Categories

• TNSR

  Discussions about TNSR

  • TNSR Announcements
  • TNSR Feedback
  • Problems Installing or Upgrading TNSR Software
  453 Topics

  1k Posts

  S

  I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

  What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

  When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

  interface bridge domain 10
  flood
  uu-flood
  forward
  learn
  exit

  int Interface1
  bridge domain 10
  enable
  exit
  int Interface1.22
  bridge domain 10
  enable
  exit
  interface loopback bridgeloop
  instance 1
  exit
  interface loop1
  ip address 10.25.254.1/24
  bridge domain 10 bvi
  enable
  exit

  I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

  Thanks,
  Shawn

  For background:
  On TNSR device1:
  Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
  Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
  Interface3 is connected to a second switch and has no IP address

  TNSR device2 :
  Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

  Interface 2 is connected to the 2nd switch and has no IP address

  Interface 3 is connected to the first switch and has no IP address

  As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

• pfSense® Software

  Discussions about pfSense Software, click a category below

  • Messages from the pfSense Team
  • General pfSense Questions
  • Multi-Instance Management
  • Problems Installing or Upgrading pfSense Software
  • Firewalling
  • NAT
  • HA/CARP/VIPs
  • L2/Switching/VLANs
  • Routing and Multi WAN
  • Traffic Shaping
  • DHCP and DNS
  • IPv6
  • IPsec
  • OpenVPN
  • Captive Portal
  • webGUI
  • Wireless
  • SNMP
  • Documentation
  • Development
  • Gaming
  • Virtualization
  • Hardware
  • Bounties
  • Retired
  120k Topics

  762k Posts

  S

  I haven't tried that but I believe could. You should be able to set any number of parameters for he client view.

  An alternative here might be to also run the DNS forwarder. You have to run it on a different port to avoid a conflict but you can forward requests to that port.

• pfSense Packages

  Discussions about pfSense software packages

  • Cache/Proxy
  • IDS/IPS
  • Traffic Monitoring
  • pfBlockerNG
  • UPS Tools
  • ACME
  • FRR
  • Tailscale
  • WireGuard
  20k Topics

  127k Posts

  E

  @certifiable Thanks for gathering and sharing all this detail—super helpful.

  Yeah, I’m inclined to agree about the 8111. It probably is supported via the re(4) driver, and like you said, the “E” just denotes PCIe. Unless there were big changes to the Realtek driver between 2011 and 2015, it should still work with Netmap. Of course, without a definitive confirmation, there’s always some uncertainty, but it seems like a solid bet.

  On the Intel side, it’s interesting (and a bit frustrating) that inline Suricata doesn’t work even though the i211 is listed as supported in both the FreeBSD hardware notes and the Netmap man page. I did check the ifconfig output—my i211 shows up as igb0, not igp. From what I understand, igb is the correct driver family for the i210/i211 series. igp might be a typo or confusion with something else (maybe the older PRO/1000 series?).

  I’ve been using the i211 exclusively for testing because I’ve read in several threads (and you confirmed) that the i219LM can be more problematic, especially with netmap/pf_ring compatibility. If you haven’t already, I’d definitely try binding Suricata only to the i211 to rule out issues from the onboard i219.

  Also appreciate the fallback suggestion on the dual-port 1000e NIC—good to know there are reliable options if the built-ins keep acting up. And yeah, if it comes to that, maybe a direct appeal to Luigi Rizzo himself will be in order.

  Thanks again—like you said, this stuff can start feeling like work real fast, but having all these specifics in one place makes troubleshooting a lot easier. I’ll keep digging, and if I get it working, I’ll post back with the exact configuration.

• pfSense International Support

  Discuss pfSense in other languages

  • Chinese
  • Deutsch
  • Español
  • Français
  • Indonesian
  • Italiano
  • Russian
  • Nederlands
  • Norwegian
  • Portuguese
  • Polish
  • Romanian
  • Swedish
  • Turkish
  43k Topics

  267k Posts

  B

  Buen día a todos,

  Sistema Operativo:
  FreeBSD 14.0-CURRENT

  Versión de PFsense:
  2.7.2-RELEASE (amd64)

  Versión de OpenVPN:
  OpenVPN 2.6.8

  Cliente openVPN:
  openvpn-client-export 1.9.2

  Versión OpenVPN Connect:
  3.7.2 (4253)

  Versión de IP:
  IPv6 (Por alguna razón no logro conectarme con IPv4)

  He realizado la configuración de OpenVPN para que se conecten con las siguientes configuraciones de usuarios:

  Usuarios locales sin certificaco Usuarios locales con certificado Usuarios mediante LDAP (AD 2022) sin certificado Usuarios mediante LDAP (AD 2022) con certificado

  Terminada la configuración hago pruebas y me puedo conectar sin problema, pasa un día y sin problemas me conecto pero pasan algunos días más y no logro conectarme y me sale el siguiente error:

  Connection Timeout
  Cannot connect because of the followinf error(s):
  Error calling protect() method on socket: 30 times

  Entonces debo borrar toda la configuración y hacerla de nuevo y pasa lo mismo hago pruebas y me puedo conectar sin problema, pasa un día y sin problemas me conecto pero pasan algunos días más y no logro conectarme y me sale el mismo error

  Me pudieran ayudar con este tema ya que la VPN se utiliza en situaciones extraordinarias en las que por alguna emergencia deben conectarse y terminan llamando en la madrugada para solucionar el problema

• Official Netgate® Hardware

  Information about hardware available from Netgate
  3k Topics

  20k Posts

  J

  @jdstlnet Correction, unit was bought late 2023, early 2024.

• Netgate Announcements

  Information about hardware available from Netgate
  44 Topics

  211 Posts

  A

  It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  • Forum Feedback
  • Community Job Board
  3k Topics

  19k Posts

  S

  I don't know how Truenas would set that up but in Proxmox you could add an address to the bridge and use that to access Proxmox. It could be dhcp or static. I would probably leave it as dhcp and set a static dhcp lease in pfSense so it always get the same IP address.

  Just to be clear though that is config in Proxmox it is not a bridge in pfSense.