"
@cookiemonster: Yes I'll try to cleanup my config first then I'll try to go to a new Version and see how it behaves. Maybe I'll first try it out on my old HW.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
24.7, 24.10 Series / Re: Untagged Traffic ceased on LAN after 24.7.9
February 26, 2025, 01:16:10 PM #2
24.7, 24.10 Series / Re: Untagged Traffic ceased on LAN after 24.7.9
February 26, 2025, 01:13:27 PM
Thanks for your fast reply. I have probably a similar HW as you. N100 from Aliexpress equiped with 4 Intel I226-V Ports. I have disabled all HW Support in Opensense for the NICs.
#3
24.7, 24.10 Series / Re: Untagged Traffic ceased on LAN after 24.7.9
February 26, 2025, 11:30:34 AM
@cookiemonster
I'll try to explain my setup. As noted it has a certain age and the Hardware has been exchanged and the configuration copied over. So it might have "age" issues.
I have a Cable Modem connected to the WAN interface in transparent mode, I have a DMZ with a Webserver and there is a LAN Interface for the internal Network. Over time I wanted to segment my internal Network and started creating VLANs for this reason. Some on WLAN AP (Ubiquity directly issuing the needed Tags) some Port Based on a Netgear Switch. All are routed to OPNSense for Firewall rules defining wich traffic may pass to what other networks. Tagging is enforced and checked on the Switch.
As such the "trusted" Traffic remained untagged on the LAN Interface, while all other (more specialized) Traffic get a VLAN (for example IoT Traffic that is not allowed Internet but Access to one IP on the LAN where IOBroker IoT Integration is running).
This all ran fine up until 24.7.10 where the trusted untagged LAN Traffic ceased to work correctly.
So this week I thought I'll try to clean up and migrate the until now untagged Traffic to a VLAN. But for some unknown reason it behaved identical to the update before when I used mixed traffic on the interface. So I suspect some other Problem with my config.
The Problem is clearly on the IP Layer as some Clients were able to get a DHCP IP but then were not pingable from Opnsense. As far as I understood there is no egress on this network from Opensense anymore.
As noted above I have observed some issues for example with vlan naming where older vlans obivously violate naming conventions - however I don't know if this is a problem. I was thinking to check if it is a kernel or opnsense core related issue next. As not many people reported similar problems I assume it is bound to my setup/config.
PS: Config File available on request
I'll try to explain my setup. As noted it has a certain age and the Hardware has been exchanged and the configuration copied over. So it might have "age" issues.
I have a Cable Modem connected to the WAN interface in transparent mode, I have a DMZ with a Webserver and there is a LAN Interface for the internal Network. Over time I wanted to segment my internal Network and started creating VLANs for this reason. Some on WLAN AP (Ubiquity directly issuing the needed Tags) some Port Based on a Netgear Switch. All are routed to OPNSense for Firewall rules defining wich traffic may pass to what other networks. Tagging is enforced and checked on the Switch.
As such the "trusted" Traffic remained untagged on the LAN Interface, while all other (more specialized) Traffic get a VLAN (for example IoT Traffic that is not allowed Internet but Access to one IP on the LAN where IOBroker IoT Integration is running).
This all ran fine up until 24.7.10 where the trusted untagged LAN Traffic ceased to work correctly.
So this week I thought I'll try to clean up and migrate the until now untagged Traffic to a VLAN. But for some unknown reason it behaved identical to the update before when I used mixed traffic on the interface. So I suspect some other Problem with my config.
The Problem is clearly on the IP Layer as some Clients were able to get a DHCP IP but then were not pingable from Opnsense. As far as I understood there is no egress on this network from Opensense anymore.
As noted above I have observed some issues for example with vlan naming where older vlans obivously violate naming conventions - however I don't know if this is a problem. I was thinking to check if it is a kernel or opnsense core related issue next. As not many people reported similar problems I assume it is bound to my setup/config.
PS: Config File available on request
#4
24.7, 24.10 Series / Re: Untagged Traffic ceased on LAN after 24.7.9
February 25, 2025, 06:41:45 PM
After it was recommended in GitHub that having tagged and untagged Traffic on an Interface is not recommended However I tried various things by tagging upstream Traffic from the Switch that was untagged, moving to another physical interface with the tagged traffic... etc. However no improvement could be observed.
So I assume there is something else that causes the Problems. Maybe due to the age of my configuration and subsequent migrations of the configuration even from other HW.
Some things I noted, some I already fixed (hopefully) others not yet.
- My old VLAN Names are staring with the interface name ie. igc0_vlan01 however at least 24.7.x enforces names start with vlan0...
- All my Interfaces physical or VLAN Identifier are are opt<x> except two WAN and LAN - not sure if this is a problem (currently LAN has all tagged and untagged traffic).
Next I'll try to figure if this is a Kernal or a Distribution issue. However I'll fix the VLAN Names beforehand.
So I assume there is something else that causes the Problems. Maybe due to the age of my configuration and subsequent migrations of the configuration even from other HW.
Some things I noted, some I already fixed (hopefully) others not yet.
- My old VLAN Names are staring with the interface name ie. igc0_vlan01 however at least 24.7.x enforces names start with vlan0...
- All my Interfaces physical or VLAN Identifier are are opt<x> except two WAN and LAN - not sure if this is a problem (currently LAN has all tagged and untagged traffic).
Next I'll try to figure if this is a Kernal or a Distribution issue. However I'll fix the VLAN Names beforehand.
#5
24.7, 24.10 Series / Re: Untagged Traffic ceased on LAN with 24.7.10_2
January 27, 2025, 08:05:26 AM
I have now opened an issue on Github to get a fix or a statement on this Problem: GitHub
Until then I will currently not upgrade my System.
Until then I will currently not upgrade my System.
#6
24.7, 24.10 Series / Re: Untagged Traffic ceased on LAN with 24.7.10_2
January 15, 2025, 07:46:57 PM
Meanwhile there is 24.7.12 out... did anybody try?
#7
24.7, 24.10 Series / Re: Untagged Traffic ceased on LAN with 24.7.10_2
December 10, 2024, 08:27:30 AM
No I could not Ping anything at all. Luckily I have had a VPN that I could use to reach the GUI.
As of now, at least 3 People reported this Problem when using 24.7.10 and having an Interface that has tagged and untagged VLAN Traffic. Reverting to 24.7.8 Kernel with 24.7.9 Base did solve the Problem.
I'm no expert in Kernels, but maybe the latest Bugfix introduced this Problem?
As of now, at least 3 People reported this Problem when using 24.7.10 and having an Interface that has tagged and untagged VLAN Traffic. Reverting to 24.7.8 Kernel with 24.7.9 Base did solve the Problem.
I'm no expert in Kernels, but maybe the latest Bugfix introduced this Problem?
#8
24.7, 24.10 Series / Re: No Access to router after update to 24.7.10
December 09, 2024, 12:40:01 PM
Similar Problem?
https://forum.opnsense.org/index.php?topic=44531.0
https://forum.opnsense.org/index.php?topic=44531.0
#9
24.7, 24.10 Series / Re: Untagged Traffic ceased on LAN with 24.7.10_2
December 09, 2024, 11:59:22 AM
I have some more info on this.
Tagged Traffic on LAN Interface -> WAN worked (ie. my Solar Converters on VLAN reached Internet)
Untagged Traffic on LAN Interface -> WAN did not work (ie. Browser on LAN did not reach Internet)
Untagged Traffic on LAN Interface -> Tagged LAN worked (ie. Browser reached Shelly on restricted Net)
Untagged Traffic on LAN Interface -> LAN untagged did not work (ie. Browser to NAS did not work)
Tagged Traffic on LAN Interface -> LAN untagged did not work (ie. Shelly Actions to NAS Docker Image)
Physical Link was UP all the time. DHCP did sometimes work, and sometimes not (Probably the ACK was not received) according to the Managed Switch that is directly connected to OpenSense on LAN Interface. NTP could not be synced.
Tagged Traffic on LAN Interface -> WAN worked (ie. my Solar Converters on VLAN reached Internet)
Untagged Traffic on LAN Interface -> WAN did not work (ie. Browser on LAN did not reach Internet)
Untagged Traffic on LAN Interface -> Tagged LAN worked (ie. Browser reached Shelly on restricted Net)
Untagged Traffic on LAN Interface -> LAN untagged did not work (ie. Browser to NAS did not work)
Tagged Traffic on LAN Interface -> LAN untagged did not work (ie. Shelly Actions to NAS Docker Image)
Physical Link was UP all the time. DHCP did sometimes work, and sometimes not (Probably the ACK was not received) according to the Managed Switch that is directly connected to OpenSense on LAN Interface. NTP could not be synced.
#10
24.7, 24.10 Series / Untagged Traffic ceased on LAN after 24.7.9
December 09, 2024, 08:04:59 AM
I upgraded vom 24.7.7 to 24.7.10_2 yesterday evening and let it run, since our Internet connection was a bit slow yesterday evening.
This Morning my familiy complained about broken connectivity. Tried to login to my OpnSense installation, but failed. Finally I could login over VPN / Mobile.
I could not figure out what the source of the Problem was. Symptoms: No untagged VLAN Traffic over the LAN Interface (igc0), however all tagged traffic worked like a charm over the same interface. No Config change by the Update nor on the Switch on the other Side. It is definitively not a Firewall issue, since there was no traffic arriving on the LAN Interface.
Since I did not know how to fix, I reverted the installation to 24.7.9 and the Kernel to 24.7.8. Again everything works as expected.
Interfaces that do not have mixed traffic (Tagged and Untagged) worked flawless.
This Morning my familiy complained about broken connectivity. Tried to login to my OpnSense installation, but failed. Finally I could login over VPN / Mobile.
I could not figure out what the source of the Problem was. Symptoms: No untagged VLAN Traffic over the LAN Interface (igc0), however all tagged traffic worked like a charm over the same interface. No Config change by the Update nor on the Switch on the other Side. It is definitively not a Firewall issue, since there was no traffic arriving on the LAN Interface.
Since I did not know how to fix, I reverted the installation to 24.7.9 and the Kernel to 24.7.8. Again everything works as expected.
Interfaces that do not have mixed traffic (Tagged and Untagged) worked flawless.
#11
24.7, 24.10 Series / 24.7.2 dropped WAN Rules for VPN
August 23, 2024, 09:53:11 AM
I just upgraded from 24.7.1 to 24.7.2 yesterday and my VPN stopped working (iOS) via IPSec. So I noted two things today.
1. The VPN Log will stay empty even on Debug Level, whatever you to (Restart the Service, Change Config, Connect, etc...)
2. The Default Rules for VPN Traffic on the WAN Interface have been (probably) removed in the upgrade Process. I just added them now manually as per: https://github.com/thomergil/opnsense-ipsec-vpn and now IPSec works again.
Maybe this will help other with the same problem.
1. The VPN Log will stay empty even on Debug Level, whatever you to (Restart the Service, Change Config, Connect, etc...)
2. The Default Rules for VPN Traffic on the WAN Interface have been (probably) removed in the upgrade Process. I just added them now manually as per: https://github.com/thomergil/opnsense-ipsec-vpn and now IPSec works again.
Maybe this will help other with the same problem.
#12
24.7, 24.10 Series / Re: CPU temperature and SMART issues after upgrade to 24.7
August 07, 2024, 03:56:36 PM
Same Problem here with the SMART Plugin.
#13
German - Deutsch / Re: Unbekannte Aktivität (CPU) morgens um 02:15
March 12, 2024, 10:24:40 AM
Ok, ich habe das nun mal angeschaut.
Die Prozesse welche ab und zu mal mehr CPU fordern sind einerseits Suricata (Punktuell bis 100% CPU) und das folgende Script
/usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9) --> bis ca 15% CPU über mehrere Minuten.
Die CPU Last ist nicht enorm gross trotzdem geht halt die Temperatur kurzfristig um 20°C nach oben - ist aber auch ein passiv gekühltes Barebone.
Die Prozesse welche ab und zu mal mehr CPU fordern sind einerseits Suricata (Punktuell bis 100% CPU) und das folgende Script
/usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9) --> bis ca 15% CPU über mehrere Minuten.
Die CPU Last ist nicht enorm gross trotzdem geht halt die Temperatur kurzfristig um 20°C nach oben - ist aber auch ein passiv gekühltes Barebone.
#14
German - Deutsch / Re: Unbekannte Aktivität (CPU) morgens um 02:15
February 28, 2024, 07:34:59 AM
Super, besten Dank. Werde ich machen und dann wieder berichten.
#15
German - Deutsch / Re: Unbekannte Aktivität (CPU) morgens um 02:15
February 27, 2024, 10:35:17 AM
Danke für den Input, aber leider ist da nur der IDS Update drin und der ist erst nach 04:xx am Morgen.
