Configuring OPNSense for Autonomi nodes

I’m currently trying to set up OPNsense on my main router at home (never used it before) and thanks to some helpful tutorials everything is working fine except the autonomi nodes in port forwarding mode: when I start the nodes, I don’t see any Get or Put (nodes have the status Stopped in VDash)

My setup: my provider box in bridge mode → mini PC (minisforum MS-01) with OPNSense (bare metal) with one WAN port and one LAN port → switch → laptop with Ubuntu server 24.04 running antctl (last version)

What I tried so far:

  • Test the laptop connected to the box in router mode: working fine (nodes have Gets and Puts and are earning attos)
  • Use the box in bridge mode replacing the OPNSense router with an other router (Asus with Asus firmware): it works fine.
  • Check that port forwarding is actually working on the OPNSense router by opening TCP port (ssh) in the same range as the nodes, also working with UDP port (tested TFTP port 69)
  • Start the nodes using --home-network mode: it’s working
  • Start the nodes using --upnp: not really working (it seems that upnp is a bit touchy to configure with OPNSense, the nodes seemes to work, getting puts and gets but not earning any attos)

So the problem really comes from OPNsense configuration.
I’ve shared my firewall and port forwarding rules (which are working with any other service than Autonomi…). I’ve tinkered a bit with multiple settings (also created a rule to allow all incoming connections) but to no avail.

Any help from people skilled in OPNsense (or pfSense @Shu, since it’s more or less the same OS with different UI) would be greatly appreciated, I already spent 2 days trying to configure it…

.

4 Likes

I had the exact same issue before, not with OPNsense but with my Draytek. Port forwarding was working as intended, nodes have been running, but no attos earned. In DMZ (demilitarized zone), I got it to work, I’m not knowledgeable enough to really understand what the difference is between the two.

I have not tested running as --home-network, but its good to know that at least fixes the problem for not earning anything. I believe the only difference is is that the nodes are not fulfilling the entire role a node should, am I right?

Would be great indeed to hear from someone like Shu to see how he managed with his pfsense router.

1 Like

After each change to the nodes, it is a good idea to restart the computer even if it is running Linux. I’ve had them unable to connect until I restarted the computer even though I’ve reset and deleted all files from antctl to antup.


Check out the Dev Forum

1 Like

Wasted 2 weeks some time ago trying to figure out OpnSense/Autonomi with port forwarding, switched to home network which worked instantly.

I was restarting, resetting, changing configurations, tunables, replaced VM with lxc container, I’ve even switched out bare metal itself. It just started after some node update, as I was able to earn in earlier iterations in same port forward configuration (with one twist - every time we were meant to reset nodes when updating, I was changing ports as well). Something is definitely fucky and I wouldn’t be blaming OpnSense at this point - I have few services with port forwarding configured alongside Autonomi, and only nodes are having issues (but only with forwarding, home network works flawlessly)

You don’t need to enable NAT reflection features at this stage while troubleshooting (its adding more complexity).

While you have NAT port forwarding rules, you need to also ensure static NAT outbound rules on those ports as well, otherwise your ports will keep changing when going outbound (as the world sees it).

I don’t know what the equivalent settings are in OPNSense (only familiar with pfSense).

3 Likes

:tada:
It worked.

I changed the NAT outbound rules from Automatic to Hybrid and added the manual outbound rule shared in my screenshot (just change the ip to the one(s) hosting your nodes).

5 Likes

I would restrict it to its antnode(s) UDP port range or at least to just UDP protocol, but your choice for the multiple antnode(s) on that host IP itself node etc.


Overall, glad to hear it worked, and thanks for raising the question on the forum, so others may also find the solution to this problem as well for OPNSense / pfSense.

My NAT port forwarded antnodes have been working just fine for many months from home, but it takes the right settings on the router to make it all work as you are discovering. :wink: .

3 Likes