Author Topic: Loose internal network when PPPOE connexion is down. (Read 3348 times)

Trevelian · « **on:** April 11, 2021, 10:49:06 pm »

Hello,

I have multiple VLAN on my homelab and the gateway of each VLAN is an Opnsense interface.
Opnsense is also used for the WAN access (PPPOE)

When there is a problem with my ISP and I loose my internet connexion, I also loose the connexion between my internal VLAN.

Maybe I need to activate this option on internal Interfaces-> "Dynamic gateway policy | This interface does not require an intermediate system to act as a gateway "

But I don't really understand it so I prefer ask before enable that.

Version : 21.1.4

Thanks for your help !
Trevelian.

Trevelian · « **Reply #1 on:** April 12, 2021, 08:03:49 am »

I'm not alone -> https://forum.opnsense.org/index.php?topic=15299.0

marjohn56 · « **Reply #2 on:** April 12, 2021, 08:36:52 am »

Is this using IPv4 and v4 IP addresses or IPv6 or both?
I can see no reason why v4 should not continue to work, but IPv6 probably would not work if you are using GUA addresses.

Trevelian · « **Reply #3 on:** April 12, 2021, 09:47:13 am »

I receive IPV4 and IPV6 from my ISP, but I only use IPV4, no IPV6 on the internal network.

I see on firewall logs that I hit the default block rules, Its like all my allow rules are ignored when the WAN connection is down.

marjohn56 · « **Reply #4 on:** April 12, 2021, 09:57:13 am »

Odd.. I have a PPPoE connection and VLANs, when on the odd occasion my WAN goes down I can still ping the IOT VLAN devices from the primary LAN. Want to post some images of your rule setup?

Trevelian · « **Reply #5 on:** April 12, 2021, 10:46:37 am »

https://trevelian.de/opnsense/lan.png

If you need more, no problem.

It is possible that the problem is related to my usage of "alias" ?

marjohn56 · « **Reply #6 on:** April 12, 2021, 02:34:06 pm »

Haven't had any time to look at the rules yet... real work has intervened.

marjohn56 · « **Reply #7 on:** April 12, 2021, 07:22:00 pm »

Erm. how many VLANs do you have? You appear to have rules for lots of individual devices. What have you got in floating rules?

Trevelian · « **Reply #8 on:** April 12, 2021, 07:25:19 pm »

I have 11 VLAN and nothing in floating (except automatic generated rules)

https://trevelian.de/opnsense/floating.png

marjohn56 · « **Reply #9 on:** April 12, 2021, 07:35:01 pm »

So let's break this down, from the LAN you cannot connect to any of the other VLANs when the PPPoE is down. Pick one device on a VLAN you cannot ping and post the rules for that VLAN, and if it has an alias name, tell us what that is.

Trevelian · « **Reply #10 on:** April 12, 2021, 08:05:07 pm »

I will try again to shutdown the PPPOE this night when my wife goes to sleep to do more test.

But for example I have this rules on my LAN vlan (192.168.1.0/24) :
https://trevelian.de/opnsense/gest1.png

gest is the alias of 192.168.7.20 on my BASTION vlan (192.168.7.0/24):
https://trevelian.de/opnsense/gest2.png

No problem when my internet connection is up, I see in the firewall "Live View" that SSH is accepted to "gest"
When PPPOE is down when I try to ssh to "gest" I see that its block by the default block rules in the "Live View"

Author Topic: Loose internal network when PPPOE connexion is down. (Read 3348 times)

Trevelian

Loose internal network when PPPOE connexion is down.

Trevelian

Re: Loose internal network when PPPOE connexion is down.

marjohn56

Re: Loose internal network when PPPOE connexion is down.

Trevelian

Re: Loose internal network when PPPOE connexion is down.

marjohn56

Re: Loose internal network when PPPOE connexion is down.

Trevelian

Re: Loose internal network when PPPOE connexion is down.

marjohn56

Re: Loose internal network when PPPOE connexion is down.

marjohn56

Re: Loose internal network when PPPOE connexion is down.

Trevelian

Re: Loose internal network when PPPOE connexion is down.

marjohn56

Re: Loose internal network when PPPOE connexion is down.

Trevelian

Re: Loose internal network when PPPOE connexion is down.