OPNsense Forum

English Forums => General Discussion => Topic started by: chrisw75 on November 27, 2021, 06:08:01 pm

Title: Networking Questions
Post by: chrisw75 on November 27, 2021, 06:08:01 pm

Hi Everyone,

This is my first post. I came into OPNsense by way of Qotom device. I have to admit, it's nice. 4 port intel (igb) nic version, i3-4010U w/8GB RAM and Samsung EVO 860 250GB SSD. OPNsense UI is practically instant on this device compared to my ASUS RT-AC3100 which is currently acting as my router.

I should preface by saying my networking know-how is maybe intermediate at best. I was going to open an issue at github but I found the forums and figured maybe someone could help me. I have the router plugged into my network and it's currently not acting as a router, I'm just getting it set up so I can swap it into place when ready.

I'm using a TRENDnet TEG-082WS (latest firmware) and under networking, I have 4 trunk groups I can create (the maximum.) I have my TrueNAS Scale bonded on port 7+8/active via LACP l2 (it defaulted to this; standard Linux bonding stuff.) I created a second trunk id (#2) and chose ports 4+5/active.

I've configured the OPNsense device thusly:

port0: wan/dhcp (currently not connected but will be to bonded ISP DSL 100/20)
port1: lagg/lacp (l2,l3,l4)*
port2: lagg/lacp (l2,l3,l4)
port3: wifi (currently nothing attached but will enable DHCP on it and use my ASUS 3100 as an AP wired here.)

lagg0 was created as per-documentation for LACP. Slave interfaces have no configuration other than being enabled. All devices are enabled/assigned.

I have a bridge0 configured with members being lagg0 and wifi and is assigned as LAN interface. Currently the LAN IP is hardcoded to 192.168.1.168 as my router is 192.168.1.1 and I've hand-added a default static route to 192.168.1.1 so it can talk to the Interwebs.

I have Suricata enabled (promisc) on WAN interface and Sensei enabled (promisc) on LAN interface. I did the cable dance/forced reboot but everything came back up working so I'm assuming it's fine there as I see the pretty graphs, etc (btw, this is very cool.)

When I connect the OPNsense router to my switch on ports 4+5 the lagg works. However, my NAS suddenly goes offline/unreachable until I kill trunk #2 and sometimes reset/rebuild trunk #1 (NAS)

I look at the switch and it shows that trunk #2 has aggregator id #1 the same as the NAS uses. At the time, I did have STP enabled (default disabled) but have since done a factory reset on the switch and have only configured NTP and the NAS lagg connection and have yet to continue testing.

*My question here is I noticed this morning that the NAS is LACP l2 and the OPNsense is LACP l2,l3,l4 and I came across a FreeBSD post about when acting as a router it should be l3 (see: Unbalanced LACP link) but I'm wondering if because it's set to l2,l3,l4 that it's killing the NAS lagg connection?

I figured I'd stop here and ask questions rather than getting frustrated at my lack of knowledge. I feel I'm so close to swapping it in as my router but can't quite get over the hump here :)

Title: Re: Networking Questions
Post by: chrisw75 on November 28, 2021, 12:25:41 am

Found a Reddit post that says lagg is not a supported interface and neither is bridge for sensei. So my mistake it would appear was adding the bridge0 and lagg0 devices instead of individual adapters (igb1+2+wifi)

Initial testing shows the lagg is up and running for a few minutes and then sensei kicks in and I think that's where it falls over.

Will reinstall and re-test since I can't keep network long enough to disable sensei and not sure how to do it from console otherwise.