OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: rizzorat on October 18, 2023, 02:30:48 pm
-
Hi all,
following issue. I am running OPNsense on a small barebone. It has 5 ethernet ports.
I am using 1 as WAN and the other 4 are grouped and used as LAN.
My entire LAN connects to the designates LAN ports over various ways.
The DHCP server in the opnsense shows all off the participants i expect as leases.
One of them is an openwrt access point. the access point is also configured to be a DHCP client.
All WiFi and LAN users are getting the ip adresses shown in the leases. All of the participants can access the internet via WAN.
But i can't connect to the openwrt access point. I also can not ping it. i tested it with 2 of my PCs no one gets access to it.
If i go via Wifi with the laptop i can access the accesspoint webgui.
If i do a IP adress sweep with Angry IP scanner it shows the PC itself and the opnsense gateway with minimal latency. All the other participants are sown as "alive" but with massive latencies.
But neither of this participants show any problems when i work with tem.
If i ping the second pc in my room which both connect to a small switch and then to the opnsense, i also can ping it.
So it seems that all network request going through the opnsense are somehow blocked. As long as i remain in a certain switch subnetwork it seems to work.
What i am missing here? It seems that the group is somehow not linked between itself?
-
So you built a LAN bridge over your 4 ports according to this documentation?
https://docs.opnsense.org/manual/how-tos/lan_bridge.html
Did you set the two tunables as mentioned in that document?
-
Ah nice one. I actually had a guide for that, but that one stopped before the tunables changes.
Better go for offical docmentation next time. Thx man.
-
Any particular reason you feel the need to run two DHCP servers (one in OPNsense and one in the Wireless AP)? To keep it simple, you should really just run one on the OPNsense device. Any device connecting to the wireless AP will still be issued a DHCP address from the firewall. Hopefully the two current servers are handing out addresses in different subnets, but that still raises complexity to the system that really isn't needed. If the two servers are handing out addresses that can overlap with each other, then you will really have problems.
-
Usually, this will give no problems. For situations where redundant DHCP servers are in use (sometimes even over DHCP relays), this is the norm. RFC2131, section 4.4.1 states:
The client SHOULD perform a check on the suggested address to
ensure that the address is not already in use. For example, if the client is on
a network that supports ARP, the client may issue an ARP request for the
suggested request. When broadcasting an ARP request for the suggested address,
the client must fill in its own hardware address as the sender's
hardware address, and 0 as the sender's IP address, to avoid
confusing ARP caches in other hosts on the same subnet. If the
network address appears to be in use, the client MUST send a
DHCPDECLINE message to the server. The client SHOULD broadcast an ARP
reply to announce the client's new IP address and clear any outdated
ARP cache entries in hosts on the client's subnet.