Management through Opt1 slow

Started by dcp_ky, November 10, 2021, 02:47:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 10, 2021, 02:47:24 PM
1st post here; I'm trying to setup the following to replace a m0n0 deployed over 10 years ago.


LAN      IP:      10.10.10.10/24
em0      Gateway:   10.10.10.1
      VLAN 10 Staff / VLAN 20 Guests

OPT1   IP:      192.168.1.10/24
em2      Gateway:   192.168.1.1
      VLAN 99 Management


I want to be able to manage the OpnSense instance (https, forward syslogs, smtp, ssh, etc) from the OPT1 interface.  I want to block all traffic entirely from computers on the LAN (downstream is WLAN).  No management from LAN side.

I haven't fully disabled the LAN management yet.  In my present config, I can get to the management IP using 10.10.10.10 or 192.168.1.10 right now.  I haven't disabled the LAN side management because it's incredibly slow to manage on the OPT1 side.  Ping seems fine, SSH as well, but HTTP times out constantly.  Clicking through each page takes 2 - 3 minutes.

On the LAN side it's snappy.  Using PC connected through an out-of-band switch.

I think this is routes or gateway related.  On the OPT1 side I'm seeing pings TTL=62 where I should be seeing ping TTL=64.

I'd be appreciative if anybody could point me to an article, FAQ or provide any advice on getting this working properly.

Many Thanks!

November 10, 2021, 02:53:38 PM #1
You should probably have only one gateway.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 10, 2021, 04:08:56 PM #2
This seems plausible.  Going to System > Gateways > Single, I see 2 gateways.  OPT1_GW (Active) and WAN_DHCP6 (Active). 

WAN was set w/ DHCPv6 which is now "Not Set" for v4 & v6 (I'll need to set some kind of IP when I get my WAN online)  Setting it offline removed the WAN_DHCP6 GW.  There was no DHCP server upstream from WAN anyway, it's not even plugged in.

On the OPT1 side, If I set IPv4 address manually, I'm forced to pick a IPv4 Upstream Gateway as "AutoDetect".  Once this happens, the GW is created and can't be deleted.  Helper text states that Upstream Gateway isn't necessary for LAN but what if I also don't want/need an upstream GW for OPT1?

As a workaround, I'm setting my OPT1 IP via static DHCP reservation on an upstream DHCP server, option 3 left blank so it's receiving GW as 0.0.0.0.


LAN is still fast while OPT1 is still slow.  Ping TTL=63 now on the OPT1 side.
Print
Go Up Pages1
User actions