Messages

The last error suggests you did not add the DHCP Pool first and then Import the .CSV file with Static DHCP Mappings ?

It's was not just those three lines, it was a long list of those lines showing up repeated times. I also do not understand the Cloud icon's jobs when it shows up and clicking it does nothing.

I did had pools installed but i also had static IP's where i had to adjust the pool to exclude some statics when entering the statics manually that could have caused errors for all the other IP's?

The Kea DHCP export / import is not working, complains during import.
      [hw_address] Duplicate entry exists.
      [subnet] A value is required.
      [ip_address] Address not in specified subnet

Maybe also worth mentioning, if a config backup restore should behave like this but i already had to load the older config once before and witnessed that when restoring back the original config the KEA dhcp leases were not wiped, even after reboot, leaving me wondering what else might still linger when one restores to check something then goes back to the original.

Have a backup (a) > gpart destroy -F ... > setup opnsense zfs > fresh configured Install > backup config (b) > restore and overwrite with backup (a) > check things in GUI > restore config (b) > leases of (a) still are listed in Kea DHCP

Should i open a new thread about this or this expected behavior?

Good Morning, thanks for the reply.

I upgraded my switch couple of weeks ago and iirc igc0 used to be the trunk (i believe on LAN), that was connecting to the previous switch but is now used for pppoe. Unfortunately i deleted all the previous config backups so i cannot be 100% certain. I am now using lag/lacp.

I also realized that this three extra rules all point to vlans that were created after the deletion and switch upgrade.

Trying to figure out why a PC on an undesired vlan (vlan not allowed access to opnsense) is able to reach opnsene.
Went through a couple of changes today on the opnsense and one of them was to switch to the new rules which went fine without complaints.
I realized during the process that the undesired vlan was now on anti-lockout, something that happened before today's modifications but i didn't see it back then when i removed the LAN interface. Anyways WAN access is disabled and disabled anti-lockout.
Unfortunately this undesired vlan remains having access to the GUI/ssh.

Running
pfctl -sr | grep -i vlan01
block drop in log on ! vlan014 inet from ... to any
block drop in log on ! vlan015 inet from ... to any
block drop in log on ! vlan013 inet from ... to any
block drop in log on ! vlan01 inet from ... to any

I can no where in the GUI find the reason why the first three lines vlan014,vlan015,vlan013 show up here. All other vlan only have one block drop line for it's own vlan but vlan01 has also pass in quick and pass in log rules for the vlans listed above including a pppoe0 connection line for the vlan014.

I'll try a backup tomorrow but i fear deleting the LAN interface killed my setup which was running fine for years.

The locals on the same vlan can reach the vpn client even when the openvpn is running.
I just would like to know how to config opnsense to allow me to reach then vpn client from another vlan.

wan <--> opnsense (vpn_gw) <--------> VLAN20 --- desktop
                                                     \ ----> VLAN60 --- server1 (openvpn client)

My first opnsense setup and struggling with routing configuration.
The server on vlan60 is reachable from vlan20.
The moment server1 start it's own openvpn client the routes change and i cannot reach it from vlan20, desktops in vlan60 are though able to reach it.
I need help, my attempts with single gw and routes config were futile.  :'(


openvpn client stopped (server reachable from any allowed local client)

root@broken-vpn:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.60.1      0.0.0.0         UG    100    0        0 eth0
10.10.60.0      0.0.0.0         255.255.255.0   U     100    0        0 eth0
10.10.60.1      0.0.0.0         255.255.255.255 UH    100    0        0 eth0

openvpn client running (only reachable from vlan60)

root@broken-vpn:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.10.60.1      0.0.0.0         UG    100    0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.10.60.0      0.0.0.0         255.255.255.0   U     100    0        0 eth0
10.10.60.1      0.0.0.0         255.255.255.255 UH    100    0        0 eth0
128.0.0.0       10.8.0.1        128.0.0.0       UG    0      0        0 tun0
143.244.41.17 10.10.60.1      255.255.255.255 UGH   0      0        0 eth0