"
Sorry for not being clear. This is the DHCP lease provided by the ISP that the WAN interface gets from the ISP's DHCP server, I used ICS up until this weekend, then I switched to dnsmasq. I can ask my ISP to clear my DHCP lease while my system is running to verify if this is still an issue. I work for an ISP and have noticed this issue on customer firewalls as well.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
25.7 Series / Re: Clearing DHCP Lease Causes subnets to drop and Configuration Loss
Today at 11:49:20 AM #2
25.7 Series / Clearing DHCP Lease Causes subnets to drop and Configuration Loss
Today at 06:10:59 AM
Hi everyone,
I've been experiencing a persistent issue with OPNsense for over a year and am finally getting around to posting about it.
One day while at work, I remotely cleared the DHCP lease on my home network (using OPNsense), and immediately afterward, the firewall went offline. When I got home to troubleshoot, I discovered that my WAN and LAN interfaces had somehow swapped. This seems to be a default behavior I've noticed before—OPNsense sometimes defaults to using igc1 as WAN instead of igc0, so I always manually correct it to use igc0 for WAN. This appears to be different for each firewall, I have an 8 port firewall that doesn't swap interfaces.
While WAN and LAN still functioned properly after the incident (along with associated rules and DHCP reservations), all of my other subnets and my WireGuard tunnel dropped. Worse, I lost the configuration for those subnets, including many DHCP reservations for my server VLAN/subnet.
In our work, one of the common practices is to clear DHCP leases and power cycle the routers. However, we've seen this issue repeatedly with customers using OPNsense, someone clears the lease while the firewall is running, and it leads to significant problems, including lost configurations and interface issues.
Unfortunately, many of my coworkers don't realize that OPNsense firewalls are sensitive to this, so the problem keeps recurring.
My questions:
Is this considered a known bug or limitation with OPNsense?
Is there any way to prevent loss of subnets or configuration loss when clearing leases?
Any guidance or advice would be greatly appreciated. I'd really like to help prevent this from happening to other users and our customers.
Thanks in advance!
I've been experiencing a persistent issue with OPNsense for over a year and am finally getting around to posting about it.
One day while at work, I remotely cleared the DHCP lease on my home network (using OPNsense), and immediately afterward, the firewall went offline. When I got home to troubleshoot, I discovered that my WAN and LAN interfaces had somehow swapped. This seems to be a default behavior I've noticed before—OPNsense sometimes defaults to using igc1 as WAN instead of igc0, so I always manually correct it to use igc0 for WAN. This appears to be different for each firewall, I have an 8 port firewall that doesn't swap interfaces.
While WAN and LAN still functioned properly after the incident (along with associated rules and DHCP reservations), all of my other subnets and my WireGuard tunnel dropped. Worse, I lost the configuration for those subnets, including many DHCP reservations for my server VLAN/subnet.
In our work, one of the common practices is to clear DHCP leases and power cycle the routers. However, we've seen this issue repeatedly with customers using OPNsense, someone clears the lease while the firewall is running, and it leads to significant problems, including lost configurations and interface issues.
Unfortunately, many of my coworkers don't realize that OPNsense firewalls are sensitive to this, so the problem keeps recurring.
My questions:
Is this considered a known bug or limitation with OPNsense?
Is there any way to prevent loss of subnets or configuration loss when clearing leases?
Any guidance or advice would be greatly appreciated. I'd really like to help prevent this from happening to other users and our customers.
Thanks in advance!
#3
25.7 Series / No WAN Connectivity with Manual Static IP – OPNsense 25.7.1 Fresh Install
Today at 05:57:42 AM
Hi all,
I've spent the past few days trying to get WAN connectivity working with a manually assigned static IP in OPNsense and have hit a wall. I recently upgraded from an older version and noticed a significant drop in internet speeds, so I decided to do a fresh install of 25.7.1, wiping the SSD and configuring everything from scratch.
Setup:
Fresh install of OPNsense 25.7.1 from ISO on two firewalls (updated to 25.7.1_1 later).
My ISP provides two static IPs:
One manual static IP
One DHCP reservation
Using the DHCP-reserved IP works fine.
Using the static IP fails — no connectivity at all.
Sanitized IP Example:
For privacy reasons I swapped my IP for a bogon in this post.
Manual Static IP: 192.168.231.165/25
DHCP reservation: 192.168.231.162/25
Gateway: 192.168.231.129 (same for both static and DHCP IPs)
Configuration Steps:
System > Gateways > Configuration
Name: STATIC_WAN
Interface: WAN
Address: 192.168.231.129
Priority: default (255)
Saved and applied.
Interfaces > WAN
IPv4 Configuration Type: Static IPv4
IP Address: 192.168.231.165/25
Gateway: STATIC_WAN
Saved and applied.
The Problem:
No internet connectivity.
Cannot ping the gateway (192.168.231.129) — ping just hangs.
No errors or route feedback — just silence.
Switching back to DHCP brings the connection back immediately.
Interesting Observation:
If I obtain a DHCP lease first, then switch to the static configuration (same subnet), connectivity continues to work until the lease expires or is cleared. Not sure if that's a red herring, but it seems like OPNsense may be holding onto something internally (ARP cache, routing state, etc.).
Additional Notes:
The second OPNsense firewall (same ISP and subnet) also fails with the static IP.
It reports a "gateway misconfiguration" warning when configured the same way — while the first firewall shows the gateway as online, but still doesn't connect.
The static IP and gateway are known-good — I used this same static IP without issue prior to the upgrade and reinstall.
Question:
Has anyone experienced this with OPNsense 25.7+?
Is there something extra I need to configure or clear when switching to a manual static IP?
All troubleshooting was done on the home firewall, which originally had the static IP. I've since moved it to the DHCP reservation just to maintain connectivity.
Any help or ideas are greatly appreciated!
I've spent the past few days trying to get WAN connectivity working with a manually assigned static IP in OPNsense and have hit a wall. I recently upgraded from an older version and noticed a significant drop in internet speeds, so I decided to do a fresh install of 25.7.1, wiping the SSD and configuring everything from scratch.
Setup:
Fresh install of OPNsense 25.7.1 from ISO on two firewalls (updated to 25.7.1_1 later).
My ISP provides two static IPs:
One manual static IP
One DHCP reservation
Using the DHCP-reserved IP works fine.
Using the static IP fails — no connectivity at all.
Sanitized IP Example:
For privacy reasons I swapped my IP for a bogon in this post.
Manual Static IP: 192.168.231.165/25
DHCP reservation: 192.168.231.162/25
Gateway: 192.168.231.129 (same for both static and DHCP IPs)
Configuration Steps:
System > Gateways > Configuration
Name: STATIC_WAN
Interface: WAN
Address: 192.168.231.129
Priority: default (255)
Saved and applied.
Interfaces > WAN
IPv4 Configuration Type: Static IPv4
IP Address: 192.168.231.165/25
Gateway: STATIC_WAN
Saved and applied.
The Problem:
No internet connectivity.
Cannot ping the gateway (192.168.231.129) — ping just hangs.
No errors or route feedback — just silence.
Switching back to DHCP brings the connection back immediately.
Interesting Observation:
If I obtain a DHCP lease first, then switch to the static configuration (same subnet), connectivity continues to work until the lease expires or is cleared. Not sure if that's a red herring, but it seems like OPNsense may be holding onto something internally (ARP cache, routing state, etc.).
Additional Notes:
The second OPNsense firewall (same ISP and subnet) also fails with the static IP.
It reports a "gateway misconfiguration" warning when configured the same way — while the first firewall shows the gateway as online, but still doesn't connect.
The static IP and gateway are known-good — I used this same static IP without issue prior to the upgrade and reinstall.
Question:
Has anyone experienced this with OPNsense 25.7+?
Is there something extra I need to configure or clear when switching to a manual static IP?
All troubleshooting was done on the home firewall, which originally had the static IP. I've since moved it to the DHCP reservation just to maintain connectivity.
Any help or ideas are greatly appreciated!
Pages1
