[SOLVED] 2 LAN …. No communication

[stanthewizzard]

Hello

I’m totally lost in my own network.

I have network 1 with switch 1
192.168.0.0/24
WAN X.X.X.X
Fine

I have network 2 with switch 2
192.168.1.0/24
WAN Y.Y.Y.Y
Fine

I have switch 0 that link 1 tot 2

What do I need to do to make 192.168.0.0/24 see 192.168.1.0/24 ?
They don’t talk to each other. A route ? A special gateway ?

Many thanks for you help

[Sheldon]

Your networks 1 and 2 have their own /24 subnet each. Given that your switch 0 is the only connection between the 2 networks, and this is just a switch (not a router), that is the reason why there isn't any communication between network 1 and 2.

If you don't want to change the subnets of the networks, then you need a device that has an IP address in each of the 2 networks and forwards packets between the networks. That device would also have to do some NAT. Then you can create routes for each member of the 2 networks, using that device as a gateway to the other network.

[stanthewizzard]

Thanks for your answer

What I did
on FW1 I added a RJ45 to switch 1 with IP 192.168.1.111

On FW2 I added a RJ45 to switch 2 with IP 192.168.0.111

I need a gateway ? A route ?

Thanks again

[Sheldon]

What are FW1 and FW2? This looks like FireWall, but you didn't mention a firewall in your first post. I am not sure if understood what your network looks like.

[stanthewizzard]

OPNSENSE1 (Firewall/Route/gateway)                                 OPNSENSE1 (Firewall/Route/gateway)               
               Switch1                                                                         Switch2
LAN1 192.168.0.0/24                                                              LAN2 192.168.1.0/24


There is an RJ45 between switch 1 and 2

Do you find it clearer ? (again thank you for your help)

[Sheldon]

You have 2 x OPNSENSE1 in your post, is that intended or just a copy/paste error mistake? Since you mentioned FW1 und FW2, I just assume this is copy/paste. This is the picture i currently have:

Code: [Select]

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
                            |
                            |
                        [Switch 0]
                            |
                            |
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

OPNsense 1 Port 1 is 192.168.1.111/24
OPNsense 2 Port 1 is 192.168.0.111/24


Now you want your LAN 1 clients to be able to communicate with the LAN 2 clients, right?

I think this won't work just by configuring a route or gateway in OPNsense.

Even if you log into one of the OPNsenses and try to ping the other one, I assume this won't work, because a simple switch wouldn't forward a packet from one subnet into a different subnet. This is at least my understanding of subnets and switches.

Is switch 0 just a simple switch?

[stanthewizzard]

The first schema is the correct one
This are 2 geosites linked by the switch 0

Lan 1 client with lan 2 client and vice versa

Switch can't do the job but router from opnsense 1 and 2 should ?

Thanjs

[Sheldon]

Switch can't do the job but router from opnsense 1 and 2 should ?

Your OPNsenses could do the job, yes, but the switch between the OPNsenses prevents that.

Alternative solutions could be:

1) Replace the switch 0 with another router. That can be another OPNsense, but any other Linux box could do the job. The only requirement is to have at least two network interfaces, one for each subnet. That would look like this:

Code: [Select]

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
                            |
                            |
                         [router]
                            |
                            |
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients


2) Just connect the 2 OPNsenses directly. That would look like this:

Code: [Select]

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
                 |
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

3) Add one of the OPNsenses to the other network. That would look like this

Code: [Select]

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
                 ------------
                            |
                            |
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

or this

Code: [Select]

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
                            |
                            |
                 ------------
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

Note: At this point i should mention that i am primarily a software developer, not a network admin. Before you take a bigger step (eg. buying new hardware), i recommend to get a confirmation of your plan from another person. I think the above is correct, this is what i would do myself, but i can't guarantee this is correct.

[stanthewizzard]

Schema 2 is the one I tried

Opnsense 1 is connect to opnsense 2 through switch 0 (dumb switch)

It’s not working… what Am I missing in this situation ?

Thank you again and again

[Sheldon]

Schema 2 is the one I tried

Opnsense 1 is connect to opnsense 2 through switch 0 (dumb switch)

That would be this:

Code: [Select]

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
             [Switch 0]
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

OPNsense 1 Port 1 = 192.168.1.111/24
OPNsense 2 Port 1 = 192.168.0.111/24

OPNsense 1 Port 2 = ?
OPNsense 2 Port 2 = ?

Please confirm this is what you tried.

[stanthewizzard]

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
             [Switch 0]
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

[OPNsense 1 Port 1] - 192.168.0.201
[OPNsense 1 Port 2] - 192.168.1.111

[OPNsense 2 Port 2] -192.168.0.111
[OPNsense 2 Port 1] - 192.168.1.201

Confirmed like this

You are again very kind thanks

[Sheldon]

The issue with the connection between the OPNsenses is, their IP adresses belong to different subnets. You have a physical connection between [OPNsense 1 Port 2] and [OPNsense 2 Port 2], but the switch won't be enough to establish a communication between them.

So instead of those incompatible IP addresses

[OPNsense 1 Port 2] - 192.168.1.111
[OPNsense 2 Port 2] - 192.168.0.111

i suggest to create a dedicated subnet for this connection. If you (for example) change the IP addresses to

[OPNsense 1 Port 2] - 192.168.2.111
[OPNsense 2 Port 2] - 192.168.2.112

then your OPNsenses should be able to communicate with each other. That doesn't connect the clients of LAN 1 and LAN 2, but it's a first step.

The next step would be a simple test. Log into one of the OPNsenses and ping the other one:

192.168.2.111 --ICMP--> 192.168.2.112
or
192.168.2.111 <--ICMP-- 192.168.2.112

You will probably need to add some firewall rules, so the ICMP packets are allowed to leave the sending device and are accepted on the receiving device.

[stanthewizzard]

I’ll try your solution asap
Keep posted here
 

[stanthewizzard]

[OPNsense 1 Port 1]-----[Switch 1]-----LAN 1 clients
[OPNsense 1 Port 2]
                 |
                 |
             [Switch 0]
                 |
                 |
[OPNsense 2 Port 2]
[OPNsense 2 Port 1]-----[Switch 2]-----LAN 2 clients

[OPNsense 1 Port 1] - 192.168.0.201
[OPNsense 1 Port 2] - 192.168.2.111

[OPNsense 2 Port 2] -192.168.2.112
[OPNsense 2 Port 1] - 192.168.1.201

No ping
((

[Sheldon]

• Please confirm that you tried to ping between 192.168.2.111 and 192.168.2.112.
• Which rules did you create on which OPNsense, to allow the ICMP packages?
• When you enable logging for the default drop policy in OPNsense, do you see the ICMP packages being dropped? There should be a checkbox somewhere in system settings / logging.