Messages

1

General Discussion / DHCP search suffix - possible to turn off?

« on: March 04, 2021, 11:16:40 pm »

Hi All,

Services --> DHCP4 says if I leave the field blank, it will use system settings.

If I go to system settings, I can't leave it blank.

My question is, how do I hand out IP's only - and not include a search domain or dns suffix list?

Edit: the backstory is I'm seeing clients request a FQDN over DNS such as x.y.z but end up tacking on x.y.z.my.local.domain

2

Hardware and Performance / Re: Intel bug freeze OPNsense and the solution

« on: November 19, 2020, 12:04:26 pm »

What was your resolution to kernel freeze when running a bridge and CARP at the same time?

I seem to be exxperiencing the same thing.

No freezes until I enabled a VxLan and bridged my relevant interfaces.

Now, at some random interval, OPNSense just locks up.

3

20.7 Legacy Series / Re: Simple VxLan between two subnets

« on: November 19, 2020, 02:33:30 am »

Update:

I reset and started again on the LAN A side and I got routing working!

Would like to solve this now:

In pinging from a host on LAN A to LAN B on the same /24 I get:

64 bytes from 192.168.5.251: icmp_seq=1 ttl=64 time=3.68 ms
64 bytes from 192.168.5.251: icmp_seq=1 ttl=64 time=4.62 ms (DUP!)
64 bytes from 192.168.5.251: icmp_seq=2 ttl=64 time=3.65 ms
64 bytes from 192.168.5.251: icmp_seq=2 ttl=64 time=4.57 ms (DUP!)
64 bytes from 192.168.5.251: icmp_seq=3 ttl=64 time=3.46 ms
64 bytes from 192.168.5.251: icmp_seq=3 ttl=64 time=4.76 ms (DUP!)



And I'm not sure why the duplicate packet?

As a note, I did have to bridge the VxLan interface that was created after I created an entry in the VXLAN menu to the LAN adapter in order to get this working.

4

20.7 Legacy Series / Simple VxLan between two subnets

« on: November 19, 2020, 02:00:24 am »

Hi all,

I have two sites, connected via IPSEC VPNs. OPNSense does not terminate either of these VPNs.

Instead, at each site I have OPNSense deployed and exposed over IPSEC.

OPNSense LAN A <--> FW1    [INTERNET][IPSEC]     <--> FW2 <-->  OPNSense LAN B
Other LAN A Hosts <--> FW 1                                          FW2 <-->  Other LAN B Hosts

I'm attempting to use VxLan and have LAN A and LAN B be the same Layer2/broadcast domain.


I've successfully setup a VxLan route between the two and on the LAN B side I can even see all the broadcast/multicast traffic on FW2 I expect to see (from hosts that are "foreign" to it and exist on the otherside of the IPSEC tunnel).

On the LAN A side, using a different VM, if I attempt to ping TESTHOST1 in LAN B sharing the same /24, I get the correct arp from TESTHOST1's NIC!... But Im not routing.

And that's where I'm stuck.

I thought it could be because OPNSense is not the default gateway for these hosts. FW1 & FW2 are...
But it stops making sense since i'm not supposed to need a default gateway to route... to a local subnet. Just its MAC.

Would I need to proxy arp for each side?

Any insight appreciated

5

20.7 Legacy Series / Re: Single Interface WAN Connectivity

« on: November 19, 2020, 01:38:58 am »

MODs please erase.

6

20.7 Legacy Series / Re: Single Interface WAN Connectivity

« on: November 19, 2020, 01:13:33 am »

Nevermind, I had a misconfiguration and I'm a terrible person for not checking.

7

20.7 Legacy Series / Single Interface WAN Connectivity

« on: November 19, 2020, 12:14:09 am »

Hi All,

I have an ASA Firewall as the default gateway in an environment on 192.168.5.x.

I'm trying to deploy a single NIC OPNSense on 192.168.5.51. Seems easy enough. Bring up a VM, configure IP on the solo interface (IP 5.51, GW 5.1, DNS 5.2, just like all other hosts).

I can ping locally, I can resolve. But I can't browse traffic or ping from shell to the outside world.

I can see the ASA returning packets and delivering them to OPNSense, but its dropping them on the floor.

I have another use-case where I set this up with multiple NIC's and all is well so far.

Is 2 NICs a requirement?

Thanks in advance