Messages

SOME ADDITIONAL INFORMATION:

i was not fully correct when i reported the issue.
today i again added a device and checked a few more things.
after adding the device, the device gets the assigned IP, but it is missing in the ARP table.
in the leases section of ISC, it is shown as active but offline.
the device cannot access internet and cannot be accessed through OPNsense.
i restarted all services one by one. none of them helped to add the device to the ARP table and routing through the firewall still does not work.
finally i rebootet OPNsense, and then the entry was there and routing works.

Sounds like : https://forum.opnsense.org/index.php?topic=50940.0 ?!

Have you tried : https://forum.opnsense.org/index.php?topic=50940.msg261068#msg261068 ??

yes, could be the same issue.

i think while trying to solve the issue for the 1st time, i also restarted the dhcp. but as this did not help, i finally rebooted opnsense. and that's what i always do since then, as i haven't found another solution.
unfortunately, rebooting opnsense is not an option at any time, when you have some connections that do not tolerate an interruption ;-(

[...]i'm not 100% sure, but it looks like for some reason, the device is not added to the arp list.[...]

Sounds reasonable. Did you check ("Interfaces: Diagnostics: ARP Table")?

yes, i think that's how i've seen that it does not exist there

this is an issue, i identified for the 1st time a few months ago on 25.7.xx, but it did not solve with 26.1.

i use ISC DHCPv4 to provide IP addresses to devices in my local networks.
once a device has attached for the 1st time, it gets an IP from the pool. as pool IPs are configured in my setup for minimum rights, this is only temporary then.
as soon as i see the MAC of the new device in OPNsense, i configure it to a static IP, to add it to the appropriate group, to define its access rights to internet and other local networks, handled by OPNsense. this also allows me to access the device (expecially for IoT stuff) by IP.

all i need to do to get things working is disconnect/reconnect the device, so that it gets its configured IP address.
this has worked fine like this for years now.

for a few months now, i recognized that, when i detach/attach a device to get it working, it gets the new IP as expected, but it is shown as inactive in the leases.
and although the firewall is configured for this IP, i get no data through.
whatever i try, it still shows as inactive.

i'm not 100% sure, but it looks like for some reason, the device is not added to the arp list.

the only solution i found so far (after a few hours of analyzing the problem) is to reboot opnsense. after a reboot, it all works fine.

it looks to me like this issue has started with one of the updates for 25.7.


i actually use OPNsense 26.1.2-amd64 which still shows this issue.

any idea what's going wrong?

regards
bongo

looks like a reboot of opnsense solved the issue ;-)

some additional information:
when checking Interfaces: Diagnostics: ARP Table, i realize that all new devices are missing, although i ticked the ARP Table Static Entry box when registering in DHCPv4.

i added some new devices (shelly) to my network. there are already quite a few of these devices running for a long time without issues.
so the new devices are connected exactly the same way as the old ones are and all configuration is the same.
the new devices connect to the network without issues and get the IP address as configured in opnsense under services DHCPv4, but when checking the leases, they all show as 'offline'.
as long as i am within the same LAN as the devices (LAN1), i can access them without any problems, but when i try to access them from my other LAN (LAN2) through opnsense, they are not accessible (this works fine for all other shelly devices in LAN1). i am quite sure that my configuration is correct, as i just added the IPs of the new devices to the existing group.
with packet capture on the interface, i can see that the packets to access the devices, sent from LAN2, pass the interface of LAN2 but never appear on LAN1.
the 2nd issue is, that the new devices try to access shelly cloud to do a firmware update, but they are not able to connect to the internet.
i 1st thought that i have some kind of routing issue on opnsense, but now i'm qite sure that the reason for the issues is, that opnsense thinks that the devices are offline (as shown in the leases list of DHCPv4).
so the question is: why does opnsense think that these devices, it gives an IP address to, are offline?
btw: it's not just 1 shelly device. i have this issue with several devices of different type, so i do not assume a defective shelly.
thank you for any advice on solving the issue!

my actual version is OPNsense 25.7.11_9-amd64.

the application is a device connected to one subnet, than periodically sends its status as a udp packet.
this packed needs to be read by several devices located in the 2nd subnet. unfortunately, i was not able so far to get this packet through OPNsense in a way that it goes to the broadcast address of the 2nd subnet.
so now i implemented a workaround. i send the packet to a specific IP in the 2nd subnet, where i programmed my own relay that listens for the incoming packets and broadcasts them. not very elegant, but so far the only approach that seems to work for me.

thanx for pointing to the plugin.
i installed the plugin and tried, but for some reason, i still don't get any broadcast data through.
my packet sender is 10.1.1.240 and i want to broadcast to 192.168.1.255.
so what is the required setup in the plugin? looks like i still do something wrong.
and to what address does 10.1.1.240 need to send the udp packets? to 10.1.1.255 or 192.168.1.255 ?
are there any other settings required in OPNsense?

i have a setup with multiple LANs.
now i have a device on LAN_A (subnet A) which needs to send a UDP packet to the broadcast address of LAN_B (subnet B) port 13111, so that multiple devices on LAN_B, listening on port 13111 get the packet.
i tried a lot, but so far, i could not get the packet to LAN_B broadcast address port 13111.
how exactly do i need to configure OPNsense for this?

i was able to send the packet to a specific address of LAN_B, but for broadcast, this did no work so far.

i installed WireGuard VPN on my phone and configured OPNsense accordingly. when monitoring port 51820 traffic on my OPNsense uplink, i can see incoming packets from my phone to the WireGuard server.
once my phone enters my local wifi network (which connects to the internet over OPNsense), i can see that port 51820 packets are sent from my uplink to IP 83.219.121.165, and then come back from IP 83.219.121.165 to my uplink to be forwarded to my WireGuard server in OPNsense.
looks quite strange to me. does this mean that all my VPN traffic is first sent to IP 83.219.121.165 (which seems to be somewhere in russia) and then comes back to me?
looks to me like a misconfiguration. right?
how should i change my configuration to avoid this?
thanx for advise!
regards
bongo

i built a new hardware for OPNsense, based on the same mobo, but with intel NICs.

this now seems to run stable for several weeks.

in parallel, i also ran the old hardware with realtec NICs for a few days, but surprisingly, this one also kept its uplink up for the whole time.

when updating to 24.7.11, i realized that this did also some update on the re-driver-package, which was not mentioned in the release notes. so maybe the original issue with realtek NICs got solved there, and it would not have been required to replaced my hardware.

em(4) driver should cover both devices and should be fine. Just for reference, what hardware does this run on?

it's an asrock j3455m pc mainboard (with a realtek onboard nic which i used so far for the upling re0).
in each one of the 3 pcie slots, i have a nic used for one of the lans.
when i built the machine a few years ago, i took different lan cards for each of the slots to be prepared for tests once i run into issues with one of the cards.
unfortunately, all 3 cards are used for lans in the meantime, that's why i attached an usb nic for my actual tests.

i now plan to replace one of the cards with an intel dual nic. so i again get a spare nic.

i plan to replace my uplink with either an intel 82571 or an i350 based NIC. can i expect that this will solve the issue?
thanx!

i think i found the reason why my setup was running stable for 5 days, and then the issue popped up again and the uplink always failed after a few hours:
during these 5 days, i had my uplink connected to a switch that only supports 100M. afther this time, i was confident that everything is working fine again and i removed all the unneeded stuff, and the uplink was running at 1G again.
then i had the issue again.
i tried to force my uplink to 100M by OPNsense settings, but this does not help. now i added the switch again to get the link down to 100M, and it works stable for almost 2 days now.
the only strange thing is, that i did not have this issue before updating to the latest version of OPNsense.