Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Flattery6100

Pages1
#1
24.7, 24.10 Legacy Series / Re: Wireguard ProtonVPN - Rebinding all traffic to itself
January 07, 2025, 07:16:09 PM
I got OpenVPN working, so I have a working solution; this is just weird now.
#2
24.7, 24.10 Legacy Series / Wireguard ProtonVPN - Rebinding all traffic to itself
January 07, 2025, 04:45:50 AM
I followed this guide on how to set up VPN, but all of my traffic from the affected machines is being served by the firewall instead of being sent over the VPN tunnel.  I'm hoping someone's seen this before and is able to just say "ah yes, go here and check this box" or something..

Code Select
ping google.com
PING google.com (142.250.64.206) 56(84) bytes of data.
64 bytes from _gateway (192.168.30.1): icmp_seq=1 ttl=64 time=2.08 ms (DIFFERENT ADDRESS!)
#3
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
December 03, 2024, 04:49:56 AM
As they say, problems that go away on their own come back on their own. I can restart the firewall and get it working for a time, but it keeps breaking and needing a restart. Any ideas? Any logs to look at?
#4
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 29, 2024, 06:08:32 PM
I'm going to cry.  I restarted the firewall and it's working.  I am connected to the VLAN 10 port on the switch and able to get around both inside and outside the network.
#5
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 29, 2024, 04:44:06 PM
I definitely get correctly mapped, since I get a 192.168.10 address, and the firewall rules look right as well (just found that you can go to the interface and expand the group rules, which is where I have all rules defined).  I'm at a loss.  Is there something I can look at / some info I can provide to help figure out why I can't get anywhere when coming in via the trunk port?
#6
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 29, 2024, 03:32:27 AM
So that we have it for tomorrow:

PORT 1: Untagged VLAN 1
PORT 2: Untagged VLAN 10
PORT 3: [ignoring]
PORT 4: Untagged VLAN 2, Tagged VLANs 10, 25, 99
PORT 5: Untagged VLAN 1, Tagged VLANs 2, 10, 25, 99

PORT 5 is the trunk to the firewall.
PORT 4 is the trunk to a wireless AP.

From the VLAN perspective:
VLAN 1: Untagged PORTs 1, 5
VLAN 2: Untagged PORT 4, Tagged PORT 5
VLAN 10: Untagged PORT 2, Tagged PORTs 4, 5
VLAN 25: Tagged PORTs 4, 5
VLAN 99: Tagged PORTs 4, 5

PVIDs:
PORT 1, VLAN 1
PORT 2, VLAN 10
PORT 4, VLAN 2
PORT 5, VLAN 1
#7
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 29, 2024, 03:14:53 AM
All of the VLANs are defined on the firewall and assigned as children of the port that the switch is connected to.  The port itself is unassigned.

I took the switch back to my apartment to test it in a known-good environment and it works perfectly without any changes, so it's clearly something on the firewall.  I will bring the switch back with me tomorrow morning to see what I can figure out.
#8
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 28, 2024, 05:02:16 AM
Okay, I restarted the firewall and the switch, and - I was able to hit google.com once from browser (and also dig it once from the terminal), then it all went back to not working.

Any ideas?
#9
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 28, 2024, 04:40:46 AM
Logs show that everything is being passed.  wtf?
#10
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 28, 2024, 04:29:21 AM
Running a packet capture does show traffic, so.. enabling logs on rules to see if any of them are being hit.
#11
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 28, 2024, 04:17:32 AM
I tried setting the PVID, since I do have that set in the pfsense I'm migrating from, and I think that let me get an IP assigned via DHCP from opnsense, but I can't do anything beyond that.
#12
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 27, 2024, 11:26:42 PM
The switch is intended to be in VLAN 2 on the firewall, with VLAN 99 as the management VLAN (though I've also got VLAN 10 allowed to get to everything while I'm trying to get this set up).
#13
24.7, 24.10 Legacy Series / Re: DEC2752: Getting switch online
November 27, 2024, 11:24:58 PM
I've tried hooking up to the switch and setting up the ports like so:

PORT 1:  Untagged VLAN 1
PORT 2:  Untagged VLAN 10
PORT 3:  Untagged VLAN 20
PORT 4:  Tagged VLANs 10, 20, 25
PORT 5:  Tagged VLANS 10, 20, 25

I've also tried adding VLAN 1 as Tagged or Untagged on PORT 5.

PORT 5 is intended to be the link to the firewall.
PORT 4 is for a wireless AP.
PORTS 1-3 are for a direct machine connection.

If I plug into PORT 1, I can access the switch and nothing else.
If I plug into PORT 2, I can't access anything.
#14
24.7, 24.10 Legacy Series / DEC2752: Getting switch online
November 27, 2024, 06:44:29 PM
Hi!  I'm setting up a new DEC2752.  I've set up VLANs for one of the ethernet ports and set up firewall rules.  I've now plugged a small managed switch into that port to try to get it online.  I see the switch's static IP in DHCP leases, but it shows as offline and I can't ping it.  I tried factory resetting the switch but it behaves the same.

I don't have anything on the base interface for the port, just the VLAN interfaces, which I think is correct.  What do I need to do to allow the switch to communicate?

Thanks!
Pages1