Strange VLAN issue

Started by moreamazingnick, April 05, 2022, 01:11:51 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 05, 2022, 01:11:51 AM
I'm currently playing around with vlans in my dev environment.
I have a Netgear GS305E
VLAN1:
I have set Port 1 as tagged and connected it to my opnsense appliance
Port 4 / 5 are  Untagged
VLAN2:
Port1 Tagged
Port2 Untagged
VLAN3:
Port1 Tagged
Port3 Untagged

I installed Opnsense with vlans:
VLAN1 -> WAN
VLAN2 -> LAN
VLAN3 -> OPT1

I set the firewall rules to allow all traffic and enabled the dhcp server

I get the correct IP address on LAN and OPT, can access the internet but there is no connection to the web gui.
I added a usb ethernet device:
UE0 -> OPT2
enabled DHCP set the firewall rules and can access the webgui from OPT2

Hours later:
I wiped the disk and installed pfsense :( all vlans work, web gui access works, theme looks ugly :(
I booted the live version of opnsense and configured the vlans.

strangely I can access the web gui from all vlan interfaces

I made a backup, and started the installer.
after the reboot the config was there :) but there was again no access to the webgui from a vlan interface.

I restored the backup, same problem

I booted the live system, restored the backup, reloaded the services -> that works

But I can't access the webgui from a vlan after everything is written to disk.

Does anyone have any clue what's wrong with my setup?

Thanks in advance and best regards

Nicolas
April 06, 2022, 10:01:32 AM #1
Quote from: cwegh on April 02, 2022, 09:29:09 AM
Hi all

Currentely I have pfsense installed on a SSD (Crucial CT275MX300SSD1) on the D33SL motherboard: http://en.hanzsung.com/prod_view.aspx?typeid=88&id=437&fid=t3:88:3

I want to install OPNsense 22.1 on top of it using an USB installer via the serial image (no VGA available) using the DD command on macOS. USB stick is JetFlash Transcend 128GB 1100.

....

smbus0: <System Management Bus> on ichsmb0
lo0: link state changed to UP
pflog0: permanently promiscuous mode enabled


That post brought up the idea to enable promiscuous mode on the interfaces manually.
So 2 Scenarios can solve this problem for me:

1) enable promiscuous mode on all vlan related interfaces or
2) attach "real interface" as interface, enable it, and enable promiscuous mode on that one

Both make sense, but which is the opnsense way of doing it?

Best regards

Nicolas
April 06, 2022, 11:19:37 AM #2
It depends on the driver being used. Broadcom seems to be buggy still and requires a manual promiscuous mode for VLANs on FreeBSD 13.

2) is more aligned with what the OPNsense code is doing when dealing with parent interfaces


Cheers,
Franco
Print
Go Up Pages1
User actions