I've switched from VyOS to OPNSense (24.1.1) yesterday and I am really impressed by the product. It is easy to use, has loads of options and has a lot of extention possibilities.
I have found one issue though: the WAN interface (via a vlan0.10) doesn't receive a DHCP IPv4 address after the router is booted. When I open a console using a SSH connection, running a tcpdump to inspect the DHCP traffic (' tcpdump -i vlan0.10 -nvvv udp port 67 or udp port 68') triggers something which makes everything work all of a sudden: the WAN interface gets an IP-address and starts to magically work.
When I stop the tcpdump (ctrl-c), the traffic is stopping again, and the internet stops working. My question is: what could cause this issue? It is really strange. I've tried it five times now and five times the same result. I'm losing the internet connection unless I leave the SSH-shell open with the tcpdump running.
Please let me know which logs I need to share, I would be happy to share them if needed.
Promiscuous mode to the rescue? Are you spoofing VLAN MACs without setting the parent into promiscuous mode?
Cheers,
Franco
> I've switched from VyOS to OPNSense (24.1.1) yesterday and I am really impressed by the product.
PS: :)
Wow, that's a fast response and might be the key, as this makes sense. I'm indeed spoofing the MAC on the vlan interface, as otherwise I wouldn't receive an IP-address from my provider :-)
Where should I change this setting? I've assigned vlan0.10 to the WAN interface. Should I set the promiscuous mode on that WAN interface? I'm asking because I can't find the option to do this on the main interface (igb0), as that interface can only be seen in the 'overview' section under 'interfaces' and there is no edit button there.
When I press the search button on the right next to igb0 it shows me some info for the device, among which:
- status: up
- Description: unassigned interface
- promiscuous listeners: 1 (that is with promiscous mode on WAN (vlan0.10) still off)
Should I add the igb0 interface under 'Assignments' and enable it and then set it to promiscuous mode, or should I enable promiscuous mode on the WAN (vlan0.10) level? Or should I spoof the MAC-address on the hardware interface (igb0)? So many choices.... ::) :-\
For those with similar issues: I've found the answer:
- Assign the physical interface (for instance igb0 to 'WANphysical_if')
- Spoof the MAC on the physical interface, leave the 'IPv4/6 configuration type' on 'None'
- The VLAN will inherit the MAC from the physical interface automatically (so you can remove the spoofing on VLAN-level)
- You can turn off promiscuous mode on the VLAN, as the traffic will now correctly arrive at the VLAN because spoofing has been done on the phyiscal interface.
Also the comments below VLAN WAN configuration MAC-address field reads:
"This field can be used to spoof the MAC address of the interface. Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank if unsure. This may only be required e.g. with certain cable connections on a WAN interface. When used on a single VLAN interface the setting "Promiscuous mode" is required for this to work. Alternatively, the parent interface MAC can be spoofed applying the MAC address to all attached VLAN children automatically."
I hope this helps..
Sorry, missed your last question, but what you posted is entirely correct. Thanks!
Cheers,
Franco