Messages

SHAME ON ME.
I already have a test VPN with wiregard ... and with the IP of the VLAN !!!!
Sorry for watsing your time. and thank you for your kindness.

First you should see an ICMP echo request coming in on the port that your PC is connected to. IGMP is completely unrelated "noise".

Then check if that echo request goes out the management VLAN, if it doesn't we can try to find out why.

Then if the switch sends back an echo reply.

Etc.

hi,
unfortunately no icmp message. Only MAC multicast trafic , and just once. for each vlan.

Then do a packet trace on the interfaces involved to watch what happens.

When trying to ping my switch (192.168.44.44 , from my ip 192.168.32.15) , i'm having this result :
ethertype 802.1Q (0x8100), length 110: vlan 666, p 7, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [none], proto IGMP (2), length 92)
    192.168.44.44 > 239.255.255.100: igmp v1 report 239.255.255.100 [len 72]

(and i got tis for the 4 VLAN , 5 ,1 , 4, you see for 666)

You need firewall rules on each of the VLAN interfaces permitting the traffic you want to allow. Without any rule everything is denied by default.

My admin station have a rules any any any ...
And on my VLAN666 (admin , where the switch is hosted)  , there is also an any any  rules ....
And liveView does not show block, reject packet.

Did you create firewall rules to allow inter-VLAN traffic? Per default, there only is an "allow to any" rule for the initial LAN.

Also, does the VLAN 666 interface on OpnSense have an IPv4 with CIDR 192.168.44.1/24?

inter-VLAN traffic? how do you makes this possible ? , where is the VLAN management  ? Is it VXLAN ? (on opnsense)
yes all my VLAN / interface avec an ip address

what , what  ... !!! ???

hello , meyergru

you are right.

i remove LAGG (on both side, in order to simplify the configuration)
Then i setup the switch as follow (port 1 of the switch is connected to my opnsense firewall port 6) :
- VLAN 4   (tagged port : 1 and 13 ,14,15,16)
- VLAN 1   (tagged port : 1 and 13 ,14,15,16)
- VLAN 5   (tagged port : 1 and 13 ,14,15,16)
- VLAN 666 (untagged port : 2 to 12) tagged port : 1 and 13 to 16

On opnsense i create 4 VLAN (with the good id  and all using firewall port 6 hardware nic) , then assign to interface , then setup an ip add to this pseudo interface.
BUT perhaps i'm missing something on opnsense ?

Note : PVID 666 for all port , 666 is the admin VLAN on this switch (by default it was id 1) , and for me PVID is a strange concept , on switch , what does it really means ?

But i always cant ping my switch on 192.168.44.44 from 192.168.11.0/24 (where i have my admin workstation)

hello,
i'm trying to setup my opnsense with a dlink DSG-1210-16 switch.
On the switch i setup :
- VLAN 4   (untagged port : 1 , 2 and 13 ,14,15,16)
- VLAN 1   (untagged port : 1 , 2 and 13 ,14,15,16)
- VLAN 5   (untagged port : 1 , 2 and 13 ,14,15,16)
- VLAN 666 (untagged port : 1 , 2 , 3 to 12)
Note : PVID 666 for all port , 666 is the admin VLAN this switch


On the opnsense i stup :
- LAGG0 with fw P5 & P6 , no hash
- and VLAN 4,1,5,666 on top of lagg0 which became zone and interface with ip addr.

I put an ip add to DGS switch 192.168.44.44 (192.168.44.0/24 switch admin zone)

i cant ping the switch from my admin station which uner another zone (192.168.11.0/24)
Do you any tips for my config ?

few questions :

- Does captive portal auth log is stored somewhere ? (are they rsylog  compliant) ?
- Captive portal is not the same as pfsense one , why ? (there is more options)
- Captive portal as no HSTS option : this cause a big issue under Chrome (firefox end edge are ok)

thank you.

ok , thank you, i will do that.

Hello Cedrik, thank you for your answer.

So the answer is , they cannot work together, if i'm understanding ?

If we decide to only use captive portal : is Captive portal is logging web access site (for identified users)?

Or perhaps it's better to user squid with an authent page etc ?

hello,
we are testing Captive portal + squid.
They re working each other but not together.
Is there a good tutorial for this deployement ?

As other updates ...

DNS is not so crucial for web browsing ... which is about 90% of web activity : and in opnsense (24.7.3_1   ) , boom after EVERY update unbound is crashed ?

WHy ?

2024-09-01T12:59:26   Error   unbound   Unable to open pipe. This is likely because Unbound isn't running.   
2024-09-01T12:59:16   Notice   unbound   Backgrounding unbound logging backend.

As other people here !

if this is a joke ... it's not good.

DNS is not so crucial for web browsing ... which is about 90% of web activity : and in opnsense (24.7.3_1   ) , boom after EVERY update unbound is crashed ?

WHy ?

2024-09-01T12:59:26   Error   unbound   Unable to open pipe. This is likely because Unbound isn't running.   
2024-09-01T12:59:16   Notice   unbound   Backgrounding unbound logging backend.

As other people here !

if this is a joke ... it's not good.

is it a strange question ?