CIDR and How Does OPNsense Use It

[spetrillo]

Hello all,

I am in the midst of trying to build an OPNsense virtual firewall on a MSP's VMware vCD multi-tenant cloud infrastructure. Under vCD I create network segments in CIDR format(10.0.1.1/24, not 10.0.1.0/24). I have created each of my private LAN segments in "isolated" mode, meaning these segments have no access to the edge of the vCD world. Doing this allows the OPNsense firewall sit in front of these segments and handle everything that is needed for communication, whether it be DNS, routing, firewalling, and access to the outside world.

I am seeing curious issues when standing up a DHCP server on the OPNsense server. I see continual DHCPDISCOVER and DHCPOFFER but no DHCPACK. I have never seen this before. I have a physical OPNsense firewall at home and there are no issues with DHCP. I am wondering if the CIDR format of defining networks in vCD is conflicting with the OPNsense format. For example I have defined a network segment as 10.0.1.1/24 in vCD, meaning the gateway is at 10.0.1.1 but I cannot use this IP for my static LAN interface, as the IP is no longer available for use. I have to increment up one and use 10.0.1.2 as the static LAN interface IP. I wonder if that is conflicting with the 10.0.1.0/24 that the DHCP server on OPNsense announces in its startup log.

Help?! Anyone built on a vCD infrastructure? If I can figure this out then everything else works, including HA.

Steve