Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: ImpossibleEnd on July 14, 2025, 03:53:50 PM

Title: VLAN Issue
Post by: ImpossibleEnd on July 14, 2025, 03:53:50 PM
Hey ppl,

i seem to be having an odd issue that i am banging my head against the wall trying to resolve.
i have 3 vlans setup on opnsense 20,40,60 when i try to ssh/https/ftp from vlan 20 to vlan 40 my ssh/https/ftp sessions will drop out.
there is no issues with ping or traceroute
if i talk to something on the same vlan (aka dont hit the fw) everything is fine.
I'm guessing there is a setting or something im missing on opnsense.
any ideas or suggestions on things to try would be great.

thanks in advance.
Title: Re: VLAN Issue
Post by: viragomann on July 14, 2025, 05:00:47 PM
This could be an asymmetric routing issue. Maybe your VLANs are not fully isolated outside OPNsense.

Do you see any related blocks in the firewall log?
Ensure, "Default block" is checked in Firewall: Settings: Advanced.
Title: Re: VLAN Issue
Post by: ImpossibleEnd on July 15, 2025, 03:58:15 PM
Quote from: viragomann on July 14, 2025, 05:00:47 PMThis could be an asymmetric routing issue. Maybe your VLANs are not fully isolated outside OPNsense.

Do you see any related blocks in the firewall log?
Ensure, "Default block" is checked in Firewall: Settings: Advanced.

(https://i.imgur.com/eA6tdyb.png)

turns out i do.
the green line is when i ssh to the server.
then i get dropped packets when ssh drops out.
i tryed changing the firewall optimisation to conservative but it still drops out. it just takes longer to drop out.
i also tryed changing "bypass firewall rules for traffic on the same interface" seen as all the vlan's are coming off one physical network port but still drops out.



Title: Re: VLAN Issue
Post by: viragomann on July 15, 2025, 04:16:17 PM
I'm wondering, why there are packets with exactly the same source address and port and the same destination address and port on different interfaces.

Maybe some information about your network setup can shed some light.
Title: Re: VLAN Issue
Post by: ImpossibleEnd on July 16, 2025, 01:59:27 PM
i use two interfaces

Port 1 = WAN
Port 2 = MGMT (native vlan 40)
Port 2 = DATA (tagged vlan 20)
Port 2 = IOT (tagged vlan 60)

here is a rough network map of my network

(https://i.imgur.com/7iP0vig.png)

let me know what other info you are looking for and i can provide it

doesnt matter if i am on wifi or ethernet the same thing happens.
also doesnt matter which switch/ap i am connected to
Title: Re: VLAN Issue
Post by: Patrick M. Hausen on July 16, 2025, 02:38:12 PM
Don't use a native VLAN with OPNsense/FreeBSD if possible. Run all interfaces tagged.
Title: Re: VLAN Issue
Post by: viragomann on July 16, 2025, 02:49:52 PM
Your filter log shows the same connection on different VLANs. So I suspect, that something outside is leaking the VLANs.
I don't think, that you can solve this on OPNsense.
Text only | Text with Images