Untagged Traffic ceased on LAN with 24.7.10_2

Started by tops4u, December 09, 2024, 08:04:59 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
January 15, 2025, 07:46:57 PM #15
Meanwhile there is 24.7.12 out... did anybody try?
January 20, 2025, 09:59:19 AM #16
Unfortunately the problem still exists in the current version. a rollback to version 24.7.9_1 works. However, that is not a solution either.
January 20, 2025, 10:40:28 AM #17 Last Edit: January 20, 2025, 11:55:04 AM by cookiemonster

Quote from: tsense on January 20, 2025, 09:59:19 AMUnfortunately the problem still exists in the current version. a rollback to version 24.7.9_1 works. However, that is not a solution either.
And repeating...
Quote from: cookiemonster on January 07, 2025, 11:59:54 AM
Quote from: JL on January 06, 2025, 09:41:50 PM
Quote from: vigeland on January 04, 2025, 05:42:08 PMI have no deny rule on the Lan interface. There are only the standard 2 "allow all" rules ( IPV4 , IPV6 ).
And why does it work for X years with the rules only with the update not. Additionally others have similar problems ?
I've wondered for some time about OPNSense and if it is reliable to work with in all environments.

I'm using it primarily as a VM firewall. In that it seems to be 'not great but works'.

One culprit is now using an OPNSense VM with a hypervisor bridge which has a physical interface with multiple vlan assigned.

The hypervisor sets the PVID egress as untagged on the bridge and tagged for the vlans, which is as it is. However, the tagged vlan are visible as untagged inside OPNSense VM. And that's that. No docu pointing out what to do or not to do.

When using multiple vlan-id on a single bridge the only solution seems to be to create a bridge per vlan, which doesn't really make sense, but works.


Quote from: vigeland on January 04, 2025, 05:42:08 PMI have no deny rule on the Lan interface. There are only the standard 2 "allow all" rules ( IPV4 , IPV6 ).
And why does it work for X years with the rules only with the update not. Additionally others have similar problems ?

Ermm. https://docs.opnsense.org/manual/how-tos/vlan_and_lagg.html
The manual for VLANs takes you to this URL which explains not to mix tagged and untagged traffic.
From this thread what I gather is that we have users who have not heeded the advice and have mixed traffic anyways. So far it has "worked" but not after an update. What might have happened is that the update has exposed the misconfiguration only.
p.s. I was one of those users for some time and it was also not giving me any trouble. Until I realised that one day (like with this update - if that is what it is) it was bound to catch me. So I fixed it, by reconfiguring to the recommended setup.

So the ideal course of action is to correct any remaining installations with mixed tagged and untagged traffic in an interface used with OPN, and then move to diagnose any other problems and thinking OPN is "reliable to work with in all environments."
The TLD. Mixing tagged and untagged has never been a supported configuration. Some setups will expose it in form of problems, others won't.
Expecting new versions to make it go away is an exercise in futility.
Correct your setup.

January 20, 2025, 11:13:41 AM #18
I don't have any mixed vlan traffic in my setup. But I also noticed that I no longer have internet connectivity when I update to a newer version. My setup is a CARP HA cluster with two machines. The backup machine has internet connectivity. However, the master node is not. When I roll back to version 24.7.9 it works without any problems

Currently running OPNsense 24.7.12 (amd64) at Mon Jan 20 11:08:24 CET 2025
Fetching changelog information, please wait... fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/sets/changelog.txz: Permission denied
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/latest/meta.txz: Network is unreachable
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/latest/packagesite.pkg: Network is unreachable
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/latest/packagesite.txz: Network is unreachable
Unable to update repository OPNsense
Error updating repositories!
Checking integrity... done (0 conflicting)
Your packages are up to date.
January 20, 2025, 11:56:07 AM #19
Quote from: tsense on January 20, 2025, 11:13:41 AMI don't have any mixed vlan traffic in my setup. But I also noticed that I no longer have internet connectivity when I update to a newer version. My setup is a CARP HA cluster with two machines. The backup machine has internet connectivity. However, the master node is not. When I roll back to version 24.7.9 it works without any problems

Currently running OPNsense 24.7.12 (amd64) at Mon Jan 20 11:08:24 CET 2025
Fetching changelog information, please wait... fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/sets/changelog.txz: Permission denied
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/latest/meta.txz: Network is unreachable
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/latest/packagesite.pkg: Network is unreachable
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/latest/packagesite.txz: Network is unreachable
Unable to update repository OPNsense
Error updating repositories!
Checking integrity... done (0 conflicting)
Your packages are up to date.
So why are you posting on this thread that is/was about tagged/untagged traffic?
January 20, 2025, 12:02:20 PM #20
I saw that there were several problems starting with the subsequent versions 24.7.9. I have a similar problem in that I no longer have internet connectivity... Although the WAN traffic is not tagged. Internet access works permanently on the slave node. So it can't be a misconfiguration. Do you have an idea what I can check?
January 20, 2025, 12:09:00 PM #21
Quote from: tsense on January 20, 2025, 12:02:20 PMI saw that there were several problems starting with the subsequent versions 24.7.9. I have a similar problem in that I no longer have internet connectivity... Although the WAN traffic is not tagged. Internet access works permanently on the slave node. So it can't be a misconfiguration. Do you have an idea what I can check?
Instead of latching to any thread with a reported problem, do a search and for your symptoms in case it has been posted already. If nothing found, create your own new thread with your setup, hardware, current version, what worked before, what changed and what is now not working. Add your diagnostics so far.
Try to avoid problem statements lacking andy technical detail. "internet is not working" is an example of what not to do as it just delays the time to resolve whatever problem exists.
Print
Go Up Pages 1 2
User actions