Wireguard and ZeroTier switched interface on Reporting-Insight

[jaykumar2005]

I am running both Wireguard and Zerotier the Opnsense firewall ( OPNsense 22.1.8 ) , with firewall rules & Gateway for each interface. I have enabled Netflow on LAN/WAN interface capturing locally.

For some reason, Reporting --> Insight shows Wireguard traffic on Zerotier interface and Zerotier traffic on Wireguard interface. This is true for Insight Graph and Traffic tab as well.

Strangely enough, realtime traffic under Reporting --> Traffic (Graph and Top Talkers) show correct traffic for each of these interfaces.

This looks like a cosmetic issue with no affect on Firewall rules, Routing or Gateway etc.. What could be causing this?

[jaykumar2005]

Did a packet capture of both WG0 and ZT0, don't see any source/destination mismatch.

Looks like this might be issue with Netflow tagging the interface incorrectly, any idea how to troubleshoot and fix it?

[franco]

Netflow uses interface index instead of name to represent data which can overlap interfaces created after boot for different reasons. The output is most reliable on fixed hardware interfaces.


Cheers,
Franco

[jaykumar2005]

Sorry don't understand the inner working of Netflow, but can I manally override this index?

Any other suggestion to fix this?

[franco]

In any case you can raise a bug report here, but I'm unsure how much effort is required to fix this.

https://github.com/opnsense/core/issues/new?assignees=&labels=&template=bug_report.md&title=


Cheers,
Franco