OPNsense Forum
English Forums => General Discussion => Topic started by: BeanAnimal on September 27, 2018, 03:59:41 pm
-
OPNsense 18.7.3-amd64
Hyper-V 2012R2 (CORE)
Intel quad port physical NIC
5 static public IPs - 1 assigned to WAN. 2 assigned to Virtual IPs
Port forwarding/NAT rules appear to be working.
Wireless APs - Ruckus R600 Unleashed
SSID1 - NO VLAN
SSID2 - Marked for VLAN20
Windows AD server set to DNS and DHCP
10.15.30.0/24 subnet
LAN works as expected, DHCP leases handed out, AD happy and healthy with DNS
SSID1 - working on LAN
First Attempt to construct VLAN:
2 Virtual NICs attached to OPNsense
HyperV-VNIC 1 - WAN
HyperV-VNIC 2 - LAN
Using PowerShell - set LAN VNIC to -trunked 20 and -nativevlanid 0
Physical switch ports all set to trunked
New OPNsense Interface "INT_VLAN20" Subnet 10.15.31.0/24 with address 10.15.31.254
New VLAN "VLAN20" parent interface HN1 (LAN)
Assignement LAN VLAN20 on HN1 "INT_VLAN20"
Added DHCP Server for INT_VLAN20 with scope x31.50 to x31.200
For a short time things were working - SSID2 was able to grab a x.x.31.x IP from DHCP and SSID1/LAN worked as expected.
Rebooted OPNsense and things broke. I tried for hours to get things working, including starting from scratch.
No Luck
Second Attempt:
Added additional VNIC to hyper-v
LAN NIC set back to untagged
New NIC set to access port=20
So HN3 = VLAN20 NIC now.
Parent interface for VLAN20 is HN3 and assigned accordingly.
Things are still not working...
Anybody willing to help - I am at a complete loss here and this should be fairly straight forward.
-
So I have some rather large concerns here....
I deleted the associated interfaces and bindings and definitions and rebuilt VLAN20 from scratch, using the EXACT same steps as I had the first time. Things are again working.
Forgive my forward impression as a first time user, but this does not give me a warm fuzzy feeling about this platform.
I am evaluating in my home, as I am a Sophos partner that has searched high and low for a UTM/SG/XG replacement for my customer base. The Sophos product is a nightmare for many reasons.
I have not tried pfSense so can not comment on how this product compares, but this give me great pause about rolling this platform out to my business customers.
Are issues like I just ran into common?
-
As mentioned - got things working by deleting the interfaces and VLANS and starting over...
Reboot OPNsense and BAM broken again. DHCP not responding to requests and static IP hosts can not route through VLAN.
Shut down OPNsense and start Sophos UTM (previous firewall with same VLAN config) and things work as expected.
Given the lack of comment here and the overall lack of traffic on this forum as a whole, I assume that I am going to be on my own. Sadly, I appear to have found the answer to the question in my other thread... this firewall is more of a toy than a business tool, regardless of the amount of hard work and talent rolled into it. A shame, because I really like the interface and overall feel but the inability for it to maintain a simple stable VLAN after a reboot is a deal breaker.
No intent here to ruffle any feathers, just give honest feedback.
Enjoy - headed over to pfSense to give that a spin simply because it is more mature and has a much larger user base for peer support.
-
Keep in mind that the forums are community based, and not too many people use OPNsense on Hyper-V.
I have used OPNsense (many versions) on Hyper-V 2012 R2 and 2016 just fine.
All at home, no business. Did some VLAN stuff too.
The way it has always worked for me was to configure VLAN tagging on the physical switch and per NIC for the VM.
I left the VMSwitch alone.
Physical switch:
Cable modem tagged to 666
Hyper-V server uplink trunk 10,666
OPNsense VM:
hn0 WAN: 666
hn1 LAN: 10
I must say I never used the DHCP server service in OPNsense, but it was present on another VM with VLAN10.
Not sure why you have so many problems...
-
Thank you for the input -
Not sure why I am having issues either. I would guess that it has something to do with Hyper-V also but I am unable to pinpoint the issue. I did not get pfSense setup yet, but it will be telling if the issue presents there as well.
I am not (by any means) proficient with wireshark, but I assume that some careful traffic inspection is going to be needed to resolve this.
Thank you again.
-
I'm not that great with wireshark myself.
Is it possible for you to set up a seperate VM and a physical machine and connect them in a VLAN?
Transfer data between them, see if it holds up?
If it doesn't, I would suspect either the NIC in the Hyper-V server or the physical switch.
Of course, testing pfSense is a way too.
-
Thanks to a reddit user - it appears I have an answer.
The issue is NOT OPNsense or pfSenese
Microsoft Server 2012r2 appears to fail to apply trunk settings to the virtual adapters when a VM reboots. The fix is to re-apply the VLAN settings to the virtual adapter anytime the VM reboots.
This site has a brief explanation and a script that will work around the issue.
https://gtacknowledge.extremenetworks.com/articles/Solution/Hyper-V-fails-to-pass-VLAN-tags-on-a-bridge-at-controller-service
-
Ah, that explains why I never had that issue with Hyper-V 2016.
Why are you running 2012 R2 anyway? Running Windows VMs as well?
Otherwise just use Hyper-V Free 2016.