Loose internal network when PPPOE connexion is down.

Started by Trevelian, April 11, 2021, 10:49:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 11, 2021, 10:49:06 PM
Hello,

I have multiple VLAN on my homelab and the gateway of each VLAN is an Opnsense interface.
Opnsense is also used for the WAN access (PPPOE)

When there is a problem with my ISP and I loose my internet connexion, I also loose the connexion between my internal VLAN.

Maybe I need to activate this option on internal Interfaces-> "Dynamic gateway policy | This interface does not require an intermediate system to act as a gateway "

But I don't really understand it so I prefer ask before enable that.

Version : 21.1.4

Thanks for your help !
Trevelian.

April 12, 2021, 08:03:49 AM #1
April 12, 2021, 08:36:52 AM #2
Is this using IPv4 and v4 IP addresses or IPv6 or both?
I can see no reason why v4 should not continue to work, but IPv6 probably would not work if you are using GUA addresses.
OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 12, 2021, 09:47:13 AM #3
I receive IPV4 and IPV6 from my ISP, but I only use IPV4, no IPV6 on the internal network.

I see on firewall logs that I hit the default block rules, Its like all my allow rules are ignored when the WAN connection is down.
April 12, 2021, 09:57:13 AM #4
Odd.. I have a PPPoE connection and VLANs, when on the odd occasion my WAN goes down I can still ping the IOT VLAN devices from the primary LAN. Want to post some images of your rule setup?
OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 12, 2021, 10:46:37 AM #5 Last Edit: April 12, 2021, 01:22:24 PM by Trevelian
https://trevelian.de/opnsense/lan.png

If you need more, no problem.

It is possible that the problem is related to my usage of "alias" ?
April 12, 2021, 02:34:06 PM #6
Haven't had any time to look at the rules yet... real work has intervened.
OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 12, 2021, 07:22:00 PM #7
Erm. how many VLANs do you have? You appear to have rules for lots of individual devices. What have you got in floating rules?
OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 12, 2021, 07:25:19 PM #8
I have 11 VLAN and nothing in floating (except automatic generated rules)

https://trevelian.de/opnsense/floating.png
April 12, 2021, 07:35:01 PM #9
So let's break this down, from the LAN you cannot connect to any of the other VLANs when the PPPoE is down. Pick one device on a VLAN you cannot ping and post the rules for that VLAN, and if it has an alias name, tell us what that is.
OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 12, 2021, 08:05:07 PM #10
I will try again to shutdown the PPPOE this night when my wife goes to sleep to do more test.

But for example I have this rules on my LAN vlan (192.168.1.0/24) :
https://trevelian.de/opnsense/gest1.png

gest is the alias of 192.168.7.20 on my BASTION vlan (192.168.7.0/24):
https://trevelian.de/opnsense/gest2.png

No problem when my internet connection is up, I see in the firewall "Live View" that SSH is accepted to "gest"
When PPPOE is down when I try to ssh to "gest" I see that its block by the default block rules in the "Live View"

Print
Go Up Pages1
User actions