VPN Wifi Router Upstream Of SG1100
-
@uptheirons Let aside the fact that, because of the VPN, you cannot even place PfSense in front of it. They are (for all practical purposes) totally incompatible.
-
The AirCove will do basically the same thing as my ISP. It will hand out a gateway IP to the SG1100.
I don't think it's asking a whole lot from the SG not to do NAT, forward the VLAN request for IP, DHCP and DNS information and send that information back to the appropriate VLAN through the trunk port.
I don't need the SG to do anything related to MAC addresses except keep the ARP table of MAC and IP association. The AirCove does all the heavy lifting as far as MAC addresses go. If it hands out an IP it will record the MAC address and then it can do it's job.
-
@uptheirons Look, PfSense is a Layer 3 device. You want Layer 2 services. Not compatible. Each subnet in PfSense has it's own ARP table. Any MAC leaves a PfSense WAN is going to be the MAC of the WAN NIC. PfSense is not a layer 2 switch. Not even a layer 3 switch.
The closest you can get is by creating a bridge in PfSense, and lose all filtering (pf) functions, but by then the device has no point. You need a managed switch.
Look at it another way. The only type of device that passes MAC's of other devices through it's ports is a switch. If the AirCove doesn't support VLANs, but has 4 ports (I suspect), instead of creating a trunk on the switch, use port-based VLANs (not 801 based) and connect one ethernet pre VLAN from the switch to AirCove. Can't think of anything else.
Or, just lose the AirCove (use it as an AP or something, with DD-WRT) and use the SG1100 in it's place for ExpressVPN. You will get a much better firewall that way in the end, anyway.
-
This post is deleted! -
This post is deleted! -
-
Pfsense does hybrid functions or else it wouldn't have built in VLAN support.
I understand I need a managed L3 for what I want to do. My purpose for the experimentation was to try and make pfsense the substitute router portion of an L3 since it has VLAN capabilities. A poor man's L3 if you will.
The AirCove is a rebranded GL.iNet router and built upon OpenWRT. However it uses the lightway protocol which is proprietary and works much faster than the other protocols I've experimented with on open source VPNs.
I'll keep the AirCove for that reason alone and ditch the SG for routing.
I've got another reason to keep the SG but I would've liked for it to be all inclusive instead of having to buy an L3 switch.
Edit: Lightway is open source however Express created it and I don't know of another router that uses it.
-
@uptheirons If you know all that, then surely you know the specs of SG1100, and thus, that it lacks a switch IC, let alone ports. Then, before even getting an account here, you must have known that you cannot use the SG1100 for what you are asking, all by your lonesome. What is then, I ask, the point of this thread, even. Since you knew all that from the start.
-
@uptheirons Also, for what you want to do, you need a managed L2, VLAN capable switch. Good day.
-
The SG being pfsense, being BSD I thought would be more configurable. I've never had any real experience with BSD so I didn't know what it actually would or wouldn't do and the user manual doesn't make it any more clear. Most people who use pfsense either have to come to forums like this to get information or they have to go through hundreds of pages or videos of pfsense recipes or tutorials to achieve the results they're looking for. The fact the switch is on a chip makes it confusing out of the gate.
Managed L2 isn't going to do routing and anything that's not VLAN aware like the AirCove won't work over a trunked port.
-
@uptheirons ... DHCP is a Layer 2 protocol. That means it uses frames (L2, MAC Address) not packets (L3, IP address). Routing is a L3 process. Only. Doesn't preserve MAC addresses.
-
The switch is ALWAYS on a chip. PfSense (and netgate devices, except 1, I think), being firewall appliances (a Layer 3 device) do not need switches (to have a switch chip on them), because they do not perform it.
@uptheirons said in VPN Wifi Router Upstream Of SG1100:
The SG being pfsense, being BSD I thought would be more configurable. I've never had any real experience with BSD so I didn't know what it actually would or wouldn't do and the user manual doesn't make it any more clear. Most people who use pfsense either have to come to forums like this to get information or they have to go through hundreds of pages or videos of pfsense recipes or tutorials to achieve the results they're looking for. The fact the switch is on a chip makes it confusing out of the gate.
No, friend. It's just that there are people that have a great deal of experience setting up networks, there are people who do not and want to learn and people who just cannot understand that they have no such knowledge yet.
-
-
Nobody is arguing the difference between L2 and L3. You said I needed a managed L2 switch which won't do me any good for routing vlans on different subnets.
And there are such things as dhcp relay agents to get IPs from different subnets. Pfsense actually has that feature.
People with a great deal of experience setting up networks would know that...friend.
