Gratitious ARP from ISP causes WAN dropouts

Started by basskitty, Today at 01:56:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 01:56:09 PM
Hello,

I changed my ISP a while ago and now got their modem in bridge mode working, so my OPNsense WAN port is bridged to the ISP.
Up to multiple times a day, my WAN connection just stops working and reloading it fixes it immediately. I've pinned this down to the ISP sending loads of gratitious ARP messages:

Code Select
2026-06-08T12:31:12
Notice
kernel
<6>[1539] arp: 195.69.173.1 moved from 00:0e:00:00:01:01 to 00:0e:00:00:01:03 on ix1
2026-06-08T12:21:29
Notice
kernel
<6>[957] arp: 195.69.173.1 moved from 00:0e:00:00:01:01 to 00:0e:00:00:01:03 on ix1
2026-06-08T12:07:16
Notice
kernel
<6>[103] arp: 195.69.173.1 moved from 00:0e:00:00:01:02 to 00:0e:00:00:01:03 on ix1
2026-06-08T12:07:00
Notice
kernel
<6>[87] arp: 195.69.173.1 moved from 00:0e:00:00:01:01 to 00:0e:00:00:01:02 on ix1
Every time this happens, the WAN gateway stops responding and I need to reload, 12:25:09 is when I triggered the interface reload:

Code Select
2026-06-08T12:25:11
Notice
opnsense
/usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on wan
2026-06-08T12:25:11
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure dns (execute task : unbound_configure_do(1))
2026-06-08T12:25:10
Notice
opnsense
/usr/local/etc/rc.newwanip: ROUTING: entering configure using wan
2026-06-08T12:25:10
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure dns (execute task : dnsmasq_configure_do(1))
2026-06-08T12:25:10
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure dns (1)
2026-06-08T12:25:10
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure dhcp (execute task : radvd_configure_dhcp(1))
2026-06-08T12:25:10
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure dhcp (1)
2026-06-08T12:25:10
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure ipsec (execute task : ipsec_configure_do(1,wan))
2026-06-08T12:25:10
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure ipsec (1,wan)
2026-06-08T12:25:10
Notice
opnsense
/usr/local/etc/rc.newwanip: IP renewal starting (new: 195.69.173.56, old: 195.69.173.56, interface: wan, device: ix1, force: yes)
2026-06-08T12:25:09
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure monitor (execute task : dpinger_configure_do(1,[WAN_DHCP]))
2026-06-08T12:25:09
Notice
opnsense
/usr/local/etc/rc.configure_interface: plugins_configure monitor (1,[WAN_DHCP])
2026-06-08T12:25:09
Error
opnsense
/usr/local/etc/rc.configure_interface: ROUTING: refusing to set inet gateway on addressless wan(ix1)
2026-06-08T12:25:09
Warning
opnsense
/usr/local/etc/rc.configure_interface: ROUTING: refusing to set interface route on addressless wan(ix1)
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: Creating resolv.conf
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: New Routers (ix1): 195.69.173.1
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: New Broadcast Address (ix1): 195.69.173.255
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: New Subnet Mask (ix1): 255.255.255.0
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: New IP Address (ix1): 195.69.173.56
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: New Hostname (ix1): 7c5a1c846db5
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: Reason REBOOT on ix1 executing
2026-06-08T12:25:09
Notice
opnsense
/usr/local/etc/rc.configure_interface: ROUTING: entering configure using wan
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: Reason PREINIT on ix1 executing
2026-06-08T12:25:09
Critical
dhclient
exiting.
2026-06-08T12:25:09
Error
dhclient
short write: wanted 20 got 0 bytes
2026-06-08T12:25:09
Notice
dhclient
dhclient-script: Reason FAIL on ix1 executing
2026-06-08T12:25:09
Error
dhclient
My address (195.69.173.56) was deleted, dhclient exiting
2026-06-08T12:23:59
Notice
dhclient
dhclient-script: Creating resolv.conf
2026-06-08T12:23:59
Notice
dhclient
dhclient-script: New Hostname (ix1): 7c5a1c846db5
2026-06-08T12:23:59
Notice
dhclient
dhclient-script: Reason RENEW on ix1 executing
2026-06-08T12:21:29
Notice
kernel
<6>[957] arp: 195.69.173.1 moved from 00:0e:00:00:01:01 to 00:0e:00:00:01:03 on ix1
I've already tried these things:
* Enable "Skip rules when gateway is down"

* Disable reply-to on WAN rules

* Enable "Dynamic gateway policy" on the interface

* Setting a static ARP entry

* Disabling neighbor discovery on WAN

but nothing worked. Other users of the ISP have reported that they solved it by dropping/ignoring GARP announcements, but I cannot find a way to do this with OPNsense? Running version 26.1.9.
Today at 04:44:59 PM #1
Code Select
rc.configure_interface is highly suspicious. This isn't a low level operation and it's also not carried out multiple times in the same second by us.

Can you check dmesg?


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
Print
Go Up Pages1
User actions