1
Zenarmor (Sensei) / Protect physical interface and child VLANs
« on: March 21, 2021, 12:51:45 pm »
Hello,
i want to check out Sensei again. Had some troubles in older version because of a netmap error. Looks like this is still a problem.
-> If i enable Sensei in the bridge mode, then the complete OPNsense is no more access able from the network (including the VLANs)
Interface overview:
IGB0 (Physical) LAN Network
- VLAN 10
- VLAN 20
- VLAN 30
...
IGB1 (Physical) WAN Network
Here is my Sensei Setup:
Yes, i know that it is experimental. But since i have the setup with VLAN on the same interface as the physical, there is no other option that i can use (so far i know).
I would like to debug the problem. What information can i provide to bring the function up and running ?
OPNsense Information:
- KVM under Proxmox
- Both WAN and LAN are same Intel Network Chips (dual card)
- Sensei Version 1.8
- OPNsense 21.1.3_3-amd64
Thanks for any help!
Cheers BeNe
i want to check out Sensei again. Had some troubles in older version because of a netmap error. Looks like this is still a problem.
-> If i enable Sensei in the bridge mode, then the complete OPNsense is no more access able from the network (including the VLANs)
Interface overview:
IGB0 (Physical) LAN Network
- VLAN 10
- VLAN 20
- VLAN 30
...
IGB1 (Physical) WAN Network
Code: [Select]
10_DMZ (igb0_vlan10) -> v4: 172.16.10.254/24
v6/t6: 2003:f2:6748:ecf1:6eb3:11ff:fe1b:aede/64
20_VPN (igb0_vlan20) -> v4: 172.16.20.254/24
30_Pentest (igb0_vlan30) -> v4: 172.16.30.254/24
v6/t6: 2003:f2:6748:ecf3:6eb3:11ff:fe1b:aede/64
40_WifiGuest (igb0_vlan40) -> v4: 172.16.40.254/24
v6/t6: 2003:f2:6748:ecf4:6eb3:11ff:fe1b:aede/64
50_IoT (igb0_vlan50) -> v4: 172.16.50.254/24
v6/t6: 2003:f2:6748:ecf5:6eb3:11ff:fe1b:aede/64
60_Dev (igb0_vlan60) -> v4: 172.16.60.254/24
v6/t6: 2003:f2:6748:ecf6:6eb3:11ff:fe1b:aede/64
70_WiFi (igb0_vlan70) -> v4: 172.16.70.254/24
v6/t6: 2003:f2:6748:ecf7:6eb3:11ff:fe1b:aede/64
80_Server (igb0_vlan80) -> v4: 172.16.80.254/24
v6/t6: 2003:f2:6748:ecf8:6eb3:11ff:fe1b:aede/64
90_Clients (igb0_vlan90) -> v4: 172.16.90.254/24
v6/t6: 2003:f2:6748:ecf9:6eb3:11ff:fe1b:aede/64
LAN (igb0) -> v4: 172.16.17.254/24
v6/t6: 2003:f2:6748:ecf0:6eb3:11ff:fe1b:aede/64
PIA_VPN (ovpnc1) -> v4: 10.49.112.204/24
WAN (igb1) -> v4: 192.168.217.2/24
v6/DHCP6: fe80::6eb3:11ff:fe1b:aedf/64
Here is my Sensei Setup:
Yes, i know that it is experimental. But since i have the setup with VLAN on the same interface as the physical, there is no other option that i can use (so far i know).
I would like to debug the problem. What information can i provide to bring the function up and running ?
OPNsense Information:
- KVM under Proxmox
- Both WAN and LAN are same Intel Network Chips (dual card)
- Sensei Version 1.8
- OPNsense 21.1.3_3-amd64
Thanks for any help!
Cheers BeNe