OPNsense Forum
English Forums => General Discussion => Topic started by: mahmoux.xp on March 12, 2018, 08:07:05 am
-
Hi all
I have this setup
10 vlans 192.168.1.0/24 - 192.168.10.0/24
Core Switch 192.168.1.1 - 192.168.10.0
Opnsense (ver 16.x) 192.168.1.20
static route on core switch ip 0.0.0.0 sub 0.0.0.0 nxthop 192.168.1.20
opnsense was providing internet to its own sub-net only (192.168.1.0/24) and could not communicate with any vlans until I entered static routes for all my vlans and it worked like a charm for over a year
even after upgrading to version (17.x) it was ok
NOW after upgrading to version (18) back to zero
it can't communicate with any vlans AGAIN
I treble check every thing
recreated static route entries
disabled proxy and nat rules
only one firewall rule to allow any to any
but still can't give internet to users in other vlans exept 192.168.1.0/24
Why is that happened or how can I fix it????????
I downloaded sophos xg home and configured it with the same concept, and with my static routes and it works great, even more it has very nice web filtering policies and reporting, and it can block SSL websites with out a certificate to be installed to users but it is still in test and afraid from it
But I don't need to build another firewall from scratch
please help
-
You should not use static routes to comunicate to different subnets while they are directly connected to a routers interface.
So, if you have VLANs, I assume that you have an interface declared for each VLAN. May be that each interface has the first address of the subnet 192.168.X.1.
Under this circumstances the router doesn't need static routes because when a packet needs to reach a certain subnet, the router already knows where that route is because it has an interface residing on that subnet.
The only thing that your router needs is a rule for each interface that allows packets to go through the router.
I have that configuration but with five VLANs.
I think that you need to start from zero instead of modifying the actual configuration.
Cheers...
-
You should not use static routes to comunicate to different subnets while they are directly connected to a routers interface.
(http://)
I have an internal router that holds the vlans @ 192.168.1.1 with a static rout that redirects any unknown IP (internet request) to opnsense IP (192.168.1.20)
I made a gatway 192.168.1.1 and used it to ad static routes in opnsense (see the picture)
this setup works already on ver. 16,7 and tmg and sophos
this setup simply doesn't work on ver. 18 , where is the issue?