OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: Koldnitz on October 24, 2020, 08:35:51 pm

Title: Alone Lagg (LACP) does not work as a protected interface (OPNsense 20.7.4)
Post by: Koldnitz on October 24, 2020, 08:35:51 pm

Good day,

I just wanted to update you on an issue.

I have been using Sensei with a Lagg for several months.

I have the lagg running between my switch (Unifi 16 port POE, 1st generation I think) to my OPNsense router (qotom i7).  I have no issues with it without Sensei installed.

The only way to get it to work with Sensei is to assign both interfaces that make up the lagg (igb0 / igb1) into the protected interface.

Since the release of Sensei 1.6.1, I can see an interface Lagg0 in the interfaces menu.  However if I assign it as a protected interface everything on the Lagg becomes unreachable.  If I put Sensei into passive mode it works, but it will not work in Bypass mode.  I have tried with both the native and generic drivers. 

I assume this is due to an interaction between Netmap and Lagg (lacp), because according to information on your website (Deployment Modes), passive mode works if Netmap is being problematic, and it does.

On September 21, Salih attempted to help me get this to work using the kernel patches available back then and we had the same issue.  He said you guys would test it internally.  I am not sure if you did, but I wanted to let you know it still is not working for me.

I will go back to only protecting interfaces (igb0 / igb1) in the mean time.

Addendum:

For completeness I left the Lagg in the protected interfaces and added igb0 / igb1.

Now everything works (protected interfaces include lagg0, igb0 and igb1).  I am very confused because in OPNsense interfaces Lagg0 contains igb0 / igb1.

I am going to leave it like this for the time being.  I will report back if there are any adverse effects.

I hope this helps someone.

Thanks for all your work on this,

Title: Re: Alone Lagg (LACP) does not work as a protected interface (OPNsense 20.7.4)
Post by: mb on October 24, 2020, 11:35:04 pm

Hi @Koldnitz,

We're investigating a similar case. I'll update once we have some more findings.

Title: Re: Alone Lagg (LACP) does not work as a protected interface (OPNsense 20.7.4)
Post by: jbohbot on January 28, 2021, 04:34:01 pm

Any update on this?

I'm running 20.7.8 and as soon as I add my LAGG/LACP into the protected interfaces I loose all connectivity to my box, no LAN and no internet. I need to restore defaults and restore from a backup configuration.

Thank you,
Jonathan