Messages

Ok. Thanks for explanation. Probably there was some unwanted traffic between subnets, thats why rule not started imidietelly. Thats why i separate iptv decoder made in china (from my isp) and other machines. Nobody knows what that device doing on internal side of firewall.

Adding block rule with destination "vlan net" built in alias (autogenerated) has no any effect on destination it still can be pinged from LAN net. Same with reversed direction with blocked LAN net destination.

When i set my own alias with 192.168.3.1/24 network (vlan net ip range) and block it as destination it works as intended destination cannot be pinged (whole address pool).

I know proper rule order in opnsense. It dont even work when one rule is present on lan interface with access to all from any address but with !vlan net destination (reverse destination). With this rule ip adresses in vlan net can be pinged without any restriction.

for example this rule wont block access to tv net (vlan): IPv4 *    LAN net    *    ! tv net    *    *    *  (pass rule)

Only aliases set by me worked, but not any * net aliases autogenerated by opnsense.

Im newbie so i may dont understand something.

So much wrong there:

1. It is not OS/hardware-related at all.
2. Linux does not suck. It can handle VLANs, I gave you the pointers on how to do it if need be.
3. That being said, you should not use VLANs on any client, because that is not how this is supposed to work. We explained that multiple times.

I give up here.

Im not configuring vlans on clients. Configuring this on opnsense, and managed switch. Linux connects only trough untagged vlan. Windows connects trough everything (even tagged). That was said.

I can say that problem is solved. Achived subnets separation with vlans on linux but on non tagged vlans. :-)

Im digging deeper. Its hardware/os related.
-Windows on my 5 year old computer connects to the internet trough everything i just can imagine (realtek network card).
-Fedora and debian on same pc connects to the internet only trough untagged vlan and LAN net. But vlan works on 5 year old pc with linux (unfortunatelly untaged).
-On pc about 10 years or more old there is no connection over anything related to vlan.

UPDATE: Windows 11 connects you with everything you want trough whatever you want. Linux sucks. Connected 11 years old pc with 14 years old network card and it works trough tagged vlan. Linux has problem with that with default setup. I dont know how to connect debian trough tagged vlan.

Yes. My english is limited. Its not my native language. I know its expected. Read on reddit that one person had identical problem as mine. Problem was solved by setting untagged vlan. How to set untagged vlan on opnsense?

Ive set properly everything. I get tagged vlan assigned to port 8 on my managed switch. Only this port connects to the assigned vlan and devices on other ports have different vlans / connect to LAN net. I get address pool from dhcp assigned to vlan device. Windows 11 and mikrotik device has connection in this way. My linux machines cannot connect, they just only pull ip adresses from vlan dhcp. It may be mtu problem? On my windows machine i get lower mss value on tests site when im connecting via vlan its normal situation and indicates that im connecting via tagged vlan.

Anyone can provide info how to connect debian/debian based distro to the internet trough vlan?

Its not rule fault. This is my firewall rule for vlan: IPv4 *    *    *    *    *    *    *
One device has connection (win 11) but other not connecting even when leasing ip from same vlan (linux). Same rule same vlan. Same ip pool.

EDIT: I must add that opnsense has something broken with displaying dhcp leases. Invisible device has access to the internet. Visible one has no access. Sometime leases refresh very long (over 30 minutes or more).

EDIT2: Tried on my pc with dual boot windows 11/fedora linux. On win 11 network works. Rebooted into fedora and no connectionto the internet. SAME settings on swtich/opnsense, even same machine. Why is this happening to me? hahaha :D

EDIT#: Read some info on internet. This errors with vlans are network-manager for linux (gui) fault. Replacing network-manager may help. But i just build my network in another way, and stop using linux on my machine.

Its os/device dependent. Updated previous post. One configuration on opnsense. Switching beetween networks by swtich device. Linux has no access over vlan but windows and access point have.

Edited my previous post. Read it. I got firewall rules on any vlan thats allow acces to everything. Only vlan with tag 10 has access to the internet.

Little update: Connected pc to vlan tag 10 network. No internet access at all. Same time my hap ac2 mikrotik router has access in parallel from same sybnet. I dont know what is hapenning here. Mtu errors or something?

BIG update 2 : Maybe its operating system dependent. Mikrotik, and windows 11 machine has access to the internet over the vlan. Same vlan same settings. Two pcs with debian, and mx linux, and android based iptv decoder have no access to the internet. Something is wrong with os or its opnsense?

Ok now ive set it properly. Vlan devices have proper leases. BUT now no internet on vlans. Ive created rule for allow all at vlan side. Its not dns fault i cannot even ping 1.1.1.1. Any advice?

Read some info somewhere on the internet that opnsense allows only vlans with tag number 10 to access internet by default. I dont know what to do. I got vlan tags: 10,20,30,40 on different vlans. Same configuration everywhere excluding vlan interfaces names. Only vlan tagged with 10 has no problem with internet access. Other tags have no access to the internet.

I get managed switch. Ive set properly tagged 802.1q vlans assigned to ports on switch. Tagged ports. Im still geting dual leases fron LAN net + VLAN net dhcp for each vlaned device. What im doing wrong?

Thanks a lot for explanation.

Ok so they are separated now by firewall rules and subnets but not by vlans. Ok i understand now, Theh can swtich betwteen vlans only when device spoofs mac. Im buying managed swtich now.

Im network newbie :D .

Blocked Access to LAN net by blacklisting macs. So i have few subnets, different on each vlan. I created firewall rules. And devices not seeing each other. They are not reached even by ping. Currently i have no managed switch. But i will buy it. No videos on youtube said that i need manageable switch. EVERYONE just say haw to create vlans so i created them :D