Categories

• TNSR

  Discussions about TNSR

  • TNSR Announcements
  • TNSR Feedback
  • Problems Installing or Upgrading TNSR Software
  448 Topics

  1k Posts

  S

  I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

  What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

  When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

  interface bridge domain 10
  flood
  uu-flood
  forward
  learn
  exit

  int Interface1
  bridge domain 10
  enable
  exit
  int Interface1.22
  bridge domain 10
  enable
  exit
  interface loopback bridgeloop
  instance 1
  exit
  interface loop1
  ip address 10.25.254.1/24
  bridge domain 10 bvi
  enable
  exit

  I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

  Thanks,
  Shawn

  For background:
  On TNSR device1:
  Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
  Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
  Interface3 is connected to a second switch and has no IP address

  TNSR device2 :
  Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

  Interface 2 is connected to the 2nd switch and has no IP address

  Interface 3 is connected to the first switch and has no IP address

  As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

• pfSense® Software

  Discussions about pfSense Software, click a category below

  • Messages from the pfSense Team
  • General pfSense Questions
  • Multi-Instance Management
  • Problems Installing or Upgrading pfSense Software
  • Firewalling
  • NAT
  • HA/CARP/VIPs
  • L2/Switching/VLANs
  • Routing and Multi WAN
  • Traffic Shaping
  • DHCP and DNS
  • IPv6
  • IPsec
  • OpenVPN
  • Captive Portal
  • webGUI
  • Wireless
  • SNMP
  • Documentation
  • Development
  • Gaming
  • Virtualization
  • Hardware
  • Bounties
  • Retired
  120k Topics

  761k Posts

  W

  Re: PfSense/Netgate/Starlink/Cisco ATA 191/Voip.ms Phone voip box intermittently loosing registration on voip.ms

  I seem to be having a problem with a Cisco SPA112 at this point. It had been working just fine up until I discovered yesterday that I had no dial tone.

  What lead into this problem was thinking I should upgrade to 280, and things went crazy with the error messages and the like.
  So I had to re-install pfSesne 272 using a DVD after some problem that caused both of my units to stop working (in this case an older box (A) running pfSense running an older CPU, and a newer box (B) running a faster CPU, more RAM and SSDs. I have documented that in another thread. Since getting things fixed, I have found that our SPA112 is not registering with our VOIP vendor. This SPA112 is on a FIXED IP address (static). And I have contacted them (VOIP vendor) about this, they pointed me to the pfSense doc on this and it is difficult for me to match the online doc to what I am seeing in the GUI. What could I have mangled in the basic install to cause this? I don't know enough to write rules for firewalls, and I don't do wild stuff with DHCP. I do set the system to NOT route IPV6 w/in my LAN. So I am puzzled as to what I broke in manually restoring these two boxes -- BTW, NOT running HA. If the one goes down, I manually swap in the other.

  The rest of my Lan seems to be fully functional. Our laptops can reach the printer and file server box, all our ROKU boxes are back to being fully functional.

• pfSense Packages

  Discussions about pfSense software packages

  • Cache/Proxy
  • IDS/IPS
  • Traffic Monitoring
  • pfBlockerNG
  • UPS Tools
  • ACME
  • FRR
  • Tailscale
  • WireGuard
  20k Topics

  127k Posts

  Y

  I'm late to the party but unless I misunderstand this thread it's not about Tailscale not starting up but instead about the auth key expiring.

  Auth keys are good for a maximum of 90 days. If you reboot pfSense on day 91, Tailscale will not come up and the "API" error will be generated (it's actually an auth key expired error).

  Thus, unless you never reboot pfSense, starting with the 91st day, you must re-generate an auth key and input it to Tailscale even if you have key expiry disabled.

  What makes this worse, IMHO, is that the longer you go between reboots, the more obscure the problem. So, Tailscale is not a reliable service because it cannot survive a reboot after 90 days.

  This occurs on both CE 2.7.2 in a Protectli Vault Proxmox VM and on a real SG-1100 running Plus 24.11 (packages as distributed with those releases).

• pfSense International Support

  Discuss pfSense in other languages

  • Chinese
  • Deutsch
  • Español
  • Français
  • Indonesian
  • Italiano
  • Russian
  • Nederlands
  • Norwegian
  • Portuguese
  • Polish
  • Romanian
  • Swedish
  • Turkish
  43k Topics

  267k Posts

  J

  @dogfight76 said in Nach Stromausfall keine Verbindung mehr zur pfSense und dadurch keine Internet:

  Telnet/Komsole für Geräte kenne ich. Aber wo kann ich den Konsolen-Befehl auf der pfSense ausführen ?

  Du gehst entweder per SSH auf das Gerät oder du führst den Befehl in Diagnostics / Command Prompt als Konsolenbefehl aus. Der dauert dann meistens ein wenig. Danach solltest du bei Einstellen von 2.7.2 als Update Ziel wieder ein Update durchführen können.

  Danach wird dir garantiert dann 2.8 angezeigt. Alternativ kannst du auch schlicht den Netgate Installer runterladen und dir 2.8 einfach "drüber" installieren, dann bist du direkt ohne Umschweife auf der aktuellen Version.

  Cheers

• Official Netgate® Hardware

  Information about hardware available from Netgate
  2k Topics

  20k Posts

  D

  @Nightwolf said in Netgate 6100 LAN crashes:

  Is anything logged when this happens?
  The system logs are not telling me anything. The log is full of lines from syslogd that are not responding.
  I have disabled syslog but I can't find the source of the problem.

  Do you have remote syslog enabled? If so, is the syslog server on the same interface that stops working?

• Netgate Announcements

  Information about hardware available from Netgate
  44 Topics

  211 Posts

  A

  It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  • Forum Feedback
  • Community Job Board
  3k Topics

  19k Posts

  L

  @Wylbur Thank you!