Messages

Well if you want to know my opinion better to have this kind of option then not to have it, in my case and many others will not work probably because router will not allow but if you build your own homelab or you have flexible ISP then it's other story.

Maybe it can be on TO-DO list somewhere on bottom  ;) anyway thank you franco, I just wanted to be sure where to search root cause. Everythingwas pointing on ISP but I wasn't sure since I'm new in OPNsense, before I was using 10 years Mikrotik but I always wanted to go with OPNsense and here I'm with upgraded network speed and I'm very happy with response of GUI, community is awesome and documentation is also very good. Can't complain on anything, all I can say great work and donate couple bucks  ;D

Thanks for your support!

Yes I was reading in other cases from previous years you guys had more issues with DHCP, you guys did allot and you supported with patches community - great work.

From what I understand I just need to talk with ISP when they will come, router just listen what ISP or upstream router tells it, but at least I can show them some logs to techs.

Thank you franco once again!

Hello everyone!

I have a question regarding my logs be flooded by dhclient-script as you can see bellow

Code Select Expand

2024-09-25T20:38:39 Notice dhclient dhclient-script: Creating resolv.conf
2024-09-25T20:38:39 Notice dhclient dhclient-script: Reason RENEW on vlan02 executing
2024-09-25T20:23:39 Notice dhclient dhclient-script: Creating resolv.conf
2024-09-25T20:23:39 Notice dhclient dhclient-script: Reason RENEW on vlan02 executing
2024-09-25T20:08:39 Notice dhclient dhclient-script: Creating resolv.conf
2024-09-25T20:08:39 Notice dhclient dhclient-script: Reason RENEW on vlan02 executing
2024-09-25T19:53:39 Notice dhclient dhclient-script: Creating resolv.conf
2024-09-25T19:53:39 Notice dhclient dhclient-script: Reason RENEW on vlan02 executing

From what I was searching already on internet it can be also ISP side that he renew address every 15min, I266-V can be also BIOS setting of Intel power management but I couldn't find anything like that is BIOS and there are allot options related to Power but nothing is referring to ethernet card.

I checked also with Suricata ON and OFF, did't check with Zenarmor but he is for LAN so I guess no impact. I also use Unbound.

I also checked dhcp settings from WAN side and this is what I got:

Code Select Expand

root@OPNsense:~ # cat /var/db/dhclient.leases.*
lease {
  interface "igc0";
  fixed-address 192.xxx.xxx.20;
  next-server 192.xxx.xxx.1;
  option subnet-mask 255.255.255.0;
  option host-name "OPNsense";
  option dhcp-lease-time 20;
  option dhcp-message-type 5;
  option dhcp-server-identifier 192.xxx.xxx.1;
  renew 4 2028/8/24 10:23:14;
  rebind 4 2028/8/24 10:23:33;
  expire 4 2028/8/24 10:23:44;
}

lease {
  interface "vlan02";
  fixed-address 31.xxx.xxx.129;
  option subnet-mask 255.255.255.0;
  option routers 31.xxx.xxx.1;
  option domain-name-servers 37.143.84.228,62.58.48.20;
  option domain-name "ftth.glasoperator.nl";
  option broadcast-address 31.xxx.xxx.255;
  option ntp-servers 10.12.0.20;
  option dhcp-lease-time 1800;
  option dhcp-message-type 5;
  option dhcp-server-identifier 31.xxx.xxx.1;
  option dhcp-renewal-time 909;
  option dhcp-rebinding-time 1566;
  renew 3 2024/9/25 16:33:36;
  rebind 3 2024/9/25 16:44:42;
  expire 3 2024/9/25 16:48:36;
}


Code Select Expand

xxx in IP is of course from my side.

I only see

Code Select Expand

option dhcp-renewal-time 909 that fits pattern of 15min, do you think this is what caused flooding log file?
Internet works "fine" lets say, looks stable but sometimes I have wierd issues. Connection is new 1Gbps UP/Down, still connecting people in neighborhood so maybe that's the reason but someone will come soon from their company so just want to point it out, no reason to renew address every 15min.

Yes that's what I was thinking also, just wanted confirmation. Thank you once again and I hope I will not need to create tomorrow new topic about Wireguard I already removed all settings related to it and will build from sratch tomorrow.

Do you know should I also assign somewhere VLAN in Wireguard? I will Google tomorrow anyway.

Thanks!

It was my mistake, I didn't notice that there was one more tab and I was thinking that WAN is now in loopback what was strange to me. I already corrected screenshot and my question.

I'm now more wondering can I remove this "unassigned port igc0" from list....my Wireguard is not working what I also don't understand since all rules are refering to interfaces and not physical ports in OPNsense....but I will look into it tomorrow.

Thanks for your confirmation!

Hello everyone,

I'm in middle of changing my ISP and new provider requires to use VLAN's on certian services, like internet on VLAN300. I already did everything and it seems to work fine but I'm not sure does it's done correctly - I have doubts.

I would like to ask you for advice, correction or approval of present configuration.

What I did?
I created VLAN in Interfaces -> Other types -> VLAN




Then I went to Interfaces -> Assignments
and I assign VLAN300 to WAN, replacing present igc0 (WAN) with vlan2 (tag300) and it looks like this:


as you can see in + Assign a new interface now it's still igc0 interface that I can assign somwhere or create new interface, is it normal?

Now when I go to Interfaces -> Overview I see something like this:

My Wieguard stoped working but I think it's just a matter of reconfig but I doubt does rest of config, assigning VLAN to WAN, correct?

What I wanted to do is reverse everything and try to do it from CLI and just to reconfig WAN (igc0). Second idea was to edit my backup and hoping to find line with VLAN in port igc0 and add to it VLAN 300 and restore backup. Do I overthink and everything is fine with this config? I'm not a master of networking but WAN as loopback I don't think it should be like that.

Can community verify this and correct me if needed?

Thank you in advance


Edit: I have Zenarmor, Suricata, Unbound, ID and Wireguard services running on it also. Looks like everything is working, beside Wireguard like I wrote and I checked configs but I didn't found anything unusual or that something needs to be changed - maybe I miss something but my main question is still about assigning VLAN to WAN.