Categories

  • Discussions about TNSR

    448 Topics
    1k Posts
    S

    I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

    What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

    When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

    interface bridge domain 10
    flood
    uu-flood
    forward
    learn
    exit

    int Interface1
    bridge domain 10
    enable
    exit
    int Interface1.22
    bridge domain 10
    enable
    exit
    interface loopback bridgeloop
    instance 1
    exit
    interface loop1
    ip address 10.25.254.1/24
    bridge domain 10 bvi
    enable
    exit

    I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

    Thanks,
    Shawn

    For background:
    On TNSR device1:
    Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
    Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
    Interface3 is connected to a second switch and has no IP address

    TNSR device2 :
    Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

    Interface 2 is connected to the 2nd switch and has no IP address

    Interface 3 is connected to the first switch and has no IP address

    As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

  • Discussions about pfSense Software, click a category below

    120k Topics
    761k Posts
    F

    @stephenw10 said in "Boot loader is too old. Please upgrade" in console after upgrading to 2.8.0:

    Ok interesting, It can't do anything if it doesn't see the boot device anyway.

    How does the encrypted boot disk appear in /dev or in the boot logs?

    The correct fix here would be to fix the bootloader updater so it knows about encrypted drives. We'll have to look into how difficult that might be.

    [2.8.0-RELEASE][admin@pfSense.home.internal]/dev: ls -l total 3 crw-rw-r-- 1 root operator 0x2f Jun 15 00:18 acpi crw-r----- 1 root operator 0x73 Jun 15 00:18 ada0 crw-r----- 1 root operator 0x74 Jun 15 00:18 ada0p1 crw-r----- 1 root operator 0x75 Jun 15 00:18 ada0p2 crw-r----- 1 root operator 0x78 Jun 15 00:18 ada0p2.eli crw-rw-r-- 1 root operator 0x31 Jun 15 00:18 apm crw-rw---- 1 root operator 0x30 Jun 15 00:18 apmctl crw------- 1 root wheel 0x39 Jun 15 00:18 atkbd0

    (That's obviously a partial output of ls-l. There's a couple more pages, but that's all for ada*)

    pfSense Disks.JPG

    Do either of these help answer your question?

  • Discussions about pfSense software packages

    20k Topics
    127k Posts
    M

    @tinfoilmatt

    here: running pfSense 2.8.0-RELEASE and pfBlockerNG 3.2.8-dev

    Made the suggested change to line 1232.

    Still same issue showing DNSBL (unbound mode) out of sync.

    Should I revert the channge to ensure that the patch when available works correctly?

    Thanks for nay help.

  • Discuss pfSense in other languages

    43k Topics
    267k Posts
    P

    Ciao a tutti,
    ho un problema con la mia telecamera Tapo C520WS collegata alla rete Wi-Fi

    Funziona perfettamente in rete locale (riesco a collegarmi), ma non riesco ad accederci da remoto e la telecamera segna luce rossa
    Modello camera: Tapo C520WS
    IP assegnato(statico) con dns
    creato una regalo firewall "Allow All"
    nella pass list di Suricata
    Ho controllato i log firewall e Suricata e non risultano blocchi
    Segnale Wi-Fi è ottimo

    C’è qualche dominio o porta specifica che la Tapo usa ?
    Oppure ci sono altre configurazioni note da fare per farla funzionare correttamente?

    Grazie mille

  • Information about hardware available from Netgate

    2k Topics
    20k Posts
    S

    @stephenw10 this has been a learning curve for me.
    I thought I was going to couch up some $$$ for support, but Support came to the rescue. They did a great job and were quick to respond.
    thanks for those who responded... now my journey continues

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA

    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts
    L

    @Wylbur Thank you!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.