Hi there,
After upgrading to 26.1.6 from 26.1.5 i noticed "Notice kernel <7>[4458] arpresolve: can't allocate llinfo for 192.168.3.5 on ix0" (ix0 is my wan interface and 192.168.3.5 is a client in vlan3), resetting the firewall state table cleared these errors.
Meanwhile there were other issues also: HAproxy was down, re0 interface that is connected directly to a client was down, when trying to ping it I got "ping: sendto: Permission denied".
At this point (after hours of tshooting :) ) i thought OPNsense is broken and did a fresh install, loaded the config file but GUI says check interfaces (I know re0 is known to cause issues so I removed it) removed the the <interface> part in the config file, clean installed the os again, loaded the modified config file and assigned the interfaces again.
I installed the re0 nic again, assigned it, and waited for config to finish (plugins to be isntalled and so on) and voila its broken again, the same issue appeared. Also in Gateways the IP is different from the one the WAN interface has received the the ISP dhcp.
What am i missing here?
I'd appreciate some help.
Thanks!
I had a different issue, also related to this update. My destination NAT broke. I eventually got it to a point where I could either have destination NAT working and some external websites fail to load with ERR_SSL_UNRECOGNIZED_NAME_ALERT, or be stuck with no destination NAT so I could have internet access for all websites. It was weird though because it only affected certain websites. I have been unsuccessful with finding a working configuration and am using my backup router on an older version.
Hi,
Thanks for your reply but I think I resolved it. After many hours of tshooting and reconfig here are some "lessons learned" for me that might help:
1. Disable any ISP/IDS services. It was CrowdSec that was triggering that "Permission denied".
2. Make sure the interface naming/assignment is exactly as it was prior to upgrade. I had to create dummy vlans so that opt9 would be assigned to my desired interface so that things would start to work again. (maybe there are better ways but hey, it worked!)
3. Double check fw rules, they might seem fine but a Gateway in a random lan/vlan might be set to "none" and the weirdness start.
4. WireGuard should be called WierdGuard, why it worked sometimes and sometimes not, why sometimes it was using my dns and sometimes none at all or why every time I rebooted opnsense something got fixed and something else broke, I could not figure it out.
Seems like network goblins keep following me even after i leave the office.
Maybe these are common knowledge for you but for me it was a nice learning session. As of now everything seems to be back in order.
regarding "Notice kernel <7>[4458] arpresolve: can't allocate llinfo for 192.168.3.5 on ix0" it might have been related to some misconfigured FW rule that made WAN believe that client was connected to it in L2, but did not have time to investigate further as i haven't noticed it anymore in the logs (FW rule tinkering might have fixed it).