Permit Interface removal

[mtelle]

I have a problem with the topic "permit interface removal".

I expect with the selection of this box the interface will not be removed - the ip4 and ip6 will still exist.
On this Interface (LAN) I have 1 pc connected - if the pc is on I have on this interface my ip's without problem.
If I turn off the pc, the ip's from this interface will be removed, and all services bound to this interface are not working! This only happens with version 23.1!

With opnsense version 22.x the ip's are still alive (with pc turned off or on) - is this an bug?

Regards, Martin

[franco]

Prevent interface removal will skip over interfaces that are not in the system anymore instead of doing a full recovery. Stripped IP addresses point to custom tunables as reported by others for 23.1...


Cheers,
Franco

[mtelle]

Sorry - I do not understand, and nevertheless thanks for your help Franco...
If you mean an reset to the tunables (system:setting) with the right trash icon - this did not solve the problem.
This opnsense is an update from the latest 22.7 (I think) to 23.1_6. On the 22.7 version, and before, everything was fine, the 1. problem was with 23.1...
And, that is really a problem, every service bound to this ip is not working if the pc connected to opnsense on this interface is down - for example unbound.

Martin

[franco]

Hi Martin,

First I need to understand the problem. Disappearing IP points to bad manual tunables, but it could be something else. For this to make sense we need logs and good and bad state of the firewall to inspect, e.g. ifconfig output.


Cheers,
Franco

[mtelle]

I tried to solve the problem - with no success.
I have now build a fresh installation 23.1 with an old board with 4 interfaces. No additional configuration.
next steps: update to 23.1_6, setup 1 ip to every interface (4 interfaces), setting the LAN interface as default gw. Only the LAN interface is connected.

Now the test, reboot the system. ifconfig shows 4 interfaces with the corresponding ip - fine. Now I unplug the LAN interface and put it in another port -> the ip of the LAN is away! Same, if I unplug the new port and put it into LAN, the LAN ip goes up, and the "new port" ip goes away.
I have tried to solve the issue with selecting the button "prevent interface removal" in the interface section for all interfaces - no change.

ifconfig (after reboot, connected LAN):
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN (lan)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 00:0d:b9:4e:88:00
        inet 192.168.20.101 netmask 0xffffff00 broadcast 192.168.20.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN (wan)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 00:0d:b9:4e:88:01
        inet 192.168.80.101 netmask 0xffffff00 broadcast 192.168.80.255
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
...

and ifconfig after unplug LAN and put to igb1:
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN (lan)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 00:0d:b9:4e:88:00
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN (wan)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 00:0d:b9:4e:88:01
        inet 192.168.80.101 netmask 0xffffff00 broadcast 192.168.80.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
...

Attached the corresponding config file (with option "prevent interface removal").

Regards, Martin