SG-1000 imported config not working

Gil · Apr 23, 2017, 2:02 AM

I have imported a config file from an APU1d4 router into a SG-1000 router and after deleting the extra LAN port the device has accepted all settings without reporting errors.
The issue I am having is that the SG-1000 will not run one of the Gateways. (The "BridgeGW")

The faulty gateway is for my Bridge between a Tap VPN client and the Lan. ("BridgeGW")
Gateway:
IPv4
Gateway:10.11.211.254
Monitor IP: 10.11.200.254

The Bridge Interface:
Static IP:10.11.211.254/24
IPv6: None

Wan Interface:
Static IP: 10.0.0.98

Other Interfaces (All set to IPv4: None & IPv6:None)
LAN1
VPN1

DHCP Server:
Bridge: 10.11.211.100 - 109

Static Routes:
10.11.200.0/24 Gateway:VPN1 Gateway - 10.11.200.254 Interface: VPN1

Gateways:
BridgeGW: Interface:Bridge00 Gateway:10.11.211.254 Monitor IP:10.11.200.254
VPN1_GW: Interface: VPN1 Gateway:10.11.200.254 Monitor IP:
WAN_GW: Interfface: WAN Gateway:10.11.211.254 Monitor IP:139.130.4.5

All interfaces are up
The VPN1 Tap is connecting to the server (An APU1d4 router) with:
VPN Server Tunnel Settings: IPv4 networks that will be accessible from the remote endpoint: 10.11.200.0/24

I get an error in the System logs:
System Logs/System/Gateways: "BridgeGW 10.11.200.254: Alarm latency 0us stddev 0us loss 100%"
System Logs/System/Routing "no auto-selected prefix on interface cpsw1, disabling advertisements.

This config works well on an APU1d4 Netgate Router. Any ideas why the SG-1000 is failing the gateway?
Do the interfaces require different firewall rules?

ivor · Apr 23, 2017, 2:12 PM

Why do you need a bridge?

Gil · Apr 23, 2017, 11:07 PM

I am running numerous clients to a single server, all with static routes to the server 10.11.200.254/24
All clients are 10.11.x.254/24. This results in a simple network structure.

I have a bridge between the Lan and the OVPN_Tap Interfaces. (Both have unassigned IP configs)
The Bridge is assigning these interfaces to its Static IPv4: 10.11.211.254.
I have 3 routing gateways:
WanGW:10.0.0.254 VpnGW:10.11.200.254 BridgeGW:10.11.211.254 (MonitorIP:10.11.200.254)
I can confirm the Tap connection to the server is successful.

This config works extremely reliably on Netgate APU1d4 hardware, but the routing is failing on the SG-1000.
The config from the APU imports into the SG-1000 quite well (once the additional Lan port is deleted).

Is there a difference between the way the APU1 & the SG-1000 routers handle their Interfaces?
The main difference I notice is the SG-1000 automatically mounts a Switch in Interfaces (for VLANS)

We are running a TAP VPN to allow multicast capabililties.

Gil · Apr 24, 2017, 1:37 AM

I should also mention that the server is an APU1d4 router. All APU1 clients are working and routing correctly with the "identical" config

GroundX · Apr 24, 2017, 9:56 AM

I had to rewrite interface configuration on my SG-1000s, config import seemed to fuck up the internal switch somehow. I didn't put any more effort on the problem since my configs was a 20min job to write. And then i exported the new SG-1000 config and imported to other SG-1000 just fine.

Gil · Apr 24, 2017, 10:44 PM

That sounds interesting I will have a look at the config file. Do you recall what was odd about the interface settings?

Gil · Apr 26, 2017, 12:52 AM

I have reviewed the config file and find nothing wrong with it.

I have double checked the hardware failure by exporting the troublesome config from the SG-1000;
imported it into an APU1 - and the routing works correctly.
(after assigning the interfaces back to re0 & re1 ports; from cpsw0 & cpsw1 ports).

There is definitely a mismatch between the two routers:
The question is:

Gil · Apr 26, 2017, 3:35 AM

The question is: Is the SG-1000 failing due to:

a) The network ports functionality
b) A bug in the firmware
c) Difference with the OVPN routing
d) Difference with the firewall functionality

Gil · Apr 26, 2017, 8:24 AM

Is there a tool to monitor the cpsw ports (other that ifconfig)?
I suspect that something in my config is not being supported by the nics.