Messages

1

General Discussion / Re: Traffic is going through wrong interface from VLAN - BGP

« on: January 21, 2024, 11:34:57 pm »

Sorry, I'll allow myself to bump it with a new post since I found out the most probable cause.
I didn't know it was relevant - I'm using BGP to announce addresses from the Kubernetes cluster.
It is exposed on address 172.31.0.8 - which is on VLAN99 so it makes sense why it leaves through it's interface.

The question is how can I modify it?

I would want that when network is from 172.31.40.1/24 range it picks VLAN40 interface. Is it doable?

2

General Discussion / Traffic is going through wrong interface from VLAN - BGP

« on: January 20, 2024, 12:12:51 am »

Hello,

I have a weird issue, but maybe you will be able to point me in the right direction, I feel like I'm running in a circle.
My setup contains several VLANs, but I'll limit my issue to only 3.

1. VLAN99 - range 172.31.0.1/24 - tag 99
2. VLAN20 - range 172.31.20.1/24 - tag 20
3. VLAN30 - range 172.31.30.1/24 - tag 30

I'm testing the connection from address 172.31.20.209 which is in VLAN20. This host has a rule to allow all.
VLAN20 and VLAN30 have dedicated pools in DHCP which I'm using for Kubernetes load balancer purposes.

LB address 172.31.30.101 (VLAN30) works perfectly fine, I'm able to reach the service.



LB address 172.31.20.222 (VLAN20) on the other hand is blocked on the firewall, and traffic looks wrong. I'm struggling to find any meaningful difference between those VLANs, they were configured pretty much the same.
It's important to say that when I disable the firewall it works. Can you possibly point me in the right direction as to why it might be leaving from the wrong interface?



Thank you in advance

3

23.7 Legacy Series / Re: 23.7.7 can't ping 8.8.8.8 but works on client

« on: October 25, 2023, 08:24:07 pm »

I did some troubleshooting steps.
My setup requires usage of ISP router, it's has DHCP for address 192.168.0.1/24 so I enabled it on the WAN interface on the OPNsense - I got address 192.168.0.136/24.

First thing, ping to default gateway - no luck:


Then I checked ARP on opnsense:


And compare it with MAC on the ISP router interface - last number is different:


Question now is what can I do with it? I'm not that advanced in networking and I really don't want to mess something up so I won't be able to work tommorow morning 

Everything else from VLANs is able to access Internet, so at least it's working there.

EDIT:
Nevermind, I drilled down into ISP router config and LAN MAC is correct - I'm clueless at this point


EDIT2:
Did another tests:
1. Restarting ISP and OPNsense routers - same
2. Setting up static IP address on WAN - immediately lost Internet on my host
3. Changed DHCP range on ISP router to force renewal to new IP address on WAN interface - new address was correctly assigned so it can reach ISP router, but normal traffic still can't leave router :/

4

23.7 Legacy Series / 23.7.7 can't ping 8.8.8.8 but works on client

« on: October 25, 2023, 04:38:57 pm »

Hello,

After latest update I observe weird behaviour on my box.
Looks like OPNsense lost outbound access


On the client side I have second DNS from DHCP pointing to 8.8.8.8:



Do you know what might happened there? It was working before update.

5

General Discussion / Adguard as primary DNS - unable to resolve DHCP names

« on: October 22, 2023, 12:19:15 am »

Hello everyone,

Recently I moved from OpenWrt to OPNSense and so far it's great! I have only one problem that appeared after redesigning my DNS setup.

Since I have a local domain with PKI set up I need a more advanced DNS setup, and I appreciate functionalities of Adguard I ended up with design like this:

1. My main DNS server is Adguard installed on OPNsense, bound on port 53
2. I have a second BIND server outside of the router that holds my domain records
3. In Adguard I pointed BIND server as an upstream for my domain

It works fine for the most part, the problem is when I want to resolve the name for DHCP assigned devices, from dnslookup I get "server can't find 'host': NXDOMAIN". It's not a firewall issue for sure, I also can't resolve DHCP leases names from the opnsense itself.

I thought that the problem would be solved after I enabled Unbound on the router with the option to register leases, and then pointed to this unbound server in Adguard Private reverse DNS servers but still no luck, same message.

I'm not that experienced when it comes to troubleshooting DNS queries, so I would be really grateful for any help.