Upgraded to 21.1.4 last night. DHCP woes.

[SpuddyUK]

Updated to 21.1.4 last night and now none of my devices on an IoT VLAN (vl40) are working. Were working fine on 21.1.3. None of the devices can get an IP address from opnsense on the IoT vlan.

Checked the logs and opnsense is sending DHCPOFFERs from the "Trusted" vlan (vl30) IP address pool to these devices and of course, this is failing

Also reddit thread.
https://www.reddit.com/r/OPNsenseFirewall/comments/mifa74/upgraded_to_2114_last_night_dhcp_woes/

[Greelan]

Interesting. Although in answer to your question on reddit, VLANs aren't broken - all normal here (on 4 VLANs)

[SpuddyUK]

Interesting. Although in answer to your question on reddit, VLANs aren't broken - all normal here (on 4 VLANs)

Thanks.

I'm going to revert back to 21.1.3. How best to preserve logs for if someone wants to review/replicate issue?

[Greelan]

Just download them?

[SpuddyUK]

I found the issue here https://forum.opnsense.org/index.php?topic=17656.0. The issue was caused by IDS and specifically the VLAN hardware filtering setting in Interfaces->Settings->VLAN Hardware Filtering=Disable VLAN Hardware Filtering. If I disabled the VLAN HW filtering, vl40 starts working again (inc DHCP). If I re-enable it, and disable IDS, again works. If both are enabled, everything falls over.

I note some changes in Suricata in 21.1.4, so likely this has caused the issue on my particular hardware.

[abulafia]

I'll put it here in case someone finds it useful:

IDS (Suricata) in promiscuous mode and VLANs work under 21.7.1, if you (1) disable VLAN hardware filtering AND (2) reboot.

The latter (reboot) is often not explicitly stated and has caused me woes ...