Categories

  • Discussions about TNSR

    447 Topics
    1k Posts
    S

    I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

    What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

    When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

    interface bridge domain 10
    flood
    uu-flood
    forward
    learn
    exit

    int Interface1
    bridge domain 10
    enable
    exit
    int Interface1.22
    bridge domain 10
    enable
    exit
    interface loopback bridgeloop
    instance 1
    exit
    interface loop1
    ip address 10.25.254.1/24
    bridge domain 10 bvi
    enable
    exit

    I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

    Thanks,
    Shawn

    For background:
    On TNSR device1:
    Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
    Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
    Interface3 is connected to a second switch and has no IP address

    TNSR device2 :
    Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

    Interface 2 is connected to the 2nd switch and has no IP address

    Interface 3 is connected to the first switch and has no IP address

    As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

  • Discussions about pfSense Software, click a category below

    120k Topics
    761k Posts
    S

    #ff2600CORRECTION:

    As the image shows, the Core temperature bar graphs are using the Zone Warning and Zone Critical to set their color coding. I mucked around with various values for Warning and Critical in both Zone and Core and only the "Core Zone Warning and Core Zone Critical values influence the bar graph colors.

  • Discussions about pfSense software packages

    20k Topics
    127k Posts
    T

    @McMurphy exactly.
    I started by setting just the MTU (to 1420). This didn't work.
    After the reply from @TheNarc I did a test and additionally set the MSS value as well.

    Ultimately, you want the real MSS value to be smaller than the MTU (typically 20 bytes for IP header data and 20 bytes for TCP header, so 40 bytes in total).
    However, when you read the description field of the MSS value in pfSense it says

    If a value is entered in this field, then MSS clamping for TCP connections to the value entered above minus 40 for IPv4 (TCP/IPv4 header size) and minus 60 for IPv6 (TCP/IPv6 header size) will be in effect.

    This is why I set the same value as MTU. I actually don't know why this changes things. I would think that implicitly, the MSS should be affected by changing the MTU value. After all, the amount of data that can fit in a TCP segment directly depends on the overall size of the packet minus all headers. I guess that it would probably also work if you only set the MSS (with reverse logic: How should a packet ever get bigger than its payload size plus all headers), but I haven't tested.

    I am no network expert however and the finer details of packet delivery are a mystery to me. I am always happy if I can get things to work ;).

  • Discuss pfSense in other languages

    43k Topics
    267k Posts
    E

    @JeGr Das bezog sich doch gar nicht auf dich!

    Es war eine (zugegegebenermaßen verklausulierte) Kritik an @dogfight76. Erst stellt er eine Frage und dann gibt es mehr als einen Monat lang darauf kenerlei Reaktion. Weder positiv, wie hat geklappt oder negativ, wie hilft leider nichts.

    Ich finde so etwas gelinde gesagt unhöflich denen gegenüber, die Hilfestellung anbieten.

  • Information about hardware available from Netgate

    2k Topics
    20k Posts
    T

    FWIW, I'm using a 4200, and it easily handles full speed on my 1Gbps-ish Verizon FiOS connection. New, those are a bit over your budget, but maybe a used one would suit.

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA

    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts
    W

    @LukasInCloud

    First I got back to 272. Then I specified that IPV6 was not to be supported on the WAN interface. I have posted a lot of what happened (in summary) at this link: https://forum.netgate.com/topic/197806/upgrade-to-2-8-0-seemingly-created-many-problems

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.