opnsense
[24.1.5] interface with tagged VLAN not working on Deciso DEC4630
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- [ x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
- [ x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
Describe the bug
A clear and concise description of what the bug is, including last known working version (if any). No network available on VLAN-tagged interface since version 24.1.5, although this has always worked with previous versions.
The current OPNsense version where the bug first appeared: 24.1.5 The last OPNsense version where the bug did not exist: 24.1.4
Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)
To Reproduce
Steps to reproduce the behavior:
- create an Ethernet interface (without VLAN)
- create a tagged vlan on this same interface (same cable)
- add a DHCP server on both interfaces
- You'll see that only the Ethernet interface without VLAN has access to the network (and the Internet). There is no network or Internet on the interface with the tagged VLAN.
Expected behavior
it worked with the old version, what did you change ? Is it specific to my hardware?
Describe alternatives you considered
for two DMZ networks, I deleted a tagged vlan and connected my two DMZ networks to an Ethernet interface (each with its own cable). No Alternative for my Unifi Access point with 3 SSID with tagged VLAN on a single Ethernet interface.
Screenshots
If applicable, add screenshots to help explain your problem.
N/A
If applicable, information from log files supporting your claim.
Additional context
N/A
Environment
Software version used and hardware type if relevant, e.g.: OPNsense version 24.1.5 Hardware: Deciso DEC4630 https://www.deciso.com/product-catalog/dec4630/ Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz (4 cores, 4 threads)
Hello,
I reverted version 24.1.4 with command:
# opnsense-revert -r 24.1.4 opnsense
But it revert only th opnsense version.
How revert Opnsense version and revert all packages associated with this version 24.1.4 ?
The current OPNsense version where the bug first appeared: 24.1.5 The last OPNsense version where the bug did not exist: 24.1.4
Can you put a bit of evidence to your claim? I mean you already implied that 24.1.4 revert still fails now which either means it's a kernel or configuration issue and I would side with the latter...
Cheers, Franco
I thought an opensense version also included updated packages. I updated via the GUI... So it's not related to the opensense version but to an update of one of the packages.
It's rather unlikely... Can you at least do a bit of ifconfig and ping debugging to let us know the issue at hand?
Yes, I can give you the result of command. I'm not used to it. Shall I give you the result of the ifconfig command? and ping what exactly ?
ifconfig result:
ixl0: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NOMAP> ether 00:03:2d:46:df:9a media: Ethernet autoselect status: no carrier nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> ixl1: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NOMAP> ether 00:03:2d:46:df:9b media: Ethernet autoselect status: no carrier nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LAN (lan) options=49500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NETMAP,NOMAP> ether 00:03:2d:45:11:17 inet 192.168.0.200 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (1000baseT
) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN (wan) options=4900028<VLAN_MTU,JUMBO_MTU,NETMAP,NOMAP> ether 00:03:2d:45:11:16 inet6 fe80::203:2dff:fe45:1116%igb1 prefixlen 64 scopeid 0x4 inet 192.168.254.2 netmask 0xffffff00 broadcast 192.168.254.255 media: Ethernet autoselect (100baseTX ) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> igb2: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LAN2 (opt2) options=49500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NETMAP,NOMAP> ether 00:03:2d:45:11:15 inet 192.168.2.200 netmask 0xfffffe00 broadcast 192.168.3.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: DMZ (opt6) options=49500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NETMAP,NOMAP> ether 00:03:2d:45:11:14 inet 10.10.10.200 netmask 0xffffff00 broadcast 10.10.10.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb4: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LANTest (opt5) options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NOMAP> ether 00:03:2d:45:11:13 inet 192.168.4.200 netmask 0xffffff00 broadcast 192.168.4.255 media: Ethernet autoselect status: no carrier nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb5: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: DMZ2 (opt3) options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NOMAP> ether 00:03:2d:45:11:12 inet 10.10.0.200 netmask 0xffffff00 broadcast 10.10.0.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb6: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WIFI_LAN (opt1) options=49500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NETMAP,NOMAP> ether 00:03:2d:45:11:11 inet 192.168.20.1 netmask 0xffffff00 broadcast 192.168.20.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb7: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: VOIP (opt4) options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFIL TER,VLAN_HWTSO,NOMAP> ether 00:03:2d:45:11:10 inet 10.10.20.200 netmask 0xffffff00 broadcast 10.10.20.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> enc0: flags=0<> metric 0 mtu 1536 groups: enc nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 0.0.0.0 maxupd: 128 defer: off syncok: 1 groups: pfsync pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160 groups: pflog igb3_vlan13: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 150 0 description: DMZ2 (opt3) options=4000000<NOMAP> ether 00:03:2d:45:11:14 groups: vlan vlan: 13 vlanproto: 802.1q vlanpcp: 0 parent interface: igb3 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb6_vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 150 0 description: WIFI_LAN2 (opt7) options=4000000<NOMAP> ether 00:03:2d:45:11:11 inet 192.168.30.1 netmask 0xffffff00 broadcast 192.168.30.255 groups: vlan vlan: 30 vlanproto: 802.1q vlanpcp: 0 parent interface: igb6 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> igb6_vlan40: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 150 0 description: WIFI_Guest (opt8) options=4000000<NOMAP> ether 00:03:2d:45:11:11 inet 192.168.40.1 netmask 0xffffff00 broadcast 192.168.40.255 groups: vlan vlan: 40 vlanproto: 802.1q vlanpcp: 0 parent interface: igb6 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
From the ifconfig I can see that you have tagged and untagged VLANs mixed. On FreeBSD that can potentially cause issues.
An interface should either have only untagged VLANs, or only tagged VLANs with the parent interface unassigned.
On igb6 I can see this configuration:
igb6: Untagged Network: 192.168.20.1/24 Tagged VLANs:
- VLAN 30 on igb6 - Network 192.168.30.1/24
- VLAN 40 on igb6 - Network 192.168.40.1/24
You can potentially solve your problems by configuring your trunk port this way:
igb6: Untagged Network: None Tagged VLANs:
- VLAN 1 on igb6 - Network 192.168.20.1/24
- VLAN 30 on igb6 - Network 192.168.30.1/24
- VLAN 40 on igb6 - Network 192.168.40.1/24
On your connected Switch or Access point, you have to create the same kind of tagged only configuration.
EDIT: Compare to issues like this: https://forum.opnsense.org/index.php?topic=39073
Ok, Thank you, I reconfigure the ibg6 with VLAN 20 instead of VLAN 1:
On my Unifi Access point:
VLAN 20 instead of Default:
When i apply this settings, my access point loses network. What's the issue ?
It looses network because it needs VLAN 1 in the Network settings. VLAN 1 needs to be a tagged VLAN. Your access point has to be configured to allow a tagged vlan as vlan 1. Or you need a managed switch between OPNsense and your Access Point. I wrote that above.
After apply the following settings the different wifi networks still doesn't work after rebooting the router.
Here's the new config:
ixl0: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,NOMAP>
ether 00:03:2d:46:df:9a
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ixl1: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,NOMAP>
ether 00:03:2d:46:df:9b
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN (lan)
options=49500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,NOMAP>
ether 00:03:2d:45:11:17
inet 192.168.0.200 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect (1000baseT
WIFI SSID on each VLAN:
the networks:
The default Network has VLAN ID empty. Then it's not the ID 1. The field to change the VLAN ID is disabled
Last night, I updated to version 24.1.6. This morning I put the settings back to how they were before, ( igb6: Untagged Network: 192.168.20.1/24 Tagged VLANs:
VLAN 30 on igb6 - Network 192.168.30.1/24
VLAN 40 on igb6 - Network 192.168.40.1/24
) and now everything's working just as before for the 3 SSID WIFI.