Messages

I'd like to use PXE boot on my OPNsense box to install desktops on my network. To test this, I have a desktop connected directly to my firewalls LAN interface. While it has a static address now, it needs to be able to get a DHCP address for PXE, so I set the options on the Services -> DHCP -> Server -> LAN page as best as I know how and clicked the "Start Service" button in the upper right corner.

A dialog with the title "Please wait..." and a progress bar briefly appears then vanishes, and the status indicator is still red and showing "dhcpd Service is Stopped". I tried rebooting the firewall but that didn't help. Any idea why it's doing this and how I can find more info about it?

EDIT: I ultimately decided to start fresh, and the DHCP server worked as expected on a new install.

Hi Franco, thanks for your help! I  set the WAN static IP and gateway manually. I used the same IP as it was getting via DHCP, so I think my edge firewall is not passing the gateway correctly via DHCP. I no longer get "arprequest: cannot find matching address" messages  and can ping other desktops connected to my network and external addresses like Google from the OPNsense console!

I also figured out the reason I could not reach the LAN for more than a minute: it was dropping its static IP for some reason. Setting the WAN interface to a static IP as above seems to have fixed this. I can now reach the web GUI from my spare desktop over LAN!

However, I still cannot reach the internet from the desktop connected to the LAN interface, and I cannot reach back to the firewall from other hosts on my own network (in other words, I can ping hosts on my network from the OPNsense console but cannot ping OPNsense from the same host).

Thanks for your reply, thowe! I've set igb1 to WAN getting an IP from the edge firewall via DHCP, but now I can't reach the firewall at all from the network. The message "arprequest: cannot find matching address" keeps appearing in the OPNsense console and the firewall log is an endless stream of packets to/from 0.nl.pool.ntp.org.[my domain].com.

I also set igb0 to LAN with a static IP (10.100.10.1/24) and my spare desktop to static IP 10.100.10.2/24 (disabled DHCP and no gateway). I was able to briefly reach the firewall web interface for about a minute before the firewall became unreachable. According to wireshark on the desktop, it just keeps ARP'ing "Who has 10.100.10.1? Tell 10.100.10.2." over and over. The firewall log also started showing the following message:

rule 10/0(match): block in on igb0: (tos 0x0, ttl 64, id53014, offset 0, flags [DF], proto UDP (17), length 44)
10.100.10.2.8612 > 10.100.10.255.8612: UDP, length 16

So with this configuration, I cannot reach the firewall WAN from the network and cannot reach the firewall LAN despite being connected directly to it.

I'm trying to set up OPNsense for the first time on a Netgate XG-1541 1U. This box has two gigabit interfaces, igb0 and igb1. Here's how I set it up initially:

• igb0: LAN assigned a DHCP static mapping address from my edge firewall, so that I can access the web interface from my desktop (which is also connected to the edge firewall via DHCP static mapping)
• igb1: WAN with static IP and DHCP server enabled, connected to a spare desktop with a static DHCP mapping

I was able to access the web interface over the firewall's LAN no problem. My spare desktop connected to the WAN interface did get the IP I specified in its static mapping, but could not ping out, could not get files over TFTP (including PXE booting), and according to Wireshark just asks who has whatever I set as the DNS address (in this case .254) over and over. I even added a WAN firewall rule to allow all to all.

At first I thought there might be a hardware problem with igb1, so I switched them; igb0 was WAN and igb1 was LAN. I also tried setting static IP vs DHCP and connecting to edge firewall vs spare desktop on both. No matter what I tried, only LAN worked - WAN was never able to send more than DHCP lease to the spare desktop, and anything connected to WAN (no matter igb0 or igb1) could reach the firewall.

Other than the static/DHCP settings and user accounts, I haven't changed anything from stock OPNsense defaults. Is OPNsense just incompatible with this hardware for some weird reason? Is there some hidden setting or rules trickery required to get WAN working? What am I missing, and how can I fix this so that I can connect to both the wider network AND a spare desktop or switch with many desktops connected? Eventually I would like this to replace my edge firewall - will I need to change it somehow to do that?