0

My VLAN's can't ping their own gateway and beyond.

1 - For VLANs to be able to ping their own gateway, do I have to enable the Parent VLAN and assign an IP to it in the OPNsense firewall ?

2 - Do I have to enable DHCP for devices in the VLAN, I know sounds foolish but just checking as all videos I found regarding this on OPNSense show as DHCP enabled which I'm not using.

All rules are allowed on all interfaces, and I'm not using any physical switch, this is a VMware Workstation setup, I have a Windows VM and OPNsense VM.

Parent VLAN Interface

Parent VLAN Interface

Server VLAN

Server VLAN

Server Ping Failure

Server Ping Failure

tcpdump on em3 shows the following

root@firewallwm:~ # tcpdump -e -n -i em3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:26:52.651787 00:0c:29:ae:a2:10 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.28.35 tell 192.168.28.47, length 46
18:26:53.316297 00:0c:29:ae:a2:10 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.28.35 tell 192.168.28.47, length 46
18:26:54.316412 00:0c:29:ae:a2:10 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.28.35 tell 192.168.28.47, length 46

I checked non device has the MAC address 00:0c:29:ae:a2:10.

Firewall Settings

VMware Workstation settings

Windows VM

enter image description here

Improve this question
1
  • What is your VMware networking configuration for both VMs? Are you expecting the VLAN 30 tag to be added by VMware, or by Windows itself?
    – grawity_u1686
    Commented Mar 19, 2021 at 18:20

1 Answer 1

Reset to default
1

1 - For VLANs to be able to ping their own gateway, do I have to enable the Parent VLAN and assign an IP to it in the OPNsense firewall ?

The parent (physical) interface has to be enabled, but it does not need an IP address just to make child VLANs work.

(It can have an IP address configured – its network will then correspond to the "untagged" or "default" VLAN. But if you don't use the untagged VLAN, then the IP address on em3 is not necessary.)

2 - Do I have to enable DHCP for devices in the VLAN, I know sounds foolish but just checking as all videos I found regarding this on OPNSense show as DHCP enabled which I'm not using.

No, VLANs do not require DHCP. They act like regular Ethernets – whether you want to use DHCP or not remains your own decision.

I would suggest using tcpdump -e -n -i em3 to check whether any packets from the Windows system arive at all (and whether they have the correct VLAN tag). If they do, then try the same capture on em3_vlan30 to check whether OPNsense is correctly separating the tagged packets.

Improve this answer
3
  • Updated question with tcpdump from em3
    – Huud Rych
    Commented Mar 19, 2021 at 18:30
  • That distinctly seems to lack any VLAN tag. Just a plain untagged packet. What are your VMware settings?
    – grawity_u1686
    Commented Mar 19, 2021 at 18:51
  • I could not find how to add VLAN tags in Workstation, its just Host-Only NIC adapter which is added to the firewall and the window VM. I have added Workstation settings to the questions as well.
    – Huud Rych
    Commented Mar 19, 2021 at 19:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .