Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird VLAN issue

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    14 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ortizdr
      last edited by

      No floating rules.
      No Gateway on the LAN.
      The only thing special I have setup is a Multi-WAN redundant setup.

      Here is a really big kicker,
      I have a site-to-site vpn that can ping the VOICE interface and associated devices.

      LAN.PNG

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        Your wan would have nothing to do with pinging the voice..

        your not doing any odd outbound nat? Its just auto? What is the mask on your lan and your voice.. Lets see the output of your routing table

        Also validate the mask on your client.. I Don't really see how that could be an issue then.. lets say you had a /19 then that would end at 63 and you shouldn't be able to ping guest either. And if you had 20 it would be at 47..

        But yeah very odd. But lets validate the setup of the voice and lets see your routing table.. Do you have some odd route sending it elsewhere?

        what are you using on your tunnel network for your site to site - and what are the networks on the other side of the vpn?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • O
          ortizdr
          last edited by

          NAT is set at Auto.
          Endpoint for site-to-site is 10.34.1.0/24 connecting to 10.33.1.0/24 and 10.50.1.0/24
          Client is pulling from pFsense DHCP

          Routes.PNG

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            Yeah that all looks fine.. That makes no sense that you can not ping 10.50.1.1 from client on 10.33.1/24

            When you ping the that IP from a client, you sniff on lan on pfsense - and you see the traffic?

            You got no port forwards setup?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • O
              ortizdr
              last edited by

              Packet capture shows data flowing to pFsense, but nothing coming back.
              No port forwards.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                That is very odd.. So you see packet to 10.50.1.1 in the packet capture. And nothing in the log that it was blocked?

                But you can ping 10.60.1.1 from lan just fine?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • O
                  ortizdr
                  last edited by

                  Yup, Yup, and Yup!

                  Other then changing the VOICE subnet, i don't know what to do.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Yeah at loss, lets see if @Derelict or @stephenw10 are around and might have some ideas

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by Derelict

                      I have a site-to-site vpn that can ping the VOICE interface and associated devices.

                      What are the Phase 2 traffic selectors defined there?

                      Anything silly like captive portals?

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • O
                        ortizdr
                        last edited by

                        OMG!
                        🤦 🤦 🤦

                        I took a look at the settings for the VOICE Phase 2 and for some reason had the remote subnet setup as my LAN subnet.

                        I can now ping and access from the LAN.

                        Well, I'm a special one!

                        Thanks everyone for your help! Sorry to waste your time!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.