"
This seems to be describing my exact issue https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221146 and OPNSense 20.1 is running the 3.2.12-k version of the driver. Doesn't seem like anyone has figured out exactly why it's happening though.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
20.1 Legacy Series / Re: Intel X520-DA2 LACP - Second Port ix1 Won't Come Up
May 10, 2020, 12:51:39 AM #2
20.1 Legacy Series / Intel X520-DA2 LACP - Second Port ix1 Won't Come Up
May 09, 2020, 08:55:43 PM
I had a Dell R210ii with an Intel X520-DA2 SFP+ NIC running on OPNSense 20.1 with all patches applied as of today May 9, 2020. I'm connected to a Dell Powerconnect 7048 with a 2 port SFP+ Uplink Module. I'm connected using 1 foot SFP+ DACs generic cables from Amazon. During boot both port link lights are green on the switch and the X520 NIC. After boot and after creating a new LACP LAGG in OPNSense only IX0 is active and I can't figure out why. The switch and ifconfig show that LACP is up but only for IX0. I've tried setting short and long lacp timeouts on the switch and in OPNSense with no change. If I delete the LAGG in OPNSense and reboot bot ix0 and ix1 show as active on the switch but obviously no lacp.
Below is from the switch before and after swapping ports and cables.
Here is from ifconfig on OPNSense.
Below is from the switch before and after swapping ports and cables.
Code Select
console(config-if)#show interfaces port-channel 99
Channel Ports Ch-Type Hash Type Min-links Local Prf
------- ----------------------------- -------- --------- --------- ---------
Po99 Active: Te1/1/1 Dynamic 3 1 Disabled
Inactive: Te1/1/2
Hash Algorithm Type
1 - Source MAC, VLAN, EtherType, source module and port Id
2 - Destination MAC, VLAN, EtherType, source module and port Id
3 - Source IP and source TCP/UDP port
4 - Destination IP and destination TCP/UDP port
5 - Source/Destination MAC, VLAN, EtherType, source MODID/port
6 - Source/Destination IP and source/destination TCP/UDP port
7 - Enhanced hashing mode
console(config-if)#show interfaces port-channel 99
Channel Ports Ch-Type Hash Type Min-links Local Prf
------- ----------------------------- -------- --------- --------- ---------
Po99 Active: Te1/1/2 Dynamic 3 1 Disabled
Inactive: Te1/1/1
Hash Algorithm Type
1 - Source MAC, VLAN, EtherType, source module and port Id
2 - Destination MAC, VLAN, EtherType, source module and port Id
3 - Source IP and source TCP/UDP port
4 - Destination IP and destination TCP/UDP port
5 - Source/Destination MAC, VLAN, EtherType, source MODID/port
6 - Source/Destination IP and source/destination TCP/UDP port
7 - Enhanced hashing modeHere is from ifconfig on OPNSense.
Code Select
root@OPNsense:~ # ifconfig ix0 && ifconfig ix1 && ifconfig lagg1
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
ether 90:e2:ba:af:2a:50
hwaddr 90:e2:ba:af:2a:50
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
ether 90:e2:ba:af:2a:50
hwaddr 90:e2:ba:af:2a:51
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
lagg1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
ether 90:e2:ba:af:2a:50
inet6 fe80::92e2:baff:feaf:2a50%lagg1 prefixlen 64 scopeid 0xa
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
groups: lagg
laggproto lacp lagghash l2,l3,l4
laggport: ix0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: ix1 flags=0<>
#3
20.1 Legacy Series / Re: WAN to WebUI Firewall Rules Don't Work
April 19, 2020, 07:55:58 PM
It turns out that the issue was "IPv4 Upstream Gateway" was not set to "Auto-detect" on the WAN Interface. Not really sure why that breaks the firewall though.
#4
20.1 Legacy Series / WAN to WebUI Firewall Rules Don't Work
April 19, 2020, 06:41:55 PM
Hopefully I'm doing something wrong but I can't get the firewall to allow access to the WebUI on the WAN Port. I have a firewall rule to allow tcp from anywhere to port 443 on the WAN address and I have specifically checked the box for "Disable administration anti-lockout rule". The WAN has an address of 10.0.0.3 and a gateway of 10.0.0.2 and I'm attempting to connect from 10.0.0.1. The weird IPs are just how VMWare Fusion does NAT. I'm attaching a screenshot of both my rules and the firewall log. I thought I had previously had this working but I hadn't checked the lockout option to make sure it was using my rule.
Code Select
filterlog: 3,,,0,em0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,64,10.0.0.1,10.0.0.3,58744,443,0,A,,1185956762,2048,,nop;nop;TS;nop;nop;sack
Pages1
