Adding trunk interface breaks vlan routing

[greY]

Hi,
looks like adding the trunk interface to the protected interfaces breaks the routing between VLANs.
Can anybody confirm?

Adding single VLANs seems to be OK, but then not able to protect the LAN...

Deployment mode: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver
Engine Version: 1.11.5 View Release Notes Version History
UI Version: 22.9.22
Database Version: 1.11.22092202
OPNsense 22.7.6-amd64

HW offload is default/disabled


greY

[mb]

Hi @greY,

What happens if you put zenarmor into Bypass Mode? Is it the same?

[greY]

yes, forgot to mention that. The bypass mode has no impact, only removing the interface enables the vlan routing again. This box is a Hyper-V guest.

I also tested the behavior on a business edition hardware box which seems not to have this issue.

[mb]

Hi @greY,

Thanks for the additional information. Very helpful.

This suggests that this is a netmap issue. Because zenarmor in bypass mode does nothing more than basically switching packets back and forth. It behaves like a dummy bridge.

Having said that, if this config is working in a different scenario, that might be a useful hint.

By business edition, are you referring to OPNsense Business edition? If so, can you share the exact version information?

[greY]

Hi @mb
yes I'm referring to th OPNsense Business Edition.

Versions   
OPNsense 22.4.3_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1q 5 Jul 2022

Zenarmor
Engine Version:   1.11.5
UI Version: 22.9.22
Database Version: 1.11.22092202

[mb]

@greY thanks, very helpful.

Most probably, there has been a driver update in the meantime causing a regression on the netmap support.

These days, we're working on a project which tries to bring a driver-agnostic methodology with regard to netmap support, this feedback will be very helpful.