Hi all,
I have found an issue on the last two firmware update from 17.1.4 to 17.1.5 and now with 17.1.6 all Vlan interface after upgrade will be deleted specifically all interface "assignment".
This is a start-up
https://pastebin.com/rQpnA663
In version 17.1.5 I have reconfigured all interface assignment with the same sequence followed in the first installation for recovery all firewall rules, If I didn't follow the right order, all firewall rules would be mixed.
After this operation the network traffic coming from IPSEC was no longer associated to IPSEC interface.
At a moment we heve installed my old firewall but I would like to understand what is caused.
Note: I have tried to remove zerotier but the issue persist after the reboot.
Many thanks for the support ;)
liberomic
Hi all,
I have tried to restore the backup on another appliance and the issue persist.
Many thanks for the support ;)
liberomic
Hi there,
The reassignment means there is a problem with zerotier initialisation. zerotier package was bumped from 1.2.2 to 1.2.4 with 17.1.6 so that's likely the issue.
You can revert to the old zerotier to confirm:
# opnsense-revert -r 17.1.5 zerotier
Cheers,
Franco
Hi Franco,
I have removed zerotier package after the upgrade 17.1.6 and now I have re-installed but the vlan are not recovered.
root@gw-firewall:~ # opnsense-revert -r 17.1.5 zerotier
Fetching zerotier.txz: ... done
Verifying signature with trusted certificate pkg.opnsense.org.20161210... done
zerotier-1.2.4: already unlocked
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):
Installed packages to be REMOVED:
zerotier-1.2.4
Number of packages to be removed: 1
The operation will free 1 MiB.
[1/1] Deinstalling zerotier-1.2.4...
[1/1] Deleting files for zerotier-1.2.4: 100%
Installing zerotier-1.2.2_1...
Extracting zerotier-1.2.2_1: 100%
Message from zerotier-1.2.2_1:
#################################
Note: this issue occurred in first update from 17.1.4 to 17.1.5 where I installed zerotier in 17.1.4, in the upgrade to 17.1.5 all vlan configurations are missed, and now the issue persist in the from 17.1.5 to 17.1.6.
Many thanks for the support ;)
liberomic
What kind of VLAN IP address configuration are you using? What is underneath the VLANs?
Hi Franco,
we have assigned a private subnet on all vlan tag, and working fine to 17.1.4.
After I sent the command that you indicated , do I need to do the restore configuration function?
On startup
Starting named.
setup em1
error : interface opt1 not found
error : interface opt2 not found
error : interface opt3 not found
error : interface opt4 not found
error : interface opt5 not found
error : interface opt6 not found
error : interface opt7 not found
setup enc0
root@gw-firewall:~ # ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=52098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
ether f4:90:ea:10:1f:3f
inet6 fe80::f690:eaff:fe10:1f3f%em0 prefixlen 64 scopeid 0x1
inet 172.16.96.1 netmask 0xffffff00 broadcast 172.16.96.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
------------------------------------------------------------------
em0_vlan101: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether f4:90:ea:10:1f:3f
inet6 fe80::f690:eaff:fe10:1f3f%em0_vlan101 prefixlen 64 scopeid 0xa
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
vlan: 101 vlanpcp: 0 parent interface: em0
groups: vlan
em0_vlan102: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether f4:90:ea:10:1f:3f
inet6 fe80::f690:eaff:fe10:1f3f%em0_vlan102 prefixlen 64 scopeid 0xb
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
vlan: 102 vlanpcp: 0 parent interface: em0
groups: vlan
em0_vlan103: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether f4:90:ea:10:1f:3f
inet6 fe80::f690:eaff:fe10:1f3f%em0_vlan103 prefixlen 64 scopeid 0xc
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
vlan: 103 vlanpcp: 0 parent interface: em0
groups: vlan
em0_vlan105: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether f4:90:ea:10:1f:3f
inet6 fe80::f690:eaff:fe10:1f3f%em0_vlan105 prefixlen 64 scopeid 0xd
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
vlan: 105 vlanpcp: 0 parent interface: em0
groups: vlan
em0_vlan111: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether f4:90:ea:10:1f:3f
inet6 fe80::f690:eaff:fe10:1f3f%em0_vlan111 prefixlen 64 scopeid 0xe
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
vlan: 111 vlanpcp: 0 parent interface: em0
groups: vlan
The IP configurations are not set.
Many thanks for the support ;)
liberomic
In your config.xml that causes this "reassign" there must be an interface that is not available at boot time. The VLANs are correctly ignored.
Can you grep in your config.xml that causes this behaviour...
# grep '<if>' /conf/config.xml
Hi Franco,
grep '<if>' /conf/config.xml
<if>em1</if>
<if>em0</if>
<if>openvpn</if>
<if>enc0</if>
<if>em0</if>
<if>em0</if>
<if>em0</if>
<if>em0</if>
<if>em0</if>
I have checked the file /conf/config.xml and the static IP present on VLAN interfaces are not present.
Many thanks for the support ;)
liberomic
Hi liberomic,
I don't see any hint why this reassign happens as all devices are hardware or virtual (openvpn, enc0, vlans don't even show here in names, just parent interface).
You can try to verify with the core package of an older version, but there weren't any suspicious changes that would cause this.
# opnsense-revert -r 17.1.5 opnsense
Or
# opnsense-revert -r 17.1.4 opnsense
A firmware upgrade from the GUI or console brings you back to the latest version.
Cheers,
Franco
Hi Franco,
thanks for you support, I have followed some tests.....
In evidence: "I have installed zerotier in 17.1.4 and assigned an OPT interface... after the upgrade to 17.1.5 all VLAN will be deleted."
Now I have followed this test
1) opnsense-revert -r 17.1.4 opnsense
2) restore an old backup
3) upgrade to 17.1.6 from console
.... working fine
I tried to restore a recent backup but the issue persist, working only with the backup file before the installation of zerotier.
Regards,
Liberomic
Hi Franco,
I have upgraded this configuration to 17.1.7 (zerotier now is removed) and working fine, but we want use Zerotier on Opnsense.
Do you have checked this issue on different configurations?
Regards
Liberomic
Hi All,
I have installed the zerotier plugin in the last version of opnsense after the reboot all vlan will be deleted.
Uses of zerotier on opnsense with vlan is very critical.
:'( :'( :'(
Did you use the "lock interface" feature for each VLAN that has been in OPNsense since 17.7.1?
Hi Franco,
after factory reset I have applyed the lock on all interfaces, thanks for your suggestion.
Why this option is not set as default? now I will install zerotier without issue? on zerotier interface this future is needed ?
Regards,
Liberomic