Categories

• TNSR

  Discussions about TNSR

  May 6, 2025, 9:31 PM

  • TNSR Announcements
  • TNSR Feedback
  • Problems Installing or Upgrading TNSR Software
  450 Topics

  1k Posts

  S May 6, 2025, 9:31 PM

  I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

  What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

  When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

  interface bridge domain 10
  flood
  uu-flood
  forward
  learn
  exit

  int Interface1
  bridge domain 10
  enable
  exit
  int Interface1.22
  bridge domain 10
  enable
  exit
  interface loopback bridgeloop
  instance 1
  exit
  interface loop1
  ip address 10.25.254.1/24
  bridge domain 10 bvi
  enable
  exit

  I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

  Thanks,
  Shawn

  For background:
  On TNSR device1:
  Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
  Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
  Interface3 is connected to a second switch and has no IP address

  TNSR device2 :
  Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

  Interface 2 is connected to the 2nd switch and has no IP address

  Interface 3 is connected to the first switch and has no IP address

  As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

• pfSense® Software

  Discussions about pfSense Software, click a category below

  3 minutes ago

  • Messages from the pfSense Team
  • General pfSense Questions
  • Multi-Instance Management
  • Problems Installing or Upgrading pfSense Software
  • Firewalling
  • NAT
  • HA/CARP/VIPs
  • L2/Switching/VLANs
  • Routing and Multi WAN
  • Traffic Shaping
  • DHCP and DNS
  • IPv6
  • IPsec
  • OpenVPN
  • Captive Portal
  • webGUI
  • Wireless
  • SNMP
  • Documentation
  • Development
  • Gaming
  • Virtualization
  • Hardware
  • Bounties
  • Retired
  120k Topics

  762k Posts

  B 3 minutes ago

  @MarinSNB Hello, this was the instructions on 8311 wiki site to set up the SOURCE NAT on pdSense for DHCP but I am unable to Web Gui into 192.168.11.1. So, I'm reaching out to the pfSense community at large to see if there might be other configuration that I might need to tweak. Thanks for highlighting this.

• pfSense Packages

  Discussions about pfSense software packages

  about 13 hours ago

  • Cache/Proxy
  • IDS/IPS
  • Traffic Monitoring
  • pfBlockerNG
  • UPS Tools
  • ACME
  • FRR
  • Tailscale
  • WireGuard
  20k Topics

  127k Posts

  D about 13 hours ago

  @smurph82
  pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.0.pkg
  Latest

• pfSense International Support

  Discuss pfSense in other languages

  about 15 hours ago

  • Chinese
  • Deutsch
  • Español
  • Français
  • Indonesian
  • Italiano
  • Russian
  • Nederlands
  • Norwegian
  • Portuguese
  • Polish
  • Romanian
  • Swedish
  • Turkish
  43k Topics

  267k Posts

  R about 15 hours ago

  Também enfrentei problemas de lentidão e quedas constantes na conexão.

  Tudo começou com uma instabilidade na VPN. Após investigar, percebi que ela estava atribuindo o mesmo endereço IP para múltiplos clientes. Com o apoio da IA, identifiquei que o Common Name dos certificados de usuário deve ser único. Caso contrário, o OpenVPN não consegue entregar corretamente os endereços IP dentro do túnel para cada usuário.

  Além disso, é importante configurar corretamente os parâmetros de criptografia para melhorar o desempenho da conexão. Recomendo as seguintes definições:

  DH Parameter Length: 2048 Algoritmo de criptografia de dados: AES-128-GCM

  Vale lembrar que o desempenho também depende bastante do hardware utilizado.

  Configurações utilizadas.

  Captura de tela 2025-06-26 124049.png Captura de tela 2025-06-26 123913.png

• Official Netgate® Hardware

  Information about hardware available from Netgate

  about 17 hours ago
  2k Topics

  20k Posts

  S about 17 hours ago

  Hmm, odd to see those values so far apart. But the B value should be the more accurate as it's the estimate for MLC devices. So, yes, that is shown as estimated at the end of it's ware life.

  You can try installing to USB instead.

• Netgate Announcements

  Information about hardware available from Netgate

  Dec 21, 2024, 9:29 AM
  44 Topics

  211 Posts

  A Dec 21, 2024, 9:29 AM

  It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  3 days ago

  • Forum Feedback
  • Community Job Board
  3k Topics

  19k Posts

  C 3 days ago

  I'm having the same issues, any chance of some upvotes?

  Thanks guys