Bridge0 is flapping every 2 or 3 days on a one year Deciso appliance with the business OPNSense 24.10.2 #8427
Description
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
- I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
Describe the bug
A clear and concise description of what the bug is, including last known working version (if any).
Every 2 or 3 days we lose access to the application server / switch interface / next-hop router behind our OPNSense Business Stable 24.10.2 in transparent bridge mode. The appliance is a Deciso OPNSense DEC3842 (not even 1 year old). We have other OPNSense with similar configurations and they work fine.
We use Suricata on the bridge and added a LAN interface because it didn't work without it.
We use os-OPNWAF and it is the only thing that still works when the problem occurs.
In the general log we have this kind of entry:
/usr/local/etc/rc.linkup: the command `/sbin/ifconfig 'bridge0' addm 'igc0'' could not be executed
When we restart the appliance, we lose our connections behind the OPNSense.
The network cables have been tested and have also worked with a Sophos XG in bridge mode.
Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)
To Reproduce
It is quite difficult to reproduce the problem. We use the appliance for two or three days without problems and then we lose all connections in the network behind the OPNSense except for the proxy application with os-OPNWAF.
The list of installed plugins: os-acme-client, os-crowdsec, os-dec-hw, os-dmidecode, os-intrusion-detection-content-et-open, os-OPNBEcore, os-OPNcentral, os-OPNWAF, os-theme-advanced
When we restart our appliance, it doesn't work directly (maybe if we wait, but it's a production appliance)
Steps to reproduce the behavior:
- Go to 'Power'
- Click on 'Reboot'
- Click on "Yes" -> with the question "Are you want to reboot the system?"
- After a reboot we cannot access the application servers, the switches and routers behind the OPNSense. The only access that we have is on the OPNSense and the proxied applications with os-OPNWAF
Expected behavior
We don't want to lose our connection and have to reapply the bridge and IPS/IDS parameters every 2 or 3 days. Behind the OPNSense we have very important applications.
Describe alternatives you considered
Our temp fix is:
- Go to Interfaces
- "Bridge"
- Click on "Save"
- "Apply" the settings without changing them
- In log from Suricata we will find more than 1000 entries in few seconds and something like: -- bridge0^: error reading netmap data via polling: No buffer space available
- Go to Services
- Go to Intrusion Detection
- Go to Administration
- Click on "Apply
- The log is without the errors
Screenshots
If applicable, add screenshots to help explain your problem.
Relevant log files
console: generic_netmap_attach Emulated adapter for bridge0 created (prev was NULL)
generic_netmap_dtor Emulated netmap adapter for bridge0 destroyed
Error: no netmap adapter on device 0xfffff801b76d6000
General log: /usr/local/etc/rc.linkup: The command `/sbin/ifconfig 'bridge0' addm 'igc0'' failed to execute
syslog-ng | I/O error occurred while writing; fd='24', error='No route to host (65)'
I/O error occurred while writing; fd='39', error='Network is down (50)'
Intrusion Detection log:
-- bridge0^: error reading netmap data via polling: No buffer space available
Additional context
N/A
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 24.10.2 (amd64) Business edition
Deciso OPNSense DEC3842 appliance
AMD EPYC 3101 4-Core