241
22.7 Legacy Series / Re: Firewall Frequently Locking Up, Requiring Hard Reboot
« on: August 14, 2022, 02:24:14 am »
The start would be connecting to the console when it's locked up and seeing what it says.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
242
22.7 Legacy Series / Re: Web gui inaccessible when LAN is a VLAN interface
« on: August 14, 2022, 12:48:50 am »
Been a while since I created a new vlan but check if you have an allow any rule on it. Physical interfaces have it added automatically but I forget if vlans do too.
243
General Discussion / Re: Where am I going wrong with VLAN setup?
« on: August 14, 2022, 12:37:00 am »
Add a vlan to the LAN port, tag is 20. Go to interfaces, assign vlan20, enable and address it.
That's it.
Now in your switch, the LAN network will be your untagged network, or pvid, and the vlan20 will need to be tagged on the trunk and untagged on any interfaces that use it.
Do the same for any other vlans you want.
Edit:
Also, do yourself a favor now. Don't use vlan1 on the switch. In fact, you should never use vlan 1.
Add a new vlan, any id you want ( my favorite car is an Oldmobile 442 so my native vlan is 442 as an example ), then assign it an address, and make it the native port on all ports.
Change the default profile to just allow the native vlan.
Change any other port so the native vlan is the vlan of that port, ie MGMT native should be 10 etc.
Not sure what you're asking about dhcp and having a tagged vlan? One has nothing to do with the other.
Do you want the vlan to receive addresses by dhcp? If yes, you need dhcp running on that interface.
One question I have for you, when you click in a field on your switch, does the text entry box stay open?
I use chrome and it will never stay open to allow me to enter anything. I found a workaround but just wondering if anyone else sees this too.
That's it.
Now in your switch, the LAN network will be your untagged network, or pvid, and the vlan20 will need to be tagged on the trunk and untagged on any interfaces that use it.
Do the same for any other vlans you want.
Edit:
Also, do yourself a favor now. Don't use vlan1 on the switch. In fact, you should never use vlan 1.
Add a new vlan, any id you want ( my favorite car is an Oldmobile 442 so my native vlan is 442 as an example ), then assign it an address, and make it the native port on all ports.
Change the default profile to just allow the native vlan.
Change any other port so the native vlan is the vlan of that port, ie MGMT native should be 10 etc.
Not sure what you're asking about dhcp and having a tagged vlan? One has nothing to do with the other.
Do you want the vlan to receive addresses by dhcp? If yes, you need dhcp running on that interface.
One question I have for you, when you click in a field on your switch, does the text entry box stay open?
I use chrome and it will never stay open to allow me to enter anything. I found a workaround but just wondering if anyone else sees this too.
244
General Discussion / Re: Help neeged for a problem with Port Forwarding
« on: August 13, 2022, 10:36:43 pm »Because I'm 81 on a pension and I can't afford it. Why have Forum to help people if you only help people who have already installed it and don't care about the 'newbies'?
I have other questions, but asking anything on here is a waste of time. I get better response for users on other forums that have nothing to do with OPNsense.
Umm, you didn't even ask a question here.
245
22.7 Legacy Series / Re: Web gui inaccessible when LAN is a VLAN interface
« on: August 13, 2022, 10:34:58 pm »
What are you firewall rules on the vlan?
246
General Discussion / Re: Suggestions to configure OPNsense with Juniper switch
« on: August 11, 2022, 11:14:56 pm »
I think you need to explain a lot more than you are.
Why is your gateway using .11 for starters?
Yeah, it'll work, but why? There's a reason network people use a convention and you're going against it completely.
Can you go into more detail about your setup?
Show pics of your interface settings, vlans included.
You're really making this harder than it is.
No need to use layer3 on the switch, let the router handle that like it's made for.
You should literally just plug the switch into the router, devices into the switch and it should work.
No gateways to the switch, no NAT, just plug it in.
You say you have many vlans. Then you would trunk the port going to the router and tag all your vlans on it. Then untag vlans on ports they're needed on.
Why is your gateway using .11 for starters?
Yeah, it'll work, but why? There's a reason network people use a convention and you're going against it completely.
Can you go into more detail about your setup?
Show pics of your interface settings, vlans included.
You're really making this harder than it is.
No need to use layer3 on the switch, let the router handle that like it's made for.
You should literally just plug the switch into the router, devices into the switch and it should work.
No gateways to the switch, no NAT, just plug it in.
You say you have many vlans. Then you would trunk the port going to the router and tag all your vlans on it. Then untag vlans on ports they're needed on.
247
Virtual private networks / Re: Trying to setup site to site between two windows servers
« on: August 11, 2022, 08:22:06 pm »
In the endpoint.
248
Virtual private networks / Re: Trying to setup site to site between two windows servers
« on: August 11, 2022, 07:21:37 pm »
Don't allow it to the LAN, allow it to the WG.
And make sure you add it to allowed networks on the other end.
And make sure you add it to allowed networks on the other end.
249
22.7 Legacy Series / Re: How to control the interface bandwidth usage evenly on egress and ingress
« on: August 11, 2022, 07:19:16 pm »
I agree, a 1Gb link is 1G in and out simultaneously, not split between each direction.
250
General Discussion / Re: Suggestions to configure OPNsense with Juniper switch
« on: August 11, 2022, 05:42:39 pm »
Why would you set a gateway to your switch??
You're sending packets from your switch to OPNsense back to your switch.
Makes no sense.
You're sending packets from your switch to OPNsense back to your switch.
Makes no sense.
251
Virtual private networks / Re: What doesn't work is to connect from Site B to Site C.
« on: August 10, 2022, 12:45:00 pm »
Did you add the site C network to allowed networks on site B and vice versa?
252
General Discussion / Re: Port forward in a wireguard tunnel to another site
« on: August 10, 2022, 12:28:46 am »
You don't list your allowed IP's on both ends of the tunnel?
253
22.7 Legacy Series / Re: [SOLVED]Need help understanding firewall rules
« on: August 07, 2022, 07:56:18 pm »
It's the same for every interface, LAN is no different.
IN is traffic coming into the interface from the attached network.
OUT is traffic leaving the interface into the attached network.
IN is traffic coming into the interface from the attached network.
OUT is traffic leaving the interface into the attached network.
254
Virtual private networks / Re: Stuck with Wireguard configuration
« on: August 06, 2022, 02:36:57 pm »
You said you assigned a new interface, you shouldn't need the interface for remote access but did you assign it an address? Should be the same address as your WG tunnel.
Also, set the interface MTU to 1420
Also, set the interface MTU to 1420
255
Virtual private networks / Re: Stuck with Wireguard configuration
« on: August 06, 2022, 02:00:02 pm »
A /19 on a LAN??? Do you have any idea what that does? Do you really need over 8000 hosts?
Stop! You're generating so much unneeded traffic is ridiculous.
Your firewall rule is only allowing Wireguard to the WAN. Change the destination to LAN or any.
Stop! You're generating so much unneeded traffic is ridiculous.
Your firewall rule is only allowing Wireguard to the WAN. Change the destination to LAN or any.