Messages

Hi @mb
yes I'm referring to th OPNsense Business Edition.

Versions   
OPNsense 22.4.3_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1q 5 Jul 2022

Zenarmor
Engine Version:   1.11.5
UI Version: 22.9.22
Database Version: 1.11.22092202

yes, forgot to mention that. The bypass mode has no impact, only removing the interface enables the vlan routing again. This box is a Hyper-V guest.

I also tested the behavior on a business edition hardware box which seems not to have this issue.

Hi,
looks like adding the trunk interface to the protected interfaces breaks the routing between VLANs.
Can anybody confirm?

Adding single VLANs seems to be OK, but then not able to protect the LAN...

Deployment mode: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver
Engine Version: 1.11.5 View Release Notes Version History
UI Version: 22.9.22
Database Version: 1.11.22092202
OPNsense 22.7.6-amd64

HW offload is default/disabled


greY

Hi
trying to activate business edition from the community edition (22.7.5).
Seems it has an issue getting the right packages

I attached a few screenshots of the configuration, any ideas how to fix it?
Would like to avoid a fresh install of BE if possible.

greY

Sensei is running as "Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver", bypass mode is not active (see attached)

My OPNsense is runing as a Hyper-V guest.

But driver issue makes sense to me. I have one another box running on dedicated hardware with a quite similar configuration regarding VLANs, without issues.

Hi

my setup is:
- LAN with 3 VLANS (10, 11 and 1010)
- DHCP relay, forwarding do an MS DHCP service
- Sensei 1.8

If sensei is configured for the parent LAN interface, all VLANs will not get IPs over DHCP. If sensei is configured for all VLANS (but LAN), DHCP for all interfaces is working as expected.

Does anybody have an idea what is going on there?

br
greY

makes sense, thank you

setting firewall to "conservative" fixed it

Hi

hope, somebody can help to understand or to fix a FW rule issue between LAN and a VLAN.
I have a screenshot attached, with a blocked packet due to a "default deny rule".
At the same time there is a "Default allow LAN to any rule" ;) ... 

Any ideas what's the issue could be? I'm on OPNsense 21.1.1-amd64

thx
greY

experiencing possibly the same issue with 20.7.5
...mostly during MS Teams sessions.

had a similar issue here. Problem was a hardware defect on the used ethernet nic.

Here's an ISO snapshot based on the following commit: https://github.com/opnsense/src/commit/060d54597

https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/OPNsense-201903080927-OpenSSL-dvd-amd64.iso.bz2

All feedback is welcome. Other types of images can be requested if needed. The image is for testing, we don't recommend production use just yet.


Thank you,
Franco

thx Franco
successfully booted on Hyper-V 9.0 (MS Server 2019) !

The issue was that haproxy was only listening to 127.0.0.1:port, I added the local router IP:port and everything works.
anyways thanks for helping.

Thanks, but please could you describe a bit more exactly what to do ? ;)

Reverse Proxy runs on OPNsense.
The infrastructure looks like this:
site A                                        site B
|OPNsense|                              |Unifi USG |
|              |----IPSEC tunnel-----|               |
|HAproxy  |                              |               |
      |
      |
WEB Services

Hi
I have users connected over a IPSEC site to site VPN. They cannot access web sites behind haproxy (reverse proxy).

I see passing connections in the firewall logs but nothing in the haproxy logs (only local requests). It seems like a kind of issue with routing from requests coming over IPSEC...

Any ideas how to fix / check this?