[SOLVED] 2 LAN …. No communication

Started by stanthewizzard, May 27, 2021, 10:11:47 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
May 27, 2021, 10:11:47 PM Last Edit: June 07, 2021, 11:50:03 AM by stanthewizzard
Hello

I'm totally lost in my own network.

I have network 1 with switch 1
192.168.0.0/24
WAN X.X.X.X
Fine

I have network 2 with switch 2
192.168.1.0/24
WAN Y.Y.Y.Y
Fine

I have switch 0 that link 1 tot 2

What do I need to do to make 192.168.0.0/24 see 192.168.1.0/24 ?
They don't talk to each other. A route ? A special gateway ?

Many thanks for you help
May 28, 2021, 09:23:31 AM #1
Your networks 1 and 2 have their own /24 subnet each. Given that your switch 0 is the only connection between the 2 networks, and this is just a switch (not a router), that is the reason why there isn't any communication between network 1 and 2.

If you don't want to change the subnets of the networks, then you need a device that has an IP address in each of the 2 networks and forwards packets between the networks. That device would also have to do some NAT. Then you can create routes for each member of the 2 networks, using that device as a gateway to the other network.
May 28, 2021, 10:31:05 AM #2
Thanks for your answer

What I did
on FW1 I added a RJ45 to switch 1 with IP 192.168.1.111

On FW2 I added a RJ45 to switch 2 with IP 192.168.0.111

I need a gateway ? A route ?

Thanks again
May 28, 2021, 10:59:13 AM #3
What are FW1 and FW2? This looks like FireWall, but you didn't mention a firewall in your first post. I am not sure if understood what your network looks like.
May 28, 2021, 11:33:33 AM #4
OPNSENSE1 (Firewall/Route/gateway)                                 OPNSENSE1 (Firewall/Route/gateway)               
               Switch1                                                                         Switch2
LAN1 192.168.0.0/24                                                              LAN2 192.168.1.0/24


There is an RJ45 between switch 1 and 2

Do you find it clearer ? (again thank you for your help)
:)
May 28, 2021, 03:13:48 PM #5
You have 2 x OPNSENSE1 in your post, is that intended or just a copy/paste error mistake? Since you mentioned FW1 und FW2, I just assume this is copy/paste. This is the picture i currently have:

Code Select

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
                            |
                            |
                        [Switch 0]
                            |
                            |
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients


OPNsense 1 Port 1 is 192.168.1.111/24
OPNsense 2 Port 1 is 192.168.0.111/24



Now you want your LAN 1 clients to be able to communicate with the LAN 2 clients, right?

I think this won't work just by configuring a route or gateway in OPNsense.

Even if you log into one of the OPNsenses and try to ping the other one, I assume this won't work, because a simple switch wouldn't forward a packet from one subnet into a different subnet. This is at least my understanding of subnets and switches.

Is switch 0 just a simple switch?
May 28, 2021, 03:40:49 PM #6
The first schema is the correct one
This are 2 geosites linked by the switch 0

Lan 1 client with lan 2 client and vice versa

Switch can't do the job but router from opnsense 1 and 2 should ?

Thanjs

May 28, 2021, 06:26:47 PM #7
Quote
Switch can't do the job but router from opnsense 1 and 2 should ?

Your OPNsenses could do the job, yes, but the switch between the OPNsenses prevents that.

Alternative solutions could be:

1) Replace the switch 0 with another router. That can be another OPNsense, but any other Linux box could do the job. The only requirement is to have at least two network interfaces, one for each subnet. That would look like this:

Code Select

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
                            |
                            |
                         [router]
                            |
                            |
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients



2) Just connect the 2 OPNsenses directly. That would look like this:

Code Select

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
                 |
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients


3) Add one of the OPNsenses to the other network. That would look like this

Code Select

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
                 ------------
                            |
                            |
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients


or this

Code Select

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
                            |
                            |
                 ------------
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients



Note: At this point i should mention that i am primarily a software developer, not a network admin. Before you take a bigger step (eg. buying new hardware), i recommend to get a confirmation of your plan from another person. I think the above is correct, this is what i would do myself, but i can't guarantee this is correct.
May 28, 2021, 06:41:01 PM #8
Schema 2 is the one I tried

Opnsense 1 is connect to opnsense 2 through switch 0 (dumb switch)

It's not working... what Am I missing in this situation ?

Thank you again and again
May 29, 2021, 10:28:37 AM #9
Quote
Schema 2 is the one I tried

Opnsense 1 is connect to opnsense 2 through switch 0 (dumb switch)

That would be this:

Code Select

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
             [Switch 0]
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients


OPNsense 1 Port 1 = 192.168.1.111/24
OPNsense 2 Port 1 = 192.168.0.111/24

OPNsense 1 Port 2 = ?
OPNsense 2 Port 2 = ?

Please confirm this is what you tried.
May 29, 2021, 10:35:05 AM #10
[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
             [Switch 0]
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

[OPNsense 1 Port 1] - 192.168.0.201
[OPNsense 1 Port 2] - 192.168.1.111

[OPNsense 2 Port 2] -192.168.0.111
[OPNsense 2 Port 1] - 192.168.1.201

Confirmed like this

You are again very kind thanks
May 29, 2021, 11:51:06 AM #11
The issue with the connection between the OPNsenses is, their IP adresses belong to different subnets. You have a physical connection between [OPNsense 1 Port 2] and [OPNsense 2 Port 2], but the switch won't be enough to establish a communication between them.

So instead of those incompatible IP addresses

[OPNsense 1 Port 2] - 192.168.1.111
[OPNsense 2 Port 2] - 192.168.0.111

i suggest to create a dedicated subnet for this connection. If you (for example) change the IP addresses to

[OPNsense 1 Port 2] - 192.168.2.111
[OPNsense 2 Port 2] - 192.168.2.112

then your OPNsenses should be able to communicate with each other. That doesn't connect the clients of LAN 1 and LAN 2, but it's a first step.

The next step would be a simple test. Log into one of the OPNsenses and ping the other one:

192.168.2.111 --ICMP--> 192.168.2.112
or
192.168.2.111 <--ICMP-- 192.168.2.112

You will probably need to add some firewall rules, so the ICMP packets are allowed to leave the sending device and are accepted on the receiving device.
May 29, 2021, 02:10:39 PM #12
I'll try your solution asap
Keep posted here
;D
May 31, 2021, 11:45:06 AM #13
[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
             [Switch 0]
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

[OPNsense 1 Port 1] - 192.168.0.201
[OPNsense 1 Port 2] - 192.168.2.111

[OPNsense 2 Port 2] -192.168.2.112
[OPNsense 2 Port 1] - 192.168.1.201

No ping
:(((
May 31, 2021, 03:25:32 PM #14

  • Please confirm that you tried to ping between 192.168.2.111 and 192.168.2.112.

  • Which rules did you create on which OPNsense, to allow the ICMP packages?

  • When you enable logging for the default drop policy in OPNsense, do you see the ICMP packages being dropped? There should be a checkbox somewhere in system settings / logging.
Print
Go Up Pages1 2
User actions