I am migrating from pfsense to opnsense. Part of the setup is migrating my 2 WANs to the new OPNsense hardware.
- Connecting WAN (ixl0) to ESP1 w/o using vlans works just fine.
- Connecting ESP1 to WAN via vlan (Vlan parent: ixl0 tag 12) works flawlessly until reboot.
After reboot WAN interface is marked up but no traffic is going through. At all.
- workaround 1: Enable promisc mode actually makes the vlan01 interface work, which solves this issue but creates others.
- workaround 2: Assigning ixl0 (the parent interface) to WAN makes the vlan01 interface to work. Then re-assigning vlan01(tag: 12) back to WAN solves the issue until the next reboot.
hardware:
ixl0@pci0:0:16:0: class=0x020000 rev=0x02 hdr=0x00 vendor=0x8086 device=0x1572 subvendor=0x8086 subdevice=0x0000
vendor = 'Intel Corporation'
device = 'Ethernet Controller X710 for 10GbE SFP+'
class = network
subclass = ethernet
bar [10] = type Prefetchable Memory, range 64, base 0xfd000000, size 8388608, enabled
bar [1c] = type Prefetchable Memory, range 64, base 0xfde00000, size 32768, enabled
cap 01[40] = powerspec 3 supports D0 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 11[70] = MSI-X supports 129 messages, enabled
Table in map 0x1c[0x0], PBA in map 0x1c[0x1000]
cap 10[a0] = PCI-Express 2 endpoint max data 256(2048) FLR RO
max read 512
link x4(x4) speed 8.0(8.0) ASPM disabled(L1)Any suggestions?
Just assign the parent interface (ixl0) as well to any arbitrary name and enable it (without any IP configuration). That way, it will be enabled. Let vlan01 be assigned to WAN as it was.
Many people do not even notice this is sometimes neccessary because they assign the parent interface anyway in order to access the NT user interface.
Thank you. Bringing up parent interface did the trick!
During configuration I noticed the following non-intuitive behaviour:
1. Interface Priority: The order in which network interfaces are brought is triggering the same issue. In Opnsense, the parent interface is typically brought up after the WAN interface, which can lead to (for example) DHCP timeouts during boot if WAN is using VLAN device. To address this, prefixing the parent interface name with a numerical value (e.g., '1dummy') can prioritize its activation, ensuring timely DHCP acquisition during boot.
2. VLAN MAC Address Inheritance: When using custom MAC addresses, it's essential to note that VLANs inherit their MAC addresses from their parent interfaces. To assign a custom MAC address to a VLAN, it must be configured on the parent interface ('1dummy' in my case), rather than directly on the VLAN itself. This is not handled well in the UI and you can define it in VLAN interface, which will have no effect.