Messages

Hi All,

Services --> DHCP4 says if I leave the field blank, it will use system settings.

If I go to system settings, I can't leave it blank.

My question is, how do I hand out IP's only - and not include a search domain or dns suffix list?

Edit: the backstory is I'm seeing clients request a FQDN over DNS such as x.y.z but end up tacking on x.y.z.my.local.domain

What was your resolution to kernel freeze when running a bridge and CARP at the same time?

I seem to be exxperiencing the same thing.

No freezes until I enabled a VxLan and bridged my relevant interfaces.

Now, at some random interval, OPNSense just locks up.

Update:

I reset and started again on the LAN A side and I got routing working!

Would like to solve this now:

In pinging from a host on LAN A to LAN B on the same /24 I get:

64 bytes from 192.168.5.251: icmp_seq=1 ttl=64 time=3.68 ms
64 bytes from 192.168.5.251: icmp_seq=1 ttl=64 time=4.62 ms (DUP!)
64 bytes from 192.168.5.251: icmp_seq=2 ttl=64 time=3.65 ms
64 bytes from 192.168.5.251: icmp_seq=2 ttl=64 time=4.57 ms (DUP!)
64 bytes from 192.168.5.251: icmp_seq=3 ttl=64 time=3.46 ms
64 bytes from 192.168.5.251: icmp_seq=3 ttl=64 time=4.76 ms (DUP!)



And I'm not sure why the duplicate packet?

As a note, I did have to bridge the VxLan interface that was created after I created an entry in the VXLAN menu to the LAN adapter in order to get this working.

Hi all,

I have two sites, connected via IPSEC VPNs. OPNSense does not terminate either of these VPNs.

Instead, at each site I have OPNSense deployed and exposed over IPSEC.

OPNSense LAN A <--> FW1    [INTERNET][IPSEC]     <--> FW2 <-->  OPNSense LAN B
Other LAN A Hosts <--> FW 1                                          FW2 <-->  Other LAN B Hosts

I'm attempting to use VxLan and have LAN A and LAN B be the same Layer2/broadcast domain.


I've successfully setup a VxLan route between the two and on the LAN B side I can even see all the broadcast/multicast traffic on FW2 I expect to see (from hosts that are "foreign" to it and exist on the otherside of the IPSEC tunnel).

On the LAN A side, using a different VM, if I attempt to ping TESTHOST1 in LAN B sharing the same /24, I get the correct arp from TESTHOST1's NIC!... But Im not routing.

And that's where I'm stuck.

I thought it could be because OPNSense is not the default gateway for these hosts. FW1 & FW2 are...
But it stops making sense since i'm not supposed to need a default gateway to route... to a local subnet. Just its MAC.

Would I need to proxy arp for each side?

Any insight appreciated

MODs please erase.

Nevermind, I had a misconfiguration and I'm a terrible person for not checking.

Hi All,

I have an ASA Firewall as the default gateway in an environment on 192.168.5.x.

I'm trying to deploy a single NIC OPNSense on 192.168.5.51. Seems easy enough. Bring up a VM, configure IP on the solo interface (IP 5.51, GW 5.1, DNS 5.2, just like all other hosts).

I can ping locally, I can resolve. But I can't browse traffic or ping from shell to the outside world.

I can see the ASA returning packets and delivering them to OPNSense, but its dropping them on the floor.

I have another use-case where I set this up with multiple NIC's and all is well so far.

Is 2 NICs a requirement?

Thanks in advance