"QuoteFritzbox as a "lan client" as they call it makes a perfectly fine AP
Unfortunately, we will never know whether OP really connected to LAN1 or to some other LAN port and in which mode the "internet access" was configured.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#31
24.1, 24.4 Legacy Series / Re: No DHCPREQUEST on VLAN
May 17, 2024, 09:52:06 AMUnfortunately, we will never know whether OP really connected to LAN1 or to some other LAN port and in which mode the "internet access" was configured.
#32
24.1, 24.4 Legacy Series / Re: No DHCPREQUEST on VLAN
May 16, 2024, 12:03:10 PM
Removing a misconfigured firewall from a route is always like breaking chains. I never understood what your fritz box was good for. You tried to misuse it as a switch, which it isn't.
#33
24.1, 24.4 Legacy Series / Re: No DHCPREQUEST on VLAN
May 15, 2024, 06:35:31 PM
It's still searching for needles in a haystack. Your information reveales a bit but not really all.
The WLAN AP fritz box is connected to OPNsense how? Via fritz boxes LAN or WAN port? If WAN: DHCP cannot be provided by OPNsense just as is. You'd need some kind of forwarding.
Your unifi could also provide DHCP but within one logical segment (all clients using fritzbox, frotzrepeater and unifi as OSI2 access) you don't want that.
I think your dhcp allocation is incorrect and hence stuff gets filtered. I am also still confused by the term VLAN because all I read was physical connections of devices not capable of VLANs (except unifi). And now there's also a unifi controller on some proxmox somewhere?
Can't you draw a complete picture of your routers, network segments, their network addresses and an indicator where DHCP services are enabled?
The WLAN AP fritz box is connected to OPNsense how? Via fritz boxes LAN or WAN port? If WAN: DHCP cannot be provided by OPNsense just as is. You'd need some kind of forwarding.
Your unifi could also provide DHCP but within one logical segment (all clients using fritzbox, frotzrepeater and unifi as OSI2 access) you don't want that.
I think your dhcp allocation is incorrect and hence stuff gets filtered. I am also still confused by the term VLAN because all I read was physical connections of devices not capable of VLANs (except unifi). And now there's also a unifi controller on some proxmox somewhere?
Can't you draw a complete picture of your routers, network segments, their network addresses and an indicator where DHCP services are enabled?
#34
24.1, 24.4 Legacy Series / Re: No DHCPREQUEST on VLAN
May 15, 2024, 02:39:24 PM
Could you elaborate more on your network setup, please?
From your description we have:
And then I wonder how you create vlans in you fritz box. On the other hand, maybe your unifi is directly connected to the opnsense. Then the behaviour could come from the fact that a switch in between has an invalid untagged/tagged configuration for your setup. But again, you never mentioned a switch, so I guess there is none.
From your description we have:
Code Select
opnsense <-> fritz (wifi) -> repeater (connected to ???) -> unifi ap (wifi, connected to fritz?) -> clients
And then I wonder how you create vlans in you fritz box. On the other hand, maybe your unifi is directly connected to the opnsense. Then the behaviour could come from the fact that a switch in between has an invalid untagged/tagged configuration for your setup. But again, you never mentioned a switch, so I guess there is none.
#35
German - Deutsch / Re: Routing - VIPs
May 15, 2024, 01:04:42 PM
Ich verstehe deine Beschreibung nicht. Du hast 10.x.x.x Adressen im Bereich der Firewall A und die hat an irgendeinem Interface 172.x.x.x oder routet die das nur?
Kannst du deine IF Adressen mal genauer darlegen bitte, danke.
Kannst du deine IF Adressen mal genauer darlegen bitte, danke.
#36
Virtual private networks / Re: OpenVPN connected / no network access
May 14, 2024, 02:14:02 PM
Hi,
according to the second link you provided I am confused why don't pull routes and Don't add/remove routes are enabled. No routes to VPN means no route to what you wanted.
Why did you enable them?
according to the second link you provided I am confused why don't pull routes and Don't add/remove routes are enabled. No routes to VPN means no route to what you wanted.
Why did you enable them?
#37
24.1, 24.4 Legacy Series / Re: Update takes forever
May 14, 2024, 09:04:16 AMQuoteTransfer timed out
Sounds like a dead mirror, blocked route or any other network issue between you and the mirror. Solve that first.
#38
General Discussion / Re: Confused about IPv6
May 13, 2024, 06:14:02 PMQuoteeven with Outbound NAT for IPv6 it's
<sound of me eating my desk> ???
#39
General Discussion / Re: Confused about IPv6
May 13, 2024, 11:58:04 AM
I repeat it again:
Subnet is exactly /64
Subnets reachable from this subnet, get more /64 prefixes - obtained by prefix delegation (DHCPv6) or static configuration.
There is no segment with /48. You get your /48 from the ISP to assign /64 chunks to your segments. Not minimum, not maximum. Exactly!
Subnet is exactly /64
Subnets reachable from this subnet, get more /64 prefixes - obtained by prefix delegation (DHCPv6) or static configuration.
There is no segment with /48. You get your /48 from the ISP to assign /64 chunks to your segments. Not minimum, not maximum. Exactly!
#40
General Discussion / Re: Confused about IPv6
May 13, 2024, 08:46:22 AMQuote from: luckylinux on May 12, 2024, 10:41:39 PM
But my goodness the UNIFI Controller ... getting IPv4 to work is as simple as just saying "Just query the [main] DHCP Server".
For IPv6 on the other hand ???
This is not a unifi forum. Why don't you just buy a USG?
BTW: You assign /64 subnets for segments. You can however delegate more prefixes to more subnets reachable within that segment via routers.
#41
General Discussion / Re: Confused about IPv6
May 12, 2024, 09:17:26 PM
Hi,
as a reminder:
NAT is not a feature. It's a neccessary workaround in IPv4. In IPv6 you're online with a dedicated address. Changing constantly when privacy ext. is enabled.
NAT does not provide security. Your firewall does.
DHCPv6 is not required unless you do prefix delegation. Using the flag assisted you specify that clients can basically chose between DHCP and SLAAC. Android choses SLAAC, windows choses DHCP. Hence your IP address will be listed on the leases tab.
A host with IPv6 connectivity usually has a link-local adress and 1-n global unique adresses. Privacy extensions do generate one every hour and keep the old one. With assisted you may have a SLAAC and a DHCP assigned adress. In a standard /64 network this can be neglected.
A transfer net can be set up without GUAs. When all hosts are routers link-local adresses are fine. However, to access internet (e.g. for updates) they would require one.
Hope that helps to come up with better expectations
as a reminder:
NAT is not a feature. It's a neccessary workaround in IPv4. In IPv6 you're online with a dedicated address. Changing constantly when privacy ext. is enabled.
NAT does not provide security. Your firewall does.
DHCPv6 is not required unless you do prefix delegation. Using the flag assisted you specify that clients can basically chose between DHCP and SLAAC. Android choses SLAAC, windows choses DHCP. Hence your IP address will be listed on the leases tab.
A host with IPv6 connectivity usually has a link-local adress and 1-n global unique adresses. Privacy extensions do generate one every hour and keep the old one. With assisted you may have a SLAAC and a DHCP assigned adress. In a standard /64 network this can be neglected.
A transfer net can be set up without GUAs. When all hosts are routers link-local adresses are fine. However, to access internet (e.g. for updates) they would require one.
Hope that helps to come up with better expectations
#42
24.1, 24.4 Legacy Series / Re: Unable to access WAN from VLAN, what am I doing wrong?
May 12, 2024, 11:22:39 AM
What does that mean "it looks"?
You may want to check the DNS configuration on the host. Is that what you expected? And: Did you allow UDP+TCP port 53 for that VLAN to your DNS?
You may want to check the DNS configuration on the host. Is that what you expected? And: Did you allow UDP+TCP port 53 for that VLAN to your DNS?
#43
24.1, 24.4 Legacy Series / Re: Unable to access WAN from VLAN, what am I doing wrong?
May 10, 2024, 11:21:25 PM
So, what's the exact error msg when
A) ping public site
B) opening a website
A) ping public site
B) opening a website
#44
German - Deutsch / Re: subnetting quiz
May 10, 2024, 10:28:53 PMQuoteund weil man 2^10 = 1024 ja "sowieso im Kopf hat", rechnet Saarbremer 2^10 * 2^4 (was man auch im Kopf hat) = 1024 * 16.
Genau. So ist es.
#45
General Discussion / Re: How do we use a second interface for a second network?
May 10, 2024, 04:40:12 PMQuote. I added DNS to LAN2, and it worked. I didn't manually add a DNS to the LAN
I will never ever help someone with "Internet doesn't work" while a proper error message would have solved that mystery in seconds. Sorry shaam for receiving all my anger regarding these questions not precicesly stating what's going on - seen too much of them here lately.
