Messages

1

General Discussion / Re: No Internet for Only Windows Client on VLAN

« on: June 15, 2024, 10:10:37 pm »

In case it might prove useful for anyone who stumbles upon this thread with a similar issue, I did end up solving it and wanted to share what I did.

The switch I'm running is a slightly older HP ProCurve and the documentation for it is not always glaringly straightforward. When adding VLAN's, there are options related to setting the IP. They can be manually set but also set to use a DCHP server.

When I was creating the network originally, I wasn't able to get the DHCP option to work, though I thought it was the best option because each of the VLAN interfaces has DCHP enabled. Using the "manual" option did work and allowed Linux and iOS options to have internet access. I left it at that as it was working.

In trying to troubleshoot my issue, I reinstalled OPNSense and even without recreating the tunnel I had been using for the VPN connection the issue persisted. At this point I felt it had to be a switch-related cause, as none of the Windows clients could even reach the gateway. I changed the IP configuration of the VLAN's to DHCP within the configuration of the switch and lo-and-behold suddenly the Windows clients had internet.

I also ended up toggling off the "Don't add/remove routes" (which I had previously needed on for internet to be available on the non-VPN VLAN's) in order to fix a resulting DNS leak.

Still not entirely sure how the Linux and iOS clients were able to have internet access prior to this change, but everything is working now.

Thank you to those that offered suggestions aimed at trying to resolve the technical issue!

2

General Discussion / Re: No Internet for Only Windows Client on VLAN

« on: June 14, 2024, 06:25:04 am »

VLAN's were enabled on the prior driver (but I could not manually assign an ID).  I updated the driver and assigned a VLAN ID to match desired VLAN but no luck - still no internet.

It would surprise me if that did fix it since I am able to access the internet through the default VLAN (LAN), which runs through the VPN.  But I appreciate the suggestion nonetheless.

3

General Discussion / Re: No Internet for Only Windows Client on VLAN

« on: June 13, 2024, 11:56:16 pm »

It could be so many things. An error in your VPN config (OpenVPN?), or a VLAN error or the VLAN settings on Windows.

Thanks again for your reply.  Correct, I am using OpenVPN.  I'd be surprised if it was a VLAN error, since the Windows machine is able to access the internet through the default VLAN and VPN, but certainly open to exploring it.

That is why I think we should know first, what you try to achieve with that VPN.

My desire to route some traffic through the VPN VLAN is to increase the security and privacy of that traffic.  I understand that additional protection is not total by any means, but even a minimal improvement is good enough for my purposes.

4

General Discussion / Re: No Internet for Only Windows Client on VLAN

« on: June 13, 2024, 04:50:01 pm »

Thanks so much for the reply.

My switch is an HP ProCurve J9298A and I believe, if I'm looking at the documentation right, the ports support IEEE 802.3/802.3u/803.2ab.  It seems like it's a few versions ahead of 802.1Q, but perhaps they are different standards?  This is my first major foray into networking so I apologize for not knowing.

Given the above, would you still suggest enabling IEEE 802.1Q/VLAN tagging on the Windows network adapter?  I'm happy to try anything at this point.

5

General Discussion / Re: No Internet for Only Windows Client on VLAN

« on: June 12, 2024, 08:18:19 am »

Thanks for taking the time to reply.

Regarding the VPN, the only thing I’m hoping to achieve is to route the traffic on the LAN network through the VPN tunnel (which currently is working).  I’m hoping to have the traffic on the VLAN then be routed through the WAN gateway, which works on all clients except ones that are running Windows.  To assuage your concerns, no, I am not employing NordVPN as the service.

The guides I had been following recommended setting NAT rules to manual.  I did experiment with setting them to hybrid to see if that would solve the issue but it persisted even with the change so I reverted back to manual.

There could be an error here or in the , or it could also be a VLAN setting on the Windows client.

Would you mind elaborating on this when you can?  I’ve toggled that setting I don’t believe it improved the situation.  I’m also not sure what you mean by “VLAN setting on the Windows client.”  As far as I know, my setup is platform agnostic, and I don’t think I have any settings tailored specifically for machines running Windows.

6

General Discussion / No Internet for Only Windows Client on VLAN

« on: June 12, 2024, 06:48:53 am »

Hi all, I have an odd situation I was hoping to get some help with.

I recently set up a new network using OPNSense on my router. I added a VPN client and had been routing all traffic from the LAN net through it. Everything had been working great.

A bit ago, I added a VLAN, hoping to let any clients that do not need to take advantage of the VPN to use that to access the internet through the WAN gateway. These changes worked fine, and I was able to connect to the internet both through the VPN and through the WAN gateway on multiple clients (Linux and iOS) with one exception: a Windows client.

The Windows client for whatever reason is not able to access the internet from the VLAN (either over wire or wifi). It can connect, is assigned an IP by DHCP, and can ping the VLAN gateway, but it cannot access the internet or ping 1.1.1.1/8.8.8.8, for example.

I've tried updating the network drivers, and releasing and resetting the IP lease with no change. More oddly, if I live boot the device using Linux, I can access the internet just fine.

Interestingly, when I connect the Windows client to the LAN net, it is able to access the internet through the VPN.

My firewall rules are as follows:

LAN Interface:

Allow access to DNS

• Action: Pass
• TCP/IP: IPv4 Protocol: TCP/UDP
• Source: LAN net
• Dest/invert: Unchecked
• Destination: LAN address
• Destination Port: 53 (DNS)
• Gateway: Default

Allow access to internet but not private networks

• Action: Pass
• TCP/IP: IPv4
• Protocol: Any
• Source: LAN net
• Dest/invert: Checked
• Destination: PrivateNetworks (alias)
• Destination Any
• Gateway: WAN_DHCP

The firewall rules for the VLAN are the same with the source and destination fields being changed to reflect the correct net/address and the gateway for the second rule being changed to the WAN gateway.

Outgoing NAT rules (set to manual):

LAN:

• Interface: VPN Interface
• TCP/IP: IPv4
• Protocol: Any Source invert: Unchecked
• Source address: LAN net
• Destination invert: Unchecked
• Destination address: Any
• Destination port: Any
• Translation/target: Interface address

VLAN:

• Interface: WAN
• TCP/IP: IPv4
• Protocol: Any
• Source invert: Unchecked
• Source address: VLAN net
• Destination invert: Unchecked
• Destination address: Any
• Destination port: Any
• Translation/target: Interface address

Both the LAN and the VLAN have static IPv4 configurations.

LAN:

• IPv4 Address: xxx.xxx.1.1/24
• Subnet: xxx.xxx.1.0
• Subnet Mask: 255.255.255.0
• DHCPv4 Range: xxx.xxx.1.100 – xxx.xxx.1.200

VLAN:

• IPv4 Address: xxx.xxx.20.1/24
• Subnet: xxx.xxx.20.0
• Subnet Mask: 255.255.255.0
• DHCPv4 Range: xxx.xxx.20.100 – xxx.xxx.20.200

I want to also mention that when I was configuring the VLAN, initially I was running into issues where either I could not access the internet or the connection was routed through the VPN. I fixed this issue by checking the Don’t add/remove routes option within the VPN client options. Once I did this, everything worked fine.

If anyone might have any insight into the above issue of why the Windows client doesn’t seem to want to connect to the internet, I would greatly appreciate it.  Thanks very much for your help.