Messages

1

General Discussion / Re: Issue with Bridged Ports in OPNsense Setup

« on: November 26, 2024, 06:02:41 pm »

So your bridge has got four member interfaces - igb0-3 and the configuration looks good.

I assume em0 is your WAN interface with pppoe0 running on top of that.

From your output only one of the four bridged ports has got any connection. All others have "no carrier". If that is intentional because you are running everything via your switch - ok. If there is a system connected to one of the "no carrier" ports, check the cabling.

If the tunables are in place and the "LAN" or whatever you name it interface is assigned to the bridge, everything looks good.

If you can answer all implicit question with "yes, of course, by the docs" - the next step in my book would be packet traces to watch what is actually happening on the wire.

HTH,
Patrick

Here is what i was able to find when searching for the IP i tried to reach on the other port in the packet capture:

2

General Discussion / Re: Issue with IP Alias Addresses

« on: November 25, 2024, 10:53:12 pm »

Okay, so i ran an update+upgrade on Proxmox, then rebooted and the issue still persists.

3

General Discussion / Re: Issue with Bridged Ports in OPNsense Setup

« on: November 25, 2024, 10:48:56 pm »

So your bridge has got four member interfaces - igb0-3 and the configuration looks good.

I assume em0 is your WAN interface with pppoe0 running on top of that.

From your output only one of the four bridged ports has got any connection. All others have "no carrier". If that is intentional because you are running everything via your switch - ok. If there is a system connected to one of the "no carrier" ports, check the cabling.

If the tunables are in place and the "LAN" or whatever you name it interface is assigned to the bridge, everything looks good.

If you can answer all implicit question with "yes, of course, by the docs" - the next step in my book would be packet traces to watch what is actually happening on the wire.

HTH,
Patrick

Yes, of course, and by the docs are my answers to the questions.

I won't be able to re patch things today, i will probably get to it tomorrow or the day after.
I will do a packet capture on the LAN and member Interfaces then and come back with the results.

Thanks so far

4

General Discussion / Re: Issue with Bridged Ports in OPNsense Setup

« on: November 25, 2024, 10:31:02 pm »

Post the complete output of "ifconfig" on your OPNsense, please.

Here is the full output of ifconfig:

Code: [Select]

igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: NIC_Port_1 (opt3)
        options=4800028<VLAN_MTU,JUMBO_MTU,HWSTATS,MEXTPG>
        ether 00:1b:21:41:5c:10
        inet6 fe80::21b:21ff:fe41:5c10%igb0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect
        status: no carrier
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
igb1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: NIC_Port_2 (opt1)
        options=4800028<VLAN_MTU,JUMBO_MTU,HWSTATS,MEXTPG>
        ether 00:1b:21:41:5c:11
        inet6 fe80::21b:21ff:fe41:5c11%igb1 prefixlen 64 scopeid 0x2
        media: Ethernet autoselect
        status: no carrier
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
igb2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: NIC_Port_3 (opt2)
        options=4800028<VLAN_MTU,JUMBO_MTU,HWSTATS,MEXTPG>
        ether 00:1b:21:41:5c:14
        inet6 fe80::21b:21ff:fe41:5c14%igb2 prefixlen 64 scopeid 0x3
        media: Ethernet autoselect
        status: no carrier
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
igb3: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: NIC_Port_4 (opt5)
        options=4800028<VLAN_MTU,JUMBO_MTU,HWSTATS,MEXTPG>
        ether 00:1b:21:41:5c:15
        inet6 fe80::21b:21ff:fe41:5c15%igb3 prefixlen 64 scopeid 0x4
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: Modem_DSL (opt6)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
        ether 4c:cc:6a:b3:d0:39
        inet 192.168.178.21 netmask 0xffffff00 broadcast 192.168.178.255
        inet6 fe80::4ecc:6aff:feb3:d039%em0 prefixlen 64 scopeid 0x5
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=0 metric 0 mtu 1536
        options=0
        groups: enc
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pfsync0: flags=0 metric 0 mtu 1500
        options=0
        maxupd: 128 defer: off version: 1400
        syncok: 1
        groups: pfsync
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33152
        options=0
        groups: pflog
wg0: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 1420
        description: HomeWireGuard (opt7)
        options=80000<LINKSTATE>
        inet 10.10.10.1 netmask 0xffffff00
        groups: wg wireguard
        nd6 options=1<PERFORMNUD>
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: LAN (lan)
        options=0
        ether 58:9c:fc:10:ff:a0
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        inet 10.10.1.1 netmask 0xffffff00 broadcast 10.10.1.255
        inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: igb3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 20000
        member: igb2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 2000000
        member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 2000000
        member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 2000000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
pppoe0: flags=10088d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1492
        description: WAN (wan)
        options=0
        inet 93.130.155.253 --> 62.52.193.57 netmask 0xffffffff
        inet6 fe80::21b:21ff:fe41:5c10%pppoe0 prefixlen 64 scopeid 0xb
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ue0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN_LTE (opt4)
        options=80000<LINKSTATE>
        ether 00:1e:10:1f:00:00
        inet 192.168.8.10 netmask 0xffffff00 broadcast 192.168.8.255
        inet6 fe80::21e:10ff:fe1f:0%ue0 prefixlen 64 scopeid 0xa
        media: Ethernet autoselect
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

5

General Discussion / Re: Issue with IP Alias Addresses

« on: November 25, 2024, 10:28:34 pm »

@mooh was asking about the proxmox version.
24.7.9 is the OPNsense version 

Thanks, i missed that.. 

8.2.8 is the Proxmox version, i will update now and come back after testing.

6

General Discussion / Re: Issue with Bridged Ports in OPNsense Setup

« on: November 25, 2024, 05:09:38 pm »

You could do a packet capture on the bridge and member interfaces and look at:

- Do arp requests and arp replies work correctly?
- Do the packets move from interface, to bridge, and out of the other interface?
- Do Firewall rules block your packets?

I will check it when i have time in the near future (as i will have to re patch some stuff) and report back.

7

General Discussion / Re: Issue with IP Alias Addresses

« on: November 25, 2024, 04:24:54 pm »

Is your Proxmox server on auto-update? Version 8.3 is out now with changes to its network stack. I'm still going through the changes...

I am on 24.7.9, and there are no updates available.
Auto update is not enabled, i do updates manually.

8

General Discussion / Re: Issue with IP Alias Addresses

« on: November 25, 2024, 03:37:12 pm »

Anyone have a solution to this?

9

General Discussion / Re: Issue with Bridged Ports in OPNsense Setup

« on: November 25, 2024, 03:36:50 pm »

After further debugging I still was not able to find out what the issue is..

10

General Discussion / Issue with IP Alias Addresses

« on: November 21, 2024, 07:53:42 pm »

Hello,

I’m experiencing an issue with the IP Alias addresses in my OPNsense setup.

Previously, everything was working fine. I had the standard 10.0.0.1/24 subnet configured on the LAN interface and used Virtual IPs to assign additional addresses to my Proxmox VMs and containers. However, a few days ago, this setup suddenly stopped working without any apparent changes on my end.

I’m unsure what might have caused the issue, and I’d really appreciate any help troubleshooting this. I’m happy to provide additional information if needed to debug the problem.

Thank you in advance!

11

General Discussion / Issue with Bridged Ports in OPNsense Setup

« on: November 21, 2024, 07:43:49 pm »

Hello everyone,

I’ve encountered a strange issue with my current OPNsense setup and could really use some help.

Previously, I had the same NIC bridged in the exact same way, and it worked as expected. However, now I’m experiencing a problem when using the bridged ports: I can’t access services running on devices connected to other ports of the same bridge.

Here’s an example:

    My NAS is at 10.0.0.20, and my PC is at 10.0.0.10.
    When both are connected to the same switch behind the bridge, everything works fine—I can access the NAS from the PC.
    But if I plug the NAS or an access point into another bridged port, things go awry:
        The NAS remains reachable from the WAN, but I can no longer access it from my PC.

I’ve already followed the steps outlined in this guide: https://docs.opnsense.org/manual/how-tos/lan_bridge.html , including setting up the two tunables mentioned there. Those tunables were already configured correctly before the issue arose.

If anyone has experienced a similar problem or has any advice, I’d greatly appreciate your help!

Thanks in advance!

12

General Discussion / Re: DNS not working via LAN

« on: June 25, 2024, 05:28:50 pm »

Yes, the LAN subnet is 10.0.0.0/24  and the LAN interface is 10.0.0.1.

Unbound is on default settings, it is running (and working on the OPNsense as shown under Reporting > UnboundDNS all queries are from 127.0.0.1), setting for Interfaces is set to All (Recommended) and as for the queries it showed 17 then dropped to zero and goes up and down like that 8>0>11.

13

General Discussion / Re: Stability issues with Fujitsu Futro S920 running OPNsense

« on: June 24, 2024, 04:25:02 pm »

I have no doubt about the stability of OPNsense, I have it deployed on many firewalls, its very reliable and i love it so far.

Maybe there are steps to further debug the crashes/resets.

Is there a log for shutdown reasons or somewhere i can start looking for the exact reason?

14

General Discussion / Stability issues with Fujitsu Futro S920 running OPNsense

« on: June 23, 2024, 05:06:18 pm »

Hello everyone,

I'm currently managing a network setup for a friend, which includes a Fujitsu Futro S920 running OPNsense that is experiencing intermittent crashes, resets, or reboots. While troubleshooting, I suspect the issue may be load-dependent, although my tests haven't provided a conclusive answer yet.

The system is equipped with an Intel Pro 1000 quad card that might be related to the issues.

My friend's approach to upgrades seems to be waiting for a spontaneous coffee spill to justify replacements.

Given that this setup isn't critical but still causes annoyance, any advice or insights on effective troubleshooting steps would be greatly appreciated.

Best regards,
Combatsatellite

15

General Discussion / DNS not working via LAN

« on: June 23, 2024, 04:39:38 pm »

Hello everyone,

I am currently managing a multi-WAN setup and have encountered an issue that I suspect may be related to this configuration.

Despite extensive troubleshooting, I am unable to resolve the following problem: while the firewall can utilize Unbound DNS, LAN clients are unable to use the firewall as their DNS server. Although this is not critical, as the clients are configured to use Quad9 for DNS resolution, I am interested in leveraging Unbound for website blocking purposes.

Additionally, when using an Android device connected via my Wireless Access Point, I receive a "No Internet Connection" error. I believe this may be a result of the DNS issue affecting LAN clients.

For your reference, I have attached a screenshot of the following command executed on one of the clients:

nslookup opnsense.org 10.0.0.1

This command returns a "connection refused" error.

Your expertise and assistance in resolving this matter would be greatly appreciated.

Best regards,
Combatsatellite