OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: Trevelian on April 11, 2021, 10:49:06 pm

Title: Loose internal network when PPPOE connexion is down.
Post by: Trevelian on April 11, 2021, 10:49:06 pm

Hello,

I have multiple VLAN on my homelab and the gateway of each VLAN is an Opnsense interface.
Opnsense is also used for the WAN access (PPPOE)

When there is a problem with my ISP and I loose my internet connexion, I also loose the connexion between my internal VLAN.

Maybe I need to activate this option on internal Interfaces-> "Dynamic gateway policy | This interface does not require an intermediate system to act as a gateway "

But I don't really understand it so I prefer ask before enable that.

Version : 21.1.4

Thanks for your help !
Trevelian.

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: Trevelian on April 12, 2021, 08:03:49 am

I'm not alone -> https://forum.opnsense.org/index.php?topic=15299.0

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: marjohn56 on April 12, 2021, 08:36:52 am

Is this using IPv4 and v4 IP addresses or IPv6 or both?
I can see no reason why v4 should not continue to work, but IPv6 probably would not work if you are using GUA addresses.

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: Trevelian on April 12, 2021, 09:47:13 am

I receive IPV4 and IPV6 from my ISP, but I only use IPV4, no IPV6 on the internal network.

I see on firewall logs that I hit the default block rules, Its like all my allow rules are ignored when the WAN connection is down.

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: marjohn56 on April 12, 2021, 09:57:13 am

Odd.. I have a PPPoE connection and VLANs, when on the odd occasion my WAN goes down I can still ping the IOT VLAN devices from the primary LAN. Want to post some images of your rule setup?

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: Trevelian on April 12, 2021, 10:46:37 am

https://trevelian.de/opnsense/lan.png

If you need more, no problem.

It is possible that the problem is related to my usage of "alias" ?

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: marjohn56 on April 12, 2021, 02:34:06 pm

Haven't had any time to look at the rules yet... real work has intervened.

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: marjohn56 on April 12, 2021, 07:22:00 pm

Erm. how many VLANs do you have? You appear to have rules for lots of individual devices. What have you got in floating rules?

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: Trevelian on April 12, 2021, 07:25:19 pm

I have 11 VLAN and nothing in floating (except automatic generated rules)

https://trevelian.de/opnsense/floating.png

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: marjohn56 on April 12, 2021, 07:35:01 pm

So let's break this down, from the LAN you cannot connect to any of the other VLANs when the PPPoE is down. Pick one device on a VLAN you cannot ping and post the rules for that VLAN, and if it has an alias name, tell us what that is.

Title: Re: Loose internal network when PPPOE connexion is down.
Post by: Trevelian on April 12, 2021, 08:05:07 pm

I will try again to shutdown the PPPOE this night when my wife goes to sleep to do more test.

But for example I have this rules on my LAN vlan (192.168.1.0/24) :
https://trevelian.de/opnsense/gest1.png

gest is the alias of 192.168.7.20 on my BASTION vlan (192.168.7.0/24):
https://trevelian.de/opnsense/gest2.png

No problem when my internet connection is up, I see in the firewall "Live View" that SSH is accepted to "gest"
When PPPOE is down when I try to ssh to "gest" I see that its block by the default block rules in the "Live View"