OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of absolutesantaja »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - absolutesantaja

Pages: [1]
1
20.1 Legacy Series / Re: Intel X520-DA2 LACP - Second Port ix1 Won't Come Up
« on: May 10, 2020, 12:51:39 am »
This seems to be describing my exact issue https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221146 and OPNSense 20.1 is running the 3.2.12-k version of the driver. Doesn't seem like anyone has figured out exactly why it's happening though.

2
20.1 Legacy Series / Intel X520-DA2 LACP - Second Port ix1 Won't Come Up
« on: May 09, 2020, 08:55:43 pm »
I had a Dell R210ii with an Intel X520-DA2 SFP+ NIC running on OPNSense 20.1 with all patches applied as of today May 9, 2020. I'm connected to a Dell Powerconnect 7048 with a 2 port SFP+ Uplink Module. I'm connected using 1 foot SFP+ DACs generic cables from Amazon. During boot both port link lights are green on the switch and the X520 NIC. After boot and after creating a new LACP LAGG in OPNSense only IX0 is active and I can't figure out why. The switch and ifconfig show that LACP is up but only for IX0. I've tried setting short and long lacp timeouts on the switch and in OPNSense with no change. If I delete the LAGG in OPNSense and reboot bot ix0 and ix1 show as active on the switch but obviously no lacp.

Below is from the switch before and after swapping ports and cables.

Code: [Select]
console(config-if)#show interfaces port-channel 99

Channel   Ports                         Ch-Type  Hash Type Min-links Local Prf
-------   ----------------------------- -------- --------- --------- ---------
Po99      Active: Te1/1/1               Dynamic  3         1         Disabled
          Inactive: Te1/1/2

Hash Algorithm Type
1 - Source MAC, VLAN, EtherType, source module and port Id
2 - Destination MAC, VLAN, EtherType, source module and port Id
3 - Source IP and source TCP/UDP port
4 - Destination IP and destination TCP/UDP port
5 - Source/Destination MAC, VLAN, EtherType, source MODID/port
6 - Source/Destination IP and source/destination TCP/UDP port
7 - Enhanced hashing mode

console(config-if)#show interfaces port-channel 99

Channel   Ports                         Ch-Type  Hash Type Min-links Local Prf
-------   ----------------------------- -------- --------- --------- ---------
Po99      Active: Te1/1/2               Dynamic  3         1         Disabled
          Inactive: Te1/1/1

Hash Algorithm Type
1 - Source MAC, VLAN, EtherType, source module and port Id
2 - Destination MAC, VLAN, EtherType, source module and port Id
3 - Source IP and source TCP/UDP port
4 - Destination IP and destination TCP/UDP port
5 - Source/Destination MAC, VLAN, EtherType, source MODID/port
6 - Source/Destination IP and source/destination TCP/UDP port
7 - Enhanced hashing mode
Here is from ifconfig on OPNSense.
Code: [Select]
root@OPNsense:~ # ifconfig ix0 && ifconfig ix1 && ifconfig lagg1
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
ether 90:e2:ba:af:2a:50
hwaddr 90:e2:ba:af:2a:50
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
ether 90:e2:ba:af:2a:50
hwaddr 90:e2:ba:af:2a:51
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
lagg1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
ether 90:e2:ba:af:2a:50
inet6 fe80::92e2:baff:feaf:2a50%lagg1 prefixlen 64 scopeid 0xa
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
groups: lagg
laggproto lacp lagghash l2,l3,l4
laggport: ix0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: ix1 flags=0<>

3
20.1 Legacy Series / Re: WAN to WebUI Firewall Rules Don't Work
« on: April 19, 2020, 07:55:58 pm »
It turns out that the issue was "IPv4 Upstream Gateway" was not set to "Auto-detect" on the WAN Interface. Not really sure why that breaks the firewall though.

4
20.1 Legacy Series / WAN to WebUI Firewall Rules Don't Work
« on: April 19, 2020, 06:41:55 pm »
Hopefully I'm doing something wrong but I can't get the firewall to allow access to the WebUI on the WAN Port. I have a firewall rule to allow tcp from anywhere to port 443 on the WAN address and I have specifically checked the box for "Disable administration anti-lockout rule". The WAN has an address of 10.0.0.3 and a gateway of 10.0.0.2 and I'm attempting to connect from 10.0.0.1. The weird IPs are just how VMWare Fusion does NAT. I'm attaching a screenshot of both my rules and the firewall log. I thought I had previously had this working but I hadn't checked the lockout option to make sure it was using my rule.

Code: [Select]
filterlog: 3,,,0,em0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,64,10.0.0.1,10.0.0.3,58744,443,0,A,,1185956762,2048,,nop;nop;TS;nop;nop;sack


Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2