OPNsense Forum

English Forums => General Discussion => Topic started by: Andre Cinelli on March 18, 2021, 04:06:59 pm

Title: VLANs and Local Interfaces routes
Post by: Andre Cinelli on March 18, 2021, 04:06:59 pm

Hi all,

my name is André and I recently installed OPNsense. I am super newbie and would really appreciate a link to an explanation of what happened on my setup.

THE ENVIRONMENT:

I have one server running OPNSense with two (02) physical interfaces. As I needed more internal networks, I created 5 VLANs on the switches. After that I created the corresponding internal VLAN interfaces in OPNsense.

Something like that:
10.31.0.0/21 - WAN Interface - IP 10.31.6.8 with default gateway set to IP 10.31.4.1
192.168.110.0/24 - VLAN 110 - interface IP 254
192.168.111.0/24 - VLAN 111 - interface IP 254
192.168.112.0/24 - VLAN 112 - interface IP 254
192.168.114.0/24 - VLAN 114 - interface IP 254
192.168.200.0/24 - VLAN 2000 - interface IP 254

THE ISSUE:

When I was testing reachability from my computer (that is in the same network as the WAN firewall interface and has an all access rule set in the firewall) I was only able to reach hosts at the 192.168.200.0/24.

I looked at the firewall live view logs and saw that the packets that I´ve sent trying to reach the other internal networks were being logged as a PASS but being sent back to the firewall's WAN interface. With a traceroute I saw that they were being routed to the firewall default gateway and not to the local network interfaces directly connected to it.

I took a look at my firewall routes and saw that there was only one network route for the internal interfaces:
ipv4   192.168.200.0/24   link#11   U   288   1500   ix1_vlan2000   

There weren´t any routes for the 110-114 networks.
I had to manually add static routes to the other interfaces to make it work.

THE QUESTIONS:

What have I done wrong to not have the internal local networks routes already set? Was there a box that I should have checked? Why only the 200 network interface had the route (maybe it was the default LAN network before I renamed its description)?

Thanks in advance,
Andre

PS: I just confirmed that the 200 network interface was my LAN in the Interfaces-Overview.












 

Title: Re: VLANs and Local Interfaces routes
Post by: Andre Cinelli on March 18, 2021, 04:30:02 pm

I saw what  I did wrongly.
On the VLANs 110-114 static IP configs I left the combo box with the network mask for a single host (32). The right mask should be 24.

Newbies will be newbies.

Thanks in advance, and ignore my previous post.

Andre