OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: Mr.Goodcat on November 21, 2021, 05:26:36 pm

Title: [SOLVED] Missing ARP entry for WAN Gateway (bridged 4G/5G CPE via Ethernet)
Post by: Mr.Goodcat on November 21, 2021, 05:26:36 pm

Hi,

my setup has two WANs:
one via Cable (DOCSIS), one via a 4G/5G CPE which is in bridge mode and attached via Ethernet.

For some reason, the latter's WAN gateway in OPNSense does not come up on its own. OPNSense receives an IP via DHCP, but there is no corresponding ARP entry for the 4G/5G CPE. If I add this manually, everything works.

However, as the 4G/5G WAN IP can change setting a static entry is no real solution - i.e. there is no fixed MAC-IP combination.

As of now, my best guess for this behaviour is that both WAN and Gateway IP are in the 100.64.0.0/10 range, i.e. carrier-grade NAT IPs. However, the corresponing WAN interface at OPNSense is set to allow both bogons and private IPs.

Thus I'm looking for any other issues which could cause the observed behaviour. Any ideas would be greatly appreciated! :)

Title: Re: Missing ARP entry for WAN Gateway (bridged 4G/5G CPE attached via Ethernet)
Post by: Mr.Goodcat on November 24, 2021, 03:52:36 pm

As the issue persists, I tried to get additional information.
Attached is an image of a packet capture on the WAN interface connecting OPNSense (Mellanox NIC) and the ZTE 5G CPE/Gateway. As can be seen, the CPE sends ARP requests to OPN's WAN port and receives propper replys. For some reaseon though, this keeps repeating indefinitely. :-\
The Firewall itself doesn't seem to send any ARP request to the CPE and also doesnt't infer the data from the received requests.

Title: Re: Missing ARP entry for WAN Gateway (bridged 4G/5G CPE attached via Ethernet)
Post by: Mr.Goodcat on November 28, 2021, 04:06:07 pm

Issue solved!

The interface I used for attaching the 5G WAN CPE was previously used for internal purposes. As such, the DHCP server was configured with "Deny unknown clients" and "Enable Static ARP entries". These entries for the DHCP server disappeared from the GUI after switching the WAN interface from static IP to DHCP client, just like they should.

However, the DHCP server config appears to have been active nonetheless. This can't be the intended behaviour and should be fixed. After switching the WAN interface to static IP, removing the DHCP server entries and then switching WAN back to DHCP client for getting an IP, everything works as intended.