firewall needs reboot to handle newly attached devices

Started by bongo, February 23, 2026, 06:33:14 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 23, 2026, 06:33:14 AM
this is an issue, i identified for the 1st time a few months ago on 25.7.xx, but it did not solve with 26.1.

i use ISC DHCPv4 to provide IP addresses to devices in my local networks.
once a device has attached for the 1st time, it gets an IP from the pool. as pool IPs are configured in my setup for minimum rights, this is only temporary then.
as soon as i see the MAC of the new device in OPNsense, i configure it to a static IP, to add it to the appropriate group, to define its access rights to internet and other local networks, handled by OPNsense. this also allows me to access the device (expecially for IoT stuff) by IP.

all i need to do to get things working is disconnect/reconnect the device, so that it gets its configured IP address.
this has worked fine like this for years now.

for a few months now, i recognized that, when i detach/attach a device to get it working, it gets the new IP as expected, but it is shown as inactive in the leases.
and although the firewall is configured for this IP, i get no data through.
whatever i try, it still shows as inactive.

i'm not 100% sure, but it looks like for some reason, the device is not added to the arp list.

the only solution i found so far (after a few hours of analyzing the problem) is to reboot opnsense. after a reboot, it all works fine.

it looks to me like this issue has started with one of the updates for 25.7.


i actually use OPNsense 26.1.2-amd64 which still shows this issue.

any idea what's going wrong?

regards
bongo
February 23, 2026, 03:22:47 PM #1
Quote from: bongo on February 23, 2026, 06:33:14 AM[...]i'm not 100% sure, but it looks like for some reason, the device is not added to the arp list.[...]

Sounds reasonable. Did you check ("Interfaces: Diagnostics: ARP Table")?
February 23, 2026, 05:39:03 PM #2
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
February 26, 2026, 06:43:17 PM #3
Quote from: pfry on February 23, 2026, 03:22:47 PM
Quote from: bongo on February 23, 2026, 06:33:14 AM[...]i'm not 100% sure, but it looks like for some reason, the device is not added to the arp list.[...]

Sounds reasonable. Did you check ("Interfaces: Diagnostics: ARP Table")?

yes, i think that's how i've seen that it does not exist there
February 26, 2026, 06:47:52 PM #4
Quote from: nero355 on February 23, 2026, 05:39:03 PMSounds like : https://forum.opnsense.org/index.php?topic=50940.0 ?!

Have you tried : https://forum.opnsense.org/index.php?topic=50940.msg261068#msg261068 ??

yes, could be the same issue.

i think while trying to solve the issue for the 1st time, i also restarted the dhcp. but as this did not help, i finally rebooted opnsense. and that's what i always do since then, as i haven't found another solution.
unfortunately, rebooting opnsense is not an option at any time, when you have some connections that do not tolerate an interruption ;-(
March 01, 2026, 09:31:36 AM #5 Last Edit: March 01, 2026, 09:36:16 AM by bongo
SOME ADDITIONAL INFORMATION:

i was not fully correct when i reported the issue.
today i again added a device and checked a few more things.
after adding the device, the device gets the assigned IP, but it is missing in the ARP table.
in the leases section of ISC, it is shown as active but offline.
the device cannot access internet and cannot be accessed through OPNsense.
i restarted all services one by one. none of them helped to add the device to the ARP table and routing through the firewall still does not work.
finally i rebootet OPNsense, and then the entry was there and routing works.
Print
Go Up Pages1
User actions