I have a strange issue. I'm trying to setup a VLAN interface on OPNsense 24.7.11_2-amd64. I created the VLAN interface, gave it a static IP, created the VLAN on my switch, the switch can ping the VLAN interface, but the device I have connected to the VLAN cannot connect (static IP).
Here is the interfaces overview showing my VLAN 105 interface and the gateway that shouldn't be there:
Screenshot 2025-01-06 at 16-34-12 Overview Interfaces OPNsense.localdomain.png
And here is how the interface is configured:
Screenshot 2025-01-06 at 16-34-31 VLAN105 Interfaces OPNsense.localdomain.png
I've never seen this behavior before. I think this is what's causing my issue. Any ideas?
Thanks!
Have you assigned the switch port the device is connected to to the VLAN? Untagged/access port.
Yes.
interface GigabitEthernet1/0/39
description [snip]
switchport access vlan 105
switchport mode access
!
I compared with another OPNsense firewall I have with VLAN interfaces and the gateway is blank on that firewall (as expected). I guess I'm confused as to how a Wireguard tunnel interface is showing up on a just-created VLAN interface for which "IPv4 gateway rules" is disabled.
A WG tunnel is a separate independent interface (wg0 ... wgn). It is in no way connected to a VLAN or physical interface. I do not quite understand your mention of WG here.
Yes, I know. See the Interfaces Overview screenshot in my first post. Interface VLAN105 (opt3) has a gateway of 10.255.254.18 (which is the remote end of my wireguard tunnel). It seems like that is causing my routing problem. And that is my question: why is a remote wireguard tunnel IP applying itself to a VLAN interface and specifically when I have IPv4 gateway rules set as 'Disabled'? It's a locally routed network; there shouldn't be a gateway, and I never set it. I'm assuming this is a bug?
Quote from: nightfox818 on January 07, 2025, 02:27:58 AMInterface VLAN105 (opt3) has a gateway of 10.255.254.18
Then remove that gateway, perhaps? Still puzzled. :-)
That is a bit odd. I notice that your wg0 is unassigned, which is not typical (I believe). Does it change anything you assign it an interface?
Quote from: Patrick M. Hausen on January 07, 2025, 09:09:00 AMQuote from: nightfox818 on January 07, 2025, 02:27:58 AMInterface VLAN105 (opt3) has a gateway of 10.255.254.18
Then remove that gateway, perhaps? Still puzzled. :-)
Again, refer to my screenshot. I cannot remove it because it's already "Disabled" from the interface... unless there's a config file under the GUI I can modify.
Quote from: dseven on January 07, 2025, 11:31:14 AMThat is a bit odd. I notice that your wg0 is unassigned, which is not typical (I believe). Does it change anything you assign it an interface?
It's in the docs that way and Wireguard is working. https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html But that's not the issue here.
Quote from: nightfox818 on January 07, 2025, 02:16:04 PMAgain, refer to my screenshot. I cannot remove it because it's already "Disabled" from the interface
If it's set to disabled then there is no gateway on that interface. Where do you see that one is, supposedly?
Quote from: Patrick M. Hausen on January 07, 2025, 02:26:01 PMIf it's set to disabled then there is no gateway on that interface. Where do you see that one is, supposedly?
Interfaces Overview, per the screenshot in the original post.
Now I get it, sorry. What is shown when you click that "expand" button for the routes in the "wg0" row?