Messages

1

24.1 Legacy Series / kea DHCP problems

« on: March 29, 2024, 02:52:04 am »

I migrated from ISC DHCP to kea and ran into following issues:

a) It is not possible to delete a lease. In ISC DHCP server, I could delete an inactive lease, but in kea there is no such provision in the GUI. As I was testing, I assigned a really long lease expiration time to a device (2 days) and now kea is not ready to release this lease. kea is not letting any other device use that IP address even though the original device has been assigned a different one. kea is just holding that IP address hostage.

b) It seems that the kea static leases do not get registered in Unbound DNS, only ISC DHCP static mappings do.

Any ideas how to resolve above issues?

Thanks...

2

24.1 Legacy Series / Re: WAN_DHCP sometimes does not get IP

« on: March 23, 2024, 04:53:55 pm »

Thank you. This is exactly what I was looking for.

3

24.1 Legacy Series / WAN_DHCP sometimes does not get IP

« on: March 23, 2024, 02:57:57 am »

Hi,

This issue has been happening ever since I started using Opnsense about a year ago. Sometimes, when I restart the Opnsense, it fails to get IP address from Verizon FiOS modem. It does not happen every time, but say one out of five. When that happens, I just restart Opnsense again and it gets the IP address. Till WAN_DHCP gets an IP address, all devices are offline so it is a bit of incovenience.

I was wondering if it is possible to write a script which can check for WAN_DHCP IP address. If it does not get an IP address after restart, then automatically restart Opnsense once again.

Thanks...

4

23.1 Legacy Series / Re: Google drive backup is 0 bytes file: solved

« on: April 09, 2023, 09:05:12 pm »

Turns out that I had to supply a password to encrypt backups in the Google Drive setup section. I had set it up without supplying a password. Opnsense did not issue any warning/error so I assumed that password is optional. It is not optional.

5

23.1 Legacy Series / Google drive backup is 0 bytes file

« on: April 08, 2023, 08:07:47 pm »

OPNsense 23.1.5_4-amd64

I have setup backup to Google drive. It is working and see backups in the folder designated for backup. I see files like config-1680152401.xml. But, when I look at the file details, all these backup XML files are 0 bytes. I downloaded the file and it still downloaded as 0 byte file. I do not see any error. The Test Google Drive works fine. Are these backup files supposed to be 0 bytes? If not, then how to fix?

Thanks...

6

General Discussion / Re: Create completely isolated networks

« on: March 11, 2023, 07:08:20 pm »

Embarrassed beyond limit. As I decided to tidy up the network cables, I noticed a cable connected wrongly from LAN switch to IOT access point. This was from before I started using the dedicated box for OPNsense. I thought I had removed it, but I did not. Once that cable was removed, all the IoT devices jumped back to IOT network and no more cross bleed of IP addresses. One cable caused so much headache...

So sorry to have wasted everyone's time. I need to pay more attention to setup.

7

General Discussion / Re: Create completely isolated networks

« on: March 11, 2023, 04:59:06 pm »

They are connecting to the right AP, but the more I think about it, the more I am inclined to say that it might be how the DHCP protocol works.

The DHCPDISCOVER from client is sent to all DHCP servers. Whoever responds first with DHCPOFFER, wins.

Now, it can be argued that LAN interface and IOT interface will never see each other's traffic, which  is true for wired networks, but not true if both interfaces have a dedicated WiFi access point. The client sends DHCPDISCOVER over WiFi and both access points respond with DHCPOFFER and the first one wins. Wired devices will never have this problem.

One way would be to create static DHCP mappings for IOT and LAN devices in their respective DHCP servers and then check the Deny Unknown Clients box. But this makes adding new devices a painful process. I will have to do more Google searches to see if there is a better/easier way.

Please let me know your thoughts or if there is any error in my access point logic.

Thanks...!!

8

General Discussion / Re: Create completely isolated networks

« on: March 11, 2023, 04:06:42 am »

Hi,
I can definitely say that the IP addresses are getting assigned from the wrong DHCP server. The IOT devices are getting IP addresses from LAN and vice-versa. Not sure how to fix this. Any ideas?

Thanks...!!

9

General Discussion / Re: Create completely isolated networks

« on: March 09, 2023, 08:46:39 pm »

Thanks for confirming that FW rules and configuration is not causing it. I am pretty sure that DHCP assigned IP addresses are crossing over from LAN to IOT and vice-versa. However, let me monitor for one more day, in case these are some old leases. If I still continue to see them, then I will update this thread with more screen captures of what I am seeing in the WiFi routers attached devices section and leases in OPNSense.

Thank you so much for looking at my setup and replying back so quickly.

10

General Discussion / Re: Create completely isolated networks

« on: March 09, 2023, 07:40:31 pm »

Thanks you so much for answering so quickly. Here is the setup and picture (as attachment, I cannot figure out how to paste image in this box) :

First port is the WAN interface in firewall. It is connected to internet cable from Verizon box.

Second port is LAN interface in firewall. It is physically connected to a Dlink 28 port switch. All the wired devices are connected to the switch. The Netgear Orbi 960 mesh is also connected to switch. The Orbi 960 is configured as AP. This is 192.168.250.0/24 subnet.

Third port is IOT interface in firewall. It is physically connected to another Netgear WiFi router R8500. This router is also operating in AP mode. All the IoT devices connect to this router via WiFi. There are couple of wired devices connected to the R8500 ethernet port. This is 192.168.1.0/24 subnet.

11

General Discussion / Create completely isolated networks

« on: March 09, 2023, 04:40:19 pm »

Hello,

First time posting here.

I have recently started using OPNSense. Installed it on a small box with 4 NICs. I am trying to create two completely isolated networks, one is my main LAN and the second one is IOT for IoT devices like Google/Alexa etc.

I have followed the directions here: https://docs.opnsense.org/manual/how-tos/guestnet.html

There are no VLANs, just a very basic setup to get started. LAN 192.168.250.0/24, IOT 192.168.1.0/24.

I did not create the Captive Portal as it is not needed. After setting things up, everything seems to be working fine except when I look in the DHCP lease table, I see that devices from LAN network acquiring DHCP address from IOT network and vice-versa. Since DHCP access is controlled by built-in firewall rules, how do I stop devices going from one network to other for DHCP?

I am not a networking expert but have basic knowledge. Used to run a different firewall but OPNSense is lot different so I am feeling bit lost. Any help will be appreciated.

Thanks