I have an ONT that allowed communication over a local IP space but loses connection every X minutes if the device is not ARP'd. To get around this, a static ARP entry is required for its MAC, but I'm unable to add it for that space
root@opnsense:~ # arp -a | grep 192.
? (192.168.1.2) at b4:96:91:21:c9:76 on ix1 permanent [ethernet]
root@opnsense:~ # arp -s 192.168.1.1 MAC_ADDR
arp: cannot intuit interface index and type for 192.168.1.1
root@opnsense:~ #
For reference, 192.168.1.2 is an alias IPv4 address attached to the WAN interface in the interface settings. 192.168.1.1 is the address of the ONT in question.
Any hints?
Hi Berserker,
Did you try adding a static ARP entry via the GUI? There is the 'Wake on LAN' plugin that allows to set static ARP entries.
I haven't! I didn't realize it did. Do I just add it as if I were adding a device to the WoL function with the right interface, IP and MAC?
Edit: Just tried and it doesn't seem to be adding the entry.
Checking things, it might be easier than that.
I went that way, because I wanted WoL. I can give a description for an interface/ARP pair, but not an IP.
You want a static ARP/IP entry. Did you notice you can tick a box for that when you create a static DHCP lease? Perhaps if you start there and are successful, you can go from there to troubleshoot the ARP entry in case you don't need/want the DHCP entry.
I want a static ARP for an IP that the opnsense system does not know about, so I'm not sure if static ARP under DHCP lease is the answer here, especially because it wouldn't be on any LAN interfaces. If that's still the way to do it, then I can try but I have my doubts here
My line of thought was: see if it works 'the OPNsense way'; if it does, see what the difference in output is compared to the manual configuration. If it also does not, no idea. Breakage in FreeBSD seems far fetched.
QuoteFor reference, 192.168.1.2 is an alias IPv4 address attached to the WAN interface
with /32 mask i believe?
Quote from: Fright on March 20, 2023, 06:11:18 PM
QuoteFor reference, 192.168.1.2 is an alias IPv4 address attached to the WAN interface
with /32 mask i believe?
I assumed this was for the ip space, which the ONT's is on a /24, so I added it as a /24
bump
hm. can you share ifconfig and netstat -r please?
netstat
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 172.13.160.1 UGS ix1
dns.google c-24-99-70-1.hsd1. UGHS igb0
dns.google 172.13.160.1 UGHS ix1
10.0.10.0/24 link#9 U ix0_vlan
opnsense link#9 UHS lo0
10.0.20.0/24 link#10 U ix0_vlan
10.0.20.1 link#10 UHS lo0
10.0.30.0/25 link#12 U ix0_vlan
10.0.30.1 link#12 UHS lo0
10.0.40.0/28 link#17 U wg1
10.0.40.1 link#17 UHS lo0
10.0.40.2 link#17 UHS wg1
10.0.60.0/28 link#13 U ix0_vlan
10.0.60.1 link#13 UHS lo0
10.0.70.0/26 link#14 U ix0_vlan
10.0.70.1 link#14 UHS lo0
10.0.80.0/29 link#15 U ix0_vlan
10.0.80.1 link#15 UHS lo0
10.0.90.0/27 link#16 U ix0_vlan
10.0.90.1 link#16 UHS lo0
10.0.250.0/24 link#11 U ix0_vlan
10.0.250.1 link#11 UHS lo0
wg_ip_adr wg_gateway UGHS wg2
10.68.7.116 link#18 UHS wg2
10.68.7.117 link#18 UH lo0
24.99.70.0/23 link#3 U igb0
c-24-99-70-247.hsd link#3 UHS lo0
localhost link#5 UH lo0
172.13.160.0/22 link#2 U ix1
172.13.163.219 link#2 UHS lo0
192.168.1.0/24 172.13.160.1 UGS ix1
192.168.1.2 link#2 UHS lo0
Internet6:
Destination Gateway Flags Netif Expire
localhost link#5 UHS lo0
fe80::%lo0/64 link#5 U lo0
fe80::1%lo0 link#5 UHS lo0
ifconfig
ix0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,NOMAP>
ether b4:96:91:21:c9:74
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: ATT_WAN (wan)
options=4803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,NOMAP>
ether b4:96:91:21:c9:76
inet wan_ipaddr netmask 0xfffffc00 broadcast 172.13.163.255
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (10Gbase-SR <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: COMCAST_WAN (opt8)
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
ether ac:1f:6b:21:c2:28
inet 24.99.70.247 netmask 0xfffffe00 broadcast 255.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb1: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
ether ac:1f:6b:21:c2:29
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
groups: enc
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 0.0.0.0 maxupd: 128 defer: off
syncok: 1
groups: pfsync
ix0_vlan10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN10_LAN (lan)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.10.1 netmask 0xffffff00 broadcast 10.0.10.255
groups: vlan
vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN20_IoT (opt1)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.20.1 netmask 0xffffff00 broadcast 10.0.20.255
groups: vlan
vlan: 20 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan250: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN250_WORK (opt7)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.250.1 netmask 0xffffff00 broadcast 10.0.250.255
groups: vlan
vlan: 250 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN30_MGMT (opt2)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.30.1 netmask 0xffffff80 broadcast 10.0.30.127
groups: vlan
vlan: 30 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan60: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN60_PROXMOX (opt3)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.60.1 netmask 0xfffffff0 broadcast 10.0.60.15
groups: vlan
vlan: 60 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan70: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN70_INTERNET (opt4)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.70.1 netmask 0xffffffc0 broadcast 10.0.70.63
groups: vlan
vlan: 70 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan80: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN80_IPMI (opt5)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.80.1 netmask 0xfffffff8 broadcast 10.0.80.7
groups: vlan
vlan: 80 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan90: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN90_SERVICES (opt6)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.90.1 netmask 0xffffffe0 broadcast 10.0.90.31
groups: vlan
vlan: 90 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wg1: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
inet 10.0.40.1 netmask 0xfffffff0
groups: wg wireguard
nd6 options=109<PERFORMNUD,IFDISABLED,NO_DAD>
wg2: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
inet wg_addr netmask 0xffffffff
groups: wg wireguard
nd6 options=109<PERFORMNUD,IFDISABLED,NO_DAD>
hm. there is a static route that looks wrong imho
Quote192.168.1.0/24 172.13.160.1 UGS ix1
which states that the 192.168.1.0 subnet is behind the gateway
arp can not intuit interface in this case
well that was added by the system when I set the secondary IP, how do I get it to not add it?
I'm an idiot. I had a static route added from before when I was testing some other things. I removed it, and was properly able to add the static ARP entry now. Thank you!
that's great! thanks for the feedback )
Hi Berserker, thanks for being patient with my not so helpful suggestions, glad you got it solved! Would you consider adding 'Solved' or any indicator to your topic title, to help others?
Quote from: wbk on March 22, 2023, 11:08:27 PM
Hi Berserker, thanks for being patient with my not so helpful suggestions, glad you got it solved! Would you consider adding 'Solved' or any indicator to your topic title, to help others?
Done thanks.
Gonna open this back up. I was successfully able to add the static ARP entry, but it disappears after a few, maybe 10-20 minutes. I do see the entry says "permanent" but something is removing it, not sure what.
What's the correct way to add a permanent static ARP entry besides running "arp -s"?
QuoteWhat's the correct way to add a permanent static ARP entry besides running "arp -s"?
static_arp_pairs ?
https://man.freebsd.org/cgi/man.cgi?rc.conf(5)
Quote from: Fright on March 24, 2023, 07:00:16 AM
QuoteWhat's the correct way to add a permanent static ARP entry besides running "arp -s"?
static_arp_pairs ?
https://man.freebsd.org/cgi/man.cgi?rc.conf(5)
I have that added in /etc/rc.conf but it does not work. Is it in the wrong file?
@Berzerker
sorry for delay
i see three possible ways:
(1) Try to use syshook (https://docs.opnsense.org/development/backend/autorun.html):
add 'static_arp' file to /etc/rc.d.conf with:
static_arp_pairs="gw"
static_arp_gw="xxx.xxx.xxx.x 11:22:33:44:55:66"
and (for example) 30-static_arp file (dont forget permissions) to /usr/local/etc/rc.syshook.d/start with:
#!/bin/sh
# need my ONT staic arp somehow
/etc/rc.d/static_arp start
and reboot to test
BUT i dont think it survives a link cycle. may be /usr/local/etc/rc.syshook.d/config/ will work better?
(2) just use cron to "arp -S" every X min?
(3) dhcpd trick:
try to add a static lease do DHCP [WAN] (don't need to enable DHCP server though ;) ) with ONT MAC and IP and enable "ARP Table Static Entry" for this entry. this should force interfaces_staticarp_configure() function to add this arp record when needed. then reboot or "configctl interface reconfigure wan" to test