Failed to Deploy OPN

Question

Failed to Deploy OPN

munir94 opened this issue 2 years ago · comments

Hi , tried to deploy OPN using the Deploy to Azure Button but the template failed . Here is details

Option : Single Nic
VNet range -172.16.16.0/20
Subnet - FIREWALL-SUBNET (/24)

{
"status": "Failed",
"error": {
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "BadRequest",
"message": "{\r\n "error": {\r\n "code": "InvalidResourceReference",\r\n "message": "Resource /subscriptions/xxx/rg/rgname/providers/Microsoft.Network/virtualNetworks/vnet/subnets/FIREWALL-SUBNET referenced by resource /subscriptions/xxxxx/resourceGroups/rg-name/providers/Microsoft.Network/networkInterfaces/OPNsense-Untrusted-NIC was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.",\r\n "details": []\r\n }\r\n}"
}
]
}
}

Victor Santana · Answer 1 · Tue Oct 04 2022 21:46:08 GMT+0800 (China Standard Time)

@munir94, Unless you have a very specific test scenario/test to follow to be using SingleNic, I would change it for TwoNics. OPNSense was designed to have two nics, one external and one internal. Let me know if it works for you using TwoNics scenario.

I'll work on it to fix the SingleNic but it may take some time.

Victor Santana · Answer 2 · Tue Oct 04 2022 22:22:27 GMT+0800 (China Standard Time)

Hi @munir94, I was not able to reproduce the problem you have. I found a problem that when you use SingleNIC and let the form create a new vnet it fails. I'll fix it but it's not the same issue you referenced.

Victor Santana · Answer 3 · Wed Oct 05 2022 02:34:21 GMT+0800 (China Standard Time)

If fixed an issue regarding a trusted subnet deployment with a single nic scenario which was not required. I tested and it's working now. Once again I would encourage you to use TwoNics scenario instead.

Please let me know if you have any other questions.

munir94 · Answer 4 · Wed Oct 05 2022 11:21:04 GMT+0800 (China Standard Time)

Hi @Welasco , i manage to deploy it with two nic option after a few attempts. last variable that i change is let vnet to locate in same rg with opn.

cjnova · Answer 5 · Thu Oct 06 2022 23:07:51 GMT+0800 (China Standard Time)

Hi @munir94 I reproduced your error deployment. You defined in the wizard FIREWALL-SUBNET as name for Untrusted-Subnet. Error shows that the deployment can't find it. Looking in the deployment I'm seeing Untrusted-Subnet instead FIREWALL-SUBNET.

This is the root-cause. If you try to deploy with Untrusted-Subnet as name it is going to work.

I'm going to look in the definition to see if it is hardcoded.

cjnova · Answer 6 · Fri Oct 07 2022 21:51:05 GMT+0800 (China Standard Time)

@munir94 I reviewed it. The assumption is to create a new VNET with subnets or to deploy in an existing one. So if you want to deploy on your own VNET subnet IP address and names, it is better to create them in advance and later run the deployment selecting them. If not the assumption is to create a new ones with default names in parameters.

@Welasco I think we can close the issue.

James Eduard · Answer 7 · Thu Oct 13 2022 11:08:17 GMT+0800 (China Standard Time)

Hi Welasco is the deployment included azure log analytics?

Victor Santana · Answer 8 · Thu Feb 16 2023 07:41:26 GMT+0800 (China Standard Time)

@pir8g33k, Just closing the loop here.
Not it doesn't include Log Analytics.