howdy folks :).
pfsense convert here. I'm happy to begin using opnsense for my network.
I have a fun problem I would appreciate help debugging.
When I unplug the ethernet cable from a Linux client igc0 device (LAN), clients connected to the AP interface lose all upstream network access. They cannot reach the upstream router (opnsense).
I'm curious
why this happens.
The box is a Qotom J4105 that has 5 Intel I225-V ethernet ports. I have installed the latest opnsense with all patches.
I have stayed close to a default installation; some firewall and unbound configuration applied.
I am using IPv4 and have turned off IPv6 as far as I can tell.
I have 3 interfaces assigned to the first 3 ports:
- LAN on igc0 Static IPv4 192.168.1.1/24
- WAN on igc1 DHCP IPv4
- AP on igc2 Static IPv4 (a bridged wireless access point running OpenWrt)
If I leave the LAN ethernet cable plugged into my Linux client, the clients connected to the AP can reach opnsense and WAN.
When I unplug the LAN ethernet cable only from the Linux clients, the clients connected to the AP cannot reach opnsense or WAN.
This issue seemed similar to https://forum.opnsense.org/index.php?topic=27299.150
(https://forum.opnsense.org/index.php?topic=27299.150). I tried spoofing WAN and LAN MAC addresses but that did not resolve the issue.
I've also verified the ISP router retains the default route when I unplug the client ethernet cable on LAN.
Now for questions!
- Is some kind of bridging behavior at work here?
- What configuration should I post to focus the troubleshooting?
Thank you for reading and any insight.
(edited for formatting and incorrect LAN details)
You cannot have two interfaces with DHCP. What is the DHCP server for LAN and why?
Are LAN and AP bridged in OPNsense, possibly?
QuoteWhat is the DHCP server for LAN and why?
oops, I posted incorrectly. I have LAN set to a static interface.
I would like to have 1 DHCP server on the local network.
QuoteAre LAN and AP bridged in OPNsense, possibly?
Great question. How can I disconfirm this or view the status in the interface?
Did or didn't you manually create a bridge interface? Do LAN and AP use two separate IP networks or the same one?
If different, do clients on AP use the IP address of LAN on the OPNsense as a DNS server, possibly?
The first thing to consider: the moment you unplug an interface it goes "down". All IP addresses on that interface are not reachable, anymore. All services that are reached via these IP addresses are not reachable, anymore. All routes via that interface are deleted from the routing table.
QuoteYou cannot have two interfaces with DHCP
Thanks for the insight Patrick!
I pondered this and realized how I had misconfigured LAN and AP to both use a DHCP server.
I then unchecked "Enable DHCP server on the LAN interface" in Services > DHCPv4 for LAN.
Then, unplugging the ethernet cable in igc0 did not cause clients connected to the AP interface by way of wifi to lose their WAN access.
Quote
Did or didn't you manually create a bridge interface?
I have not manually created a bridge interface.
Quote
Do LAN and AP use two separate IP networks or the same one?
LAN and AP are on the same IP network but different subnets.
LAN is 192.168.1.x.
AP is 192.168.30.x
Thanks for the reminder of all that happens when an interface drops.
But don't you need a DHCP service for your LAN clients? You can have only one interface configured with DHCP. That is your WAN. You can have as many statically configured interfaces as you like and of course you can run a DHCP server on all of them.
I do need the ability to have LAN and other free interfaces offer connected clients an IP address via DHCP.
As a beginner, I was confused by configuring DHCP versus enabling DHCP service for an interface.
QuoteYou can have as many statically configured interfaces as you like and of course you can run a DHCP server on all of them.
This highlights what I missed.
To restate in my own words:
In OPNsense, you may only have one interface configured as DHCP.
You may have any of the other interfaces configured to use a DHCPv4 or DHCPv6 server.
This distinction was new to me!