Tagged traffic issue after upgrade to OPNsense 22.1.3-amd64

Started by Nick1, March 18, 2022, 03:05:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 18, 2022, 03:05:15 AM
Hello OPNsense community,

I upgraded my home firewall to the latest offered version:
OPNsense 22.1.3-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

Current configuration was working for more than a year before upgrade. I use router on a stick topology for micro segmentation - OPNsense -> trunk -> Switch -> LAN
OPNsense -> trunk -> Switch -> trunk -> AP -> WLAN

Trunk port between Switch and AP still works fine but Trunk port between OPNsense and Switch comes up after firewall reboot and fails after about 10 seconds - ping and other traffic is not getting through trunk port to firewall (looks like some issue in OPNsense 22.1.3).

Attached is the general log. Please, let me know if this is well know issue and how to fix VLAN tagging in OPNsense 22.1.3.

Thank you,
Nick
March 18, 2022, 08:10:45 AM #1
You are not using the trunk port for untagged frames, too? Good  :)

Try to assign the physical interface in Interfaces > Assignments, anyway. Enable, but don't set an IP address. That is supposed to take care of disabling hardware offloading. Major change in 22.1.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 18, 2022, 11:25:52 AM #2
Thank you for the quick answer. Only taged traffic is configured in OPNsense on the trunk interface. I agree with your previous post - we should use another physical interface for untaged traffic + it's nice to change default native VLAN on the switch side. I did check hatdware offloading was disabled (unchecked) after upgrade.

I don't work with OPNsense and must didn't configure my VLANs properly in the first place. I'm going to share my config later today. Meanwhile, could you ellaborate on the hardware offloading and if there are more than one place where it can be disabled?
March 18, 2022, 11:44:29 AM #3
There is only one place to disable it globally but that setting does not get applied to your trunk interface if you do not assign the interface in Interfaces > Assignments.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 20, 2022, 10:24:34 PM #4
Indead, I forgot to add physical interface under Interfaces -> Assignments - how did my sub-interfaces worked before without physical interface enabled?! As I expected, I did not configure properly taged sub-interfaces and it back fired on me after last upgrade.

Thank you for the clarification - enabling physical interface did fix my issue.
Print
Go Up Pages1
User actions