[SOLVED] Zenarmor blocking VLANs in routed mode...

Started by Soryu, January 15, 2025, 11:08:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 15, 2025, 11:08:16 AM Last Edit: January 17, 2025, 03:26:18 PM by Soryu
Good morning everyone,

as a newbie I stumbled upon the problems metioned above and I'm not able to solve the problem by myself.

This is my hadware and what I did:
  • OPNsense on M720q, internal NIC for WAN traffic, Mellanox X6 for LAN.
  • untagged traffic for "regular" traffic, several VLANs for IoT, Guest access, ...
  • configured VLANs, firewall rules, ... -> works as desired
  • installed ZenArmor
  • set deployment Mode: routed L3 with native netmap drivers
  • set Security Zone: parent LAN interface, tagged as lan
  • finished installation
  • devices on VLANs can't connect with outside world and with each other
  • new client can't connect to wifi (DHCP blocked)
  • no entries of blocked deviceds on VLANs in Live Session list
  • switched to passive mode -> works as desired
  • lots of entries in Live Session list

I found this thread https://forum.opnsense.org/index.php?topic=40590.0 but there entries in the blocking list...

As I'm out of ideas please advise how to troubleshoot or solve this issue.

Thanks in advance!

Joerg
January 16, 2025, 08:32:38 AM #1
Hi,

Mellanox interfaces are not natively supported by netmap. Have you tried using routed mode with the emulated netmap driver?

January 16, 2025, 01:59:35 PM #2 Last Edit: January 16, 2025, 02:25:37 PM by Soryu
Thanks for your reply.

Unfortunately using the emulated netmap driver didn't help at all.
The results are identical.

- Wireless devices can't connect properly to WiFi: takes ages to get DHCP info and the gateway is not reachable -> no internet connection
  I even set an "allow all" rule in OPNsense without success
- There is still no entry in the Live Session view of Zenarmor (the IPs of the devices on the VLANs are nowhere to find)

Aure you sure that there is no Mellanox support in netmap? I found https://github.com/luigirizzo/netmap/blob/master/LINUX/final-patches/mellanox--mlx5--5.8, this https://forum.opnsense.org/index.php?topic=21778.0 and that https://man.freebsd.org/cgi/man.cgi?query=mlx5en&sektion=4&manpath=freebsd-release-ports

So I am confused... OK, that I am quite often but there must be a way to get that setup up and running.

Thanks!
January 17, 2025, 03:25:28 PM #3
Hello everyone,

problem solved. Just took an Intel XXV710 and guess what happened...? It worked perfectly.

So no more Mellanox for me anymore.

Thanks to sy for the remark pointing in that direction.

Have a nice weekend,

Joerg
Print
Go Up Pages1
User actions