Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Odd issues after upgrade
« previous
next »
Print
Pages: [
1
]
Author
Topic: Odd issues after upgrade (Read 1047 times)
TrixieBell
Newbie
Posts: 8
Karma: 1
Odd issues after upgrade
«
on:
February 15, 2023, 08:07:27 pm »
Hi All,
I upgraded from opnsense 20.1-amd64 running as a router on a stick on an old Dell Optiplex to a brand new shiny DEC 2700 running the bleeding edge production version, fully up to date and using 3 interfaces to route.
I did this by dumping the config and restoring it to the new box, changing the interfaces to be correct and that's pretty much it. Just about everything worked, it was routing and letting me access between VLANs on one interface and also routing down my 2 interfaces I split out (internet and WAN).
The only thing that seemed to be causing issues was the proxy->internet connection, I couldn't get any traffic out. It wasn't a route issue as I could SFTP out and VPN in so...
I enabled logging on all my rules and couldn't see anything blocked, in fact I could see DNS traffic being allowed from my proxy server but wasn't getting a response, i could also see traffic to the proxy and squid logs were showing the requests. I checked all the possible proxy and dns options I could find on the new box and nothing was enabled so I gave up and added a new floating rule, proxy can go anywhere any protocol both directions. Hey presto, internet worked, DNS was getting a response, happy days. I went home to bed.
I come in this morning and found 802.1x port authentication wasn't working for PCs (it was working fine for phones and printers though) and ram usage on the new box was sitting at 80% (which is odd as the new box has double the ram of the old one which sits below 20%).
I saw no drops on the rules (which were still logging from last night and I'm hoping was the cause of the high ram usage) and on the NPS server I see requests from all the computers except they aren't trying with their computer account and cert as they are meant to, the requests are coming in as mac address authentication...
Anyway, I reverted to the old box and everything is instantly okay.
Can anyone think of any reason, going from a dump of rules and settings on v20 and importing on v23 would cause these weird issues?
Logged
TrixieBell
Newbie
Posts: 8
Karma: 1
Re: Odd issues after upgrade
«
Reply #1 on:
February 15, 2023, 09:00:02 pm »
Having bounced this around a few people and talked it out I think I have worked out the 802.1x issue.
I had forgotten (and possibly missed off some documentation) the fact that on the WAN connection we have 2 vlans, the gateway for the user network lives on the WAN router (for redundancy in case of site wide failure to have DHCP on split scope across the WAN... I think) and splitting this out onto the firewall port meant that traffic to the gateway IP traverses the firewall. This was working okay for IP based traffic as the firewall was routing the traffic somehow but broadcast traffic was not working, hence DHCP etc. failed.
Still... doesn't explain my proxy issue.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Odd issues after upgrade