Single Nic deployment locks

Question

Single Nic deployment locks

smartbyte opened this issue a year ago · comments

Hi there,

I tried to deploy a two nic machine, which worked fine, but if I deploy the one-nic machine, I cannot login into that machine.

Might be my issue that I am doing something wrong.
What I did:

Started the deployment
wait for 10 -60 minutes
Login via the web interface

Step Nr 3 is broken. I have no chance to login or configure that machine in any way shape or form (all ports unreachable, no HTTPS, no SSH)
It is deployed and on, but ... dead.
I tried 4 times, always the same outcome.

Kind regards, JK.

Victor Santana · Answer 1 · Mon Feb 27 2023 23:33:36 GMT+0800 (China Standard Time)

@smartbyte, Is there a specific reason you are using a single Nic scenario?
My question is regarding the usability of OPNsense with a single Nic. It's only useful for VPN or Proxy.

What is your specific reason? Would you mind sharing it?

I'll try to reproduce the issue and let you know the results soon.

Joern · Answer 2 · Tue Feb 28 2023 16:22:27 GMT+0800 (China Standard Time)

I wanted to do a PoC using a cloud OPNsense system as a cloud Firewall.

Connect the Client (HomeOffice with all ports except the UDP Wireguard port blocked/DROP and even that one UDP port only open for one remote IP) via Wireguard with an OPNsense system to then use the OPNsense as a cloud based firewall/router...
I could use the two NIC system and not use one NIC, but then why have it at all...
... I tried to use the two NIC system, but when I delte that NIC out of Azure the OPNsense is not reachable again. :-(
I think this Azure deployment is awesome and very helpful, I just wonder why the one-NIC version does not work for e at all, there must be one little switch or setting somewhere to turn it on again...
As a test can you deploy the one NIC system, wait 10-30 Minutes and check if you can still access it?
If you can it's just me being stupid...

Victor Santana · Answer 3 · Fri Mar 03 2023 00:00:05 GMT+0800 (China Standard Time)

@smartbyte , I was able to reproduce the problem.
I understood you use case and I'll work on a fix as soon as possible.
Really appreciate for taking the time and sharing with me.

Joern · Answer 4 · Wed Mar 08 2023 15:41:54 GMT+0800 (China Standard Time)

@Welasco Thank you for picking up the issue. It is highly appreciated!
I have recently set up a Netgear WAX202 with OpenWRT (and wireguard and a 100% blocking firewall) as a home router/AP, if I now can connect this device with the OPNsense cloud-firewall, I would have a blueprint for an impenetrable highly secure home internet setup. (at the moment OpenWRT is using the PiHole AdFilter, but I would see that on the scalable OPNsense firewall in the future together with a per-device geo-unblocking VPN setup...)

ghostme · Answer 5 · Mon May 29 2023 20:26:52 GMT+0800 (China Standard Time)

@Welasco this issue of a single nic deployment still persist

Daniel Mauser · Answer 6 · Sat Nov 18 2023 12:21:03 GMT+0800 (China Standard Time)

Two NICs scenario is the most popular type of deployment. Unfortunately, we don't have a way to maintain the single Nic, and we're going to discontinue it on the next versions. @Welasco, as FYI.

Victor Santana · Answer 7 · Mon Nov 20 2023 22:10:20 GMT+0800 (China Standard Time)

Just closing the loop here, in the next version we are taking the Single NIC scenario out.