address    Probes
1    AS0    172.16.32.126    172.16.32.126    6.646 ms
3    AS0    172.16.32.178    172.16.32.178    6.968 ms
4    AS16353    217.146.102.180    217.146.102.180    10.505 ms
6    AS16353    v948.lon1-gw1.merula.net    217.146.96.1    6.997 ms
7    AS0    195.66.236.125    195.66.236.125    7.426 ms
8    AS15169    192.178.97.187    192.178.97.187    6.924 ms
9    AS15169    142.251.54.49    142.251.54.49    7.067 ms
10    AS15169    lhr25s34-in-f4.1e100.net    142.250.187.228    7.195 ms

 

[Caged]

Hop count and the presence of private IPs in a traceroute can't determine whether you're on CGNAT or not. Does the WAN IP shown on your WAN interface match what you see when you go to whatismyip.com or similar sites?

 

[lmfy2k]

Been doing more reading... Would this suggest I'm behind CGNAT? Seems like a lot of hops. And the 172. IP range are private aren't they?

 traceroute to www.google.com (142.250.187.228), 64 hops max, 40 byte packets
TTL    AS#    Host    Address    Probes
1    AS0    172.16.32.126    172.16.32.126    6.646 ms
3    AS0    172.16.32.178    172.16.32.178    6.968 ms
4    AS16353    217.146.102.180    217.146.102.180    10.505 ms
6    AS16353    v948.lon1-gw1.merula.net    217.146.96.1    6.997 ms
7    AS0    195.66.236.125    195.66.236.125    7.426 ms
8    AS15169    192.178.97.187    192.178.97.187    6.924 ms
9    AS15169    142.251.54.49    142.251.54.49    7.067 ms
10    AS15169    lhr25s34-in-f4.1e100.net    142.250.187.228    7.195 ms

Who is your isp?

 

[mushtafa]

The IP on the Gateways card on the dashboard is different to what is shown on 'whatismyipaddress'

 

[mushtafa]

Merula via OFNL.

I've sent an email to their support, but don't expect a reply for a few days now

 

[Caged]

The IP on the Gateways card on the dashboard is different to what is shown on 'whatismyipaddress'

CGNAT then, so nothing is going to work. You'll want to look at Tailscale.

 

[mushtafa]

Can't believe I've been fighting this for hours and days and it was the ISPs fault!

They must have changed something their end recently, has been fine for the 11 month previously. (And I pay extra for a static IP address )

 

[Caged]

Have you tried rebooting the ONT to see if your static IP comes back

 

[mushtafa]

A reboot gave me a different IP, but not what has been allocated to me. I'll have to speak with Merula support once they're open again

 

[Steveocee]

A reboot gave me a different IP, but not what has been allocated to me. I'll have to speak with Merula support once they're open again

This is the way. Give them a call - might be an honest mistake, they'll press a button and you'll either get it bakc or get issued a new static IP

 

[mushtafa]

Amazingly I managed to speak to someone last night, but he said it was too technical for him and someone would be in touch on Monday.
Seems like good customer service, so hopefully will be up and running again very soon.