Categories

  • 450 Topics
    1k Posts

    I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

    What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

    When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

    interface bridge domain 10
    flood
    uu-flood
    forward
    learn
    exit

    int Interface1
    bridge domain 10
    enable
    exit
    int Interface1.22
    bridge domain 10
    enable
    exit
    interface loopback bridgeloop
    instance 1
    exit
    interface loop1
    ip address 10.25.254.1/24
    bridge domain 10 bvi
    enable
    exit

    I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

    Thanks,
    Shawn

    For background:
    On TNSR device1:
    Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
    Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
    Interface3 is connected to a second switch and has no IP address

    TNSR device2 :
    Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

    Interface 2 is connected to the 2nd switch and has no IP address

    Interface 3 is connected to the first switch and has no IP address

    As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

  • 120k Topics
    762k Posts

    @MarinSNB Hello, this was the instructions on 8311 wiki site to set up the SOURCE NAT on pdSense for DHCP but I am unable to Web Gui into 192.168.11.1. So, I'm reaching out to the pfSense community at large to see if there might be other configuration that I might need to tweak. Thanks for highlighting this.

  • 20k Topics
    127k Posts

    @smurph82
    pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.0.pkg
    Latest

  • 43k Topics
    267k Posts

    Também enfrentei problemas de lentidão e quedas constantes na conexão.

    Tudo começou com uma instabilidade na VPN. Após investigar, percebi que ela estava atribuindo o mesmo endereço IP para múltiplos clientes. Com o apoio da IA, identifiquei que o Common Name dos certificados de usuário deve ser único. Caso contrário, o OpenVPN não consegue entregar corretamente os endereços IP dentro do túnel para cada usuário.

    Além disso, é importante configurar corretamente os parâmetros de criptografia para melhorar o desempenho da conexão. Recomendo as seguintes definições:

    DH Parameter Length: 2048 Algoritmo de criptografia de dados: AES-128-GCM

    Vale lembrar que o desempenho também depende bastante do hardware utilizado.

    Configurações utilizadas.

    Captura de tela 2025-06-26 124049.png Captura de tela 2025-06-26 123913.png

  • Information about hardware available from Netgate

    2k Topics
    20k Posts

    Hmm, odd to see those values so far apart. But the B value should be the more accurate as it's the estimate for MLC devices. So, yes, that is shown as estimated at the end of it's ware life.

    You can try installing to USB instead.

  • Information about hardware available from Netgate

    44 Topics
    211 Posts

    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts

    I'm having the same issues, any chance of some upvotes?

    Thanks guys

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.