OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: Sahbi on July 15, 2022, 03:32:39 pm
-
Every time I reboot OPN my VLANs stop having any outbound connectivity, i.e. through OPN. To get it working again, all I have to do is go to /ui/interfaces/vlan, change the parent interface to something else, click the Apply button and change it back to the proper interface the exact same way. Alternatively, while a tcpdump on any of the involved interfaces (physical or VLAN) is running it also works, of course due to being in promiscuous mode. That means that letting either OPN or Suricata put the interface in promiscuous mode also works, but that shouldn't even be necessary and might actually cause other problems elsewhere.
The VLANs aren't anything special:
- The parent interface is set to have no IP configuration and doesn't block anything (like bogons). It does overwrite the "global settings" so that VLAN hardware filtering is disabled. This way Suricata doesn't even need to run promiscuously in order to see actual VLAN traffic (it's listening only on the physical interface).
- The VLAN interfaces are of course configured statically.
- The switch that connects to OPN has 2 uplinks: one only with tagged VLANs (blocking untagged) and another for only untagged traffic. That should prevent any network loops or somehow passing untagged traffic to the unconfigured parent for the VLANs.
I'm on the latest version of OPN. Any ideas?
-
In my case, I had to change the VLAN hardware filtering from "Disable VLAN Hardware Filtering" to "Leave default".
VLANs with "Disable VLAN Hardware Filtering" work with the Supermicro SYS-5018D but not with the Supermicro SYS-E200-9A.
-
Unfortunately that also prevents Suricata from inspecting VLAN traffic, so that's not an option for me. :>