Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
SSH connection fails after a few seconds ( 2 VLAN's + AccessPoint )
« previous
next »
Print
Pages: [
1
]
Author
Topic: SSH connection fails after a few seconds ( 2 VLAN's + AccessPoint ) (Read 1146 times)
johnsen_
Newbie
Posts: 9
Karma: 0
SSH connection fails after a few seconds ( 2 VLAN's + AccessPoint )
«
on:
February 19, 2023, 08:22:56 pm »
Hi,
my problem is that a SSH connection between 2 VLAN's is not possible when both hosts are connected via WLAN.
Here a bit more detailed:
My setup:
OPNsense (hardware) with LAN1.
LAN1 is connected to a (Netgear GS305E) switch.
A (TP-Link EAP653 ) AccessPoint is connected to the switch.
Switch and AccessPoint are VLAN enabled and configured as follows:
AccessPoint:
- 3 different SSID's.
- Each SSID is assigned a different VLAN ( 10,20,30 )
Switch:
- Port1: untagged - VLAN 20
- Port2: tagged - VLAN 10,20,30 ( -> OPNsense)
- Port3: untagged - VLAN 30
- Port4: untagged - VLAN 10
- Port5: tagged - VLAN 10,20,30 ( -> AccessPoint)
The networks and IP's are assigned as follows:
LAN1: 192.168.150.0/24
LAN1 gateway: 192.168.150.1
LAN1 IP assignments:
192.168.150.50 - switch
192.168.150.51 - AccessPoint
VLAN10: 192.168.160.0/24
VLAN10 gateway: 192.168.160.1
VLAN10 IP assignments:
192.168.160.6 - PC (WLAN)
VLAN20: 192.168.170.0/24
VLAN20 gateway: 192.168.170.1
VLAN20 IP assignments:
192.168.170.7 - RaspberryPI 1 (LAN port 1)
192.168.170.8 - RaspberryPI 2 (WLAN)
A rule is set up on the OPNsense to allow the PC to access the Raspberries.
Services: TCP/UDP
Source: VLAN 10 / 192.168.160.6
Destination: VLAN20
Ports: any
The problem in detail:
If I open an SSH connection from the WLAN-connected PC in VLAN10 to the LAN-connected RaspberryPI in VLAN20, it works without problems.
If I open an SSH connection from the WLAN connected PC in VLAN 10 to the WLAN connected RaspberryPI in VLAN20, the connection fails after a few seconds.
If I am connected with the PC in VLAN20 via WLAN or I am connected with the PC via LAN on port4 in VLAN10, the SSH connection also works without interruption.
Unfortunately, I haven't figured out yet what is wrong with the interaction between the AccessPoint and the switch when both SSH hosts are in different VLANs via WLAN. I hope you can help me! Many thanks in advance!
«
Last Edit: February 22, 2023, 07:11:55 pm by johnsen_
»
Logged
FLguy
Newbie
Posts: 35
Karma: 1
Re: SSH connection fails after a few seconds ( 2 VLAN's + AccessPoint ) 🆕
«
Reply #1 on:
February 21, 2023, 01:19:01 am »
After reading your post, it's kinda hard to follow the bouncing ball. But I don't think the issue is on the OPNsense firewall (By reading into your post, I don't believe you feel that way either). To dig into the FW go to see if the firewall even sees the traffic you can go to
Firewall: Diagnostics: Statistics
and click the
rules
tab. Search for ssh, and then look for bolded rules to see if you have state creations for those expected rules. [there might be an easier way to do this in OPNsense, but idk yet.]
Also, try
Firewall: Diagnostics: States
for
Select rule
and look for your ssh pass rule. Then initiate traffic, and see if you see the traffic appear.
By the look of it, the only failing scenario is PC in WLAN vlan10 to RPi WLAN vlan20. This would be the same pass rule to allow PC connected to LAN in vlan10, which you say works. I'm wondering if the AP or switch is block traffic based on some Layer 2 security. But its a complete guess.
Logged
johnsen_
Newbie
Posts: 9
Karma: 0
Re: SSH connection fails after a few seconds ( 2 VLAN's + AccessPoint ) 🆕
«
Reply #2 on:
February 22, 2023, 07:11:37 pm »
Thanks for your answer!
What else can I do to better understand my problem or setup?
I have already looked in the FW logs, but I only see the first request (Host -> Pi) on port 22. After that I see nothing more. Also no deny.
As you say, the cause must not be the firewall, but I hoped that you can help me in this forum anyway.
After reading many other posts, I thought that the reason is that the two WLAN clients want to establish a direct connection without the traffic going through the firewall. The mentioned workaround (Firewall Optimization set to conservative) did not change anything and therefore did not confirm this assumption.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
SSH connection fails after a few seconds ( 2 VLAN's + AccessPoint )