Unable to add static ARP entry

[Berzerker]

I have an ONT that allowed communication over a local IP space but loses connection every X minutes if the device is not ARP'd. To get around this, a static ARP entry is required for its MAC, but I'm unable to add it for that space

Code: [Select]

root@opnsense:~ # arp -a | grep 192.
? (192.168.1.2) at b4:96:91:21:c9:76 on ix1 permanent [ethernet]
root@opnsense:~ # arp -s 192.168.1.1 MAC_ADDR
arp: cannot intuit interface index and type for 192.168.1.1
root@opnsense:~ #

For reference, 192.168.1.2 is an alias IPv4 address attached to the WAN interface in the interface settings. 192.168.1.1 is the address of the ONT in question.

Any hints?

[wbk]

Hi Berserker,

Did you try adding a static ARP entry via the GUI? There is the 'Wake on LAN' plugin that allows to set static ARP entries.

[Berzerker]

I haven't! I didn't realize it did. Do I just add it as if I were adding a device to the WoL function with the right interface, IP and MAC?

Edit: Just tried and it doesn't seem to be adding the entry.

[wbk]

Checking things, it might be easier than that.

I went that way, because I wanted WoL. I can give a description for an interface/ARP pair, but not an IP.

You want a static ARP/IP entry. Did you notice you can tick a box for that when you create a static DHCP lease? Perhaps if you start there and are successful, you can go from there to troubleshoot the ARP entry in case you don't need/want the DHCP entry.

[Berzerker]

I want a static ARP for an IP that the opnsense system does not know about, so I'm not sure if static ARP under DHCP lease is the answer here, especially because it wouldn't be on any LAN interfaces. If that's still the way to do it, then I can try but I have my doubts here

[wbk]

My line of thought was: see if it works 'the OPNsense way'; if it does, see what the difference in output is compared to the manual configuration. If it also does not, no idea. Breakage in FreeBSD seems far fetched.

[Fright]

For reference, 192.168.1.2 is an alias IPv4 address attached to the WAN interface

with /32 mask i believe?

[Berzerker]

For reference, 192.168.1.2 is an alias IPv4 address attached to the WAN interface

with /32 mask i believe?

I assumed this was for the ip space, which the ONT's is on a /24, so I added it as a /24

[Berzerker]

bump

[Fright]

hm. can you share ifconfig and netstat -r please?

[Berzerker]

netstat

Code: [Select]

Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            172.13.160.1       UGS         ix1
dns.google         c-24-99-70-1.hsd1. UGHS       igb0
dns.google         172.13.160.1       UGHS        ix1
10.0.10.0/24       link#9             U      ix0_vlan
opnsense           link#9             UHS         lo0
10.0.20.0/24       link#10            U      ix0_vlan
10.0.20.1          link#10            UHS         lo0
10.0.30.0/25       link#12            U      ix0_vlan
10.0.30.1          link#12            UHS         lo0
10.0.40.0/28       link#17            U           wg1
10.0.40.1          link#17            UHS         lo0
10.0.40.2          link#17            UHS         wg1
10.0.60.0/28       link#13            U      ix0_vlan
10.0.60.1          link#13            UHS         lo0
10.0.70.0/26       link#14            U      ix0_vlan
10.0.70.1          link#14            UHS         lo0
10.0.80.0/29       link#15            U      ix0_vlan
10.0.80.1          link#15            UHS         lo0
10.0.90.0/27       link#16            U      ix0_vlan
10.0.90.1          link#16            UHS         lo0
10.0.250.0/24      link#11            U      ix0_vlan
10.0.250.1         link#11            UHS         lo0
wg_ip_adr          wg_gateway         UGHS        wg2
10.68.7.116        link#18            UHS         wg2
10.68.7.117        link#18            UH          lo0
24.99.70.0/23      link#3             U          igb0
c-24-99-70-247.hsd link#3             UHS         lo0
localhost          link#5             UH          lo0
172.13.160.0/22    link#2             U           ix1
172.13.163.219     link#2             UHS         lo0
192.168.1.0/24     172.13.160.1       UGS         ix1
192.168.1.2        link#2             UHS         lo0

Internet6:
Destination        Gateway            Flags     Netif Expire
localhost          link#5             UHS         lo0
fe80::%lo0/64      link#5             U           lo0
fe80::1%lo0        link#5             UHS         lo0


ifconfig

Code: [Select]

ix0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,NOMAP>
ether b4:96:91:21:c9:74
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: ATT_WAN (wan)
options=4803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,NOMAP>
ether b4:96:91:21:c9:76
inet wan_ipaddr netmask 0xfffffc00 broadcast 172.13.163.255
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (10Gbase-SR <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: COMCAST_WAN (opt8)
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
ether ac:1f:6b:21:c2:28
inet 24.99.70.247 netmask 0xfffffe00 broadcast 255.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb1: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
ether ac:1f:6b:21:c2:29
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
groups: enc
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 0.0.0.0 maxupd: 128 defer: off
syncok: 1
groups: pfsync
ix0_vlan10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN10_LAN (lan)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.10.1 netmask 0xffffff00 broadcast 10.0.10.255
groups: vlan
vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN20_IoT (opt1)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.20.1 netmask 0xffffff00 broadcast 10.0.20.255
groups: vlan
vlan: 20 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan250: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN250_WORK (opt7)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.250.1 netmask 0xffffff00 broadcast 10.0.250.255
groups: vlan
vlan: 250 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN30_MGMT (opt2)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.30.1 netmask 0xffffff80 broadcast 10.0.30.127
groups: vlan
vlan: 30 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan60: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN60_PROXMOX (opt3)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.60.1 netmask 0xfffffff0 broadcast 10.0.60.15
groups: vlan
vlan: 60 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan70: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN70_INTERNET (opt4)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.70.1 netmask 0xffffffc0 broadcast 10.0.70.63
groups: vlan
vlan: 70 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan80: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN80_IPMI (opt5)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.80.1 netmask 0xfffffff8 broadcast 10.0.80.7
groups: vlan
vlan: 80 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix0_vlan90: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VLAN90_SERVICES (opt6)
options=4000000<NOMAP>
ether b4:96:91:21:c9:74
inet 10.0.90.1 netmask 0xffffffe0 broadcast 10.0.90.31
groups: vlan
vlan: 90 vlanproto: 802.1q vlanpcp: 0 parent interface: ix0
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wg1: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
inet 10.0.40.1 netmask 0xfffffff0
groups: wg wireguard
nd6 options=109<PERFORMNUD,IFDISABLED,NO_DAD>
wg2: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
inet wg_addr netmask 0xffffffff
groups: wg wireguard
nd6 options=109<PERFORMNUD,IFDISABLED,NO_DAD>


[Fright]

hm. there is a static route that looks wrong imho

192.168.1.0/24     172.13.160.1       UGS         ix1

which states that the 192.168.1.0 subnet is behind the gateway
arp can not intuit interface in this case

[Berzerker]

well that was added by the system when I set the secondary IP, how do I get it to not add it?

I'm an idiot. I had a static route added from before when I was testing some other things. I removed it, and was properly able to add the static ARP entry now. Thank you!

[Fright]

that's great! thanks for the feedback )

[wbk]

Hi Berserker, thanks for being patient with my not so helpful suggestions, glad you got it solved! Would you consider adding 'Solved' or any indicator to your topic title, to help others?