Categories

  • 443 Topics
    1k Posts
    S

    I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

    What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

    When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

    interface bridge domain 10
    flood
    uu-flood
    forward
    learn
    exit

    int Interface1
    bridge domain 10
    enable
    exit
    int Interface1.22
    bridge domain 10
    enable
    exit
    interface loopback bridgeloop
    instance 1
    exit
    interface loop1
    ip address 10.25.254.1/24
    bridge domain 10 bvi
    enable
    exit

    I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

    Thanks,
    Shawn

    For background:
    On TNSR device1:
    Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
    Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
    Interface3 is connected to a second switch and has no IP address

    TNSR device2 :
    Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

    Interface 2 is connected to the 2nd switch and has no IP address

    Interface 3 is connected to the first switch and has no IP address

    As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

  • 120k Topics
    759k Posts
    GertjanG

    @Sergei_Shablovsky

    Wow ... Midnight Commander ! 😊
    ( thought that one was doing only ftp ... )

    Btw : sftp with, for example, the free WinSCP, does the job for me.

    I'm in France so I solved all the éà$¤ issues with :
    pfSense runs in its native language.
    The devices I uses us the same native language.
    Not a (perfect solution), but no more "codepage" or OS language issues or whatever the like.

  • 20k Topics
    127k Posts
    B

    @aniodon

    Apologies for the necro posting.

    How would you apply such a patch ?

    https://github.com/pfsense/FreeBSD-ports/commit/476a7d0e3dca704b236839970f1d215912184f73

    I've created a system patch via pfsense GUI with the commit mentioned in this thread, however, it does not apply to my squid config,

    It seems that it is not recognizing the file to update (?)
    Here's what I'm getting in the debug log (not having changed default patch settings):

    /usr/bin/patch --directory='/' -t --strip '2' -i '/var/patches/682f24bdbc39f.patch' --check --forward --ignore-whitespace Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |From 476a7d0e3dca704b236839970f1d215912184f73 Mon Sep 17 00:00:00 2001 |From: Marcos Mendoza <mmendoza@netgate.com> |Date: Tue, 26 Nov 2024 18:36:53 -0600 |Subject: [PATCH] www/pfSense-pkg-squid: remove duplicate option | |--- | www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc | 1 - | 1 file changed, 1 deletion(-) | |diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc |index 719cda2fb3cf..129b8b05335c 100644 |--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc |+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc -------------------------- No file to patch. Skipping... Hunk #1 ignored at 1236. 1 out of 1 hunks ignored while patching pfSense-pkg-squid/files/usr/local/pkg/squid.inc done
  • 43k Topics
    267k Posts
    W

    @paolo256

    Das ist richtig, das VLAN-Tagging kann entweder im Modem oder in der pfSense gemacht werden, nur halt nicht in beiden gleichzeitig.

    Ich mache es in der pfSense, so kann man das Modem einfach tauschen, auch wenn das neue Modem kein VLAN-Tagging beherrscht. Glasfasermodem z.B..

  • Information about hardware available from Netgate

    2k Topics
    20k Posts
    N

    @jared-silva

    Thanks for the detailed writeup on this procedure. I have a 1100 that just failed and I am grateful I found this thread.

    So here in May now, you've had yours running on the Samsung FIT drive for several months. If you were doing this again today would you use the same USB drive? Any other suggestions or recommendations after you've had yours running this way for a few months?

    Thanks.

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA

    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts
    N

    Only OpenVPN-compatible user certificates are shown

    If a client is missing from the list it is likely due to a CA mismatch between the OpenVPN server instance and the client certificate, the client certificate does not exist on this firewall, or a user certificate is not associated with a user when local database authentication is enabled.

    Clients using OpenSSL 3.0 may not work with older or weaker ciphers and hashes, such as SHA1, including when those were used to sign CA and certificate entries.

    OpenVPN 2.4.8+ requires Windows 7 or later
    Links to OpenVPN clients for various platforms:

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

Looks like your connection to Netgate Forum was lost, please wait while we try to reconnect.