Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN tunnel woes on XG-7100-1U using built-in WAN and LAN VLANs

    Official Netgate® Hardware
    2
    4
    434
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JSchenkJ
      JSchenk
      last edited by

      • Hey guys, it's the programmer (masquerading as a networking guy) again (translates: out-of-his depth, league).
      • I have four geographic sites running Netgate XG-7100-1U with optional NICs.
      • I have IPSEC site-to-site tunnels up and running between the sites, and also to Microsoft Azure.
      • I have remote access OpenVPN working.
      • All of this works great when I setup my own WAN and LAN interfaces on the optional NIC.
      • Everything (except the Azure S2S tunnels) breaks when I try to use the built in WAN and LAN (4090 and 4091) that came somewhat pre-configured.
      • I suspect it has something to do with VLANs (of which I have limited understanding)
      • I have a handful of subnets that I would like to setup, so I am anxious to use ETH1, and ETH2-8 for WAN and LAN, leaving the optional card open for other uses (Subnets, VLANs)
      • Giving up would be easy, but then I wouldn't come to understand what I am doing wrong.
      • Thoughts?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        There is no meaningful difference between using router ports and those switch ports when it comes to getting something like a VPN running. There are no VLAN tags out on the wire. It is an untagged port.

        I would look at the logs and see what is failing. Post here if you aren't quite sure what you're looking at.

        I assume the internet works fine and it's just the VPNs you're having problems with?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        JSchenkJ 2 Replies Last reply Reply Quote 1
        • JSchenkJ
          JSchenk @Derelict
          last edited by

          @Derelict Will do. From what I read in the manual (and not knowing jack about networking I have been reading for days), you are exactly right; those 4090 and 4091 tags are only used internal to the device. I will follow your advice, and post back.

          1 Reply Last reply Reply Quote 0
          • JSchenkJ
            JSchenk @Derelict
            last edited by

            @Derelict Problem Solved! Thanks. Your suggestion of reviewing the logs put me right on it. I was typing FQDNs (rather than hard-coded IP addresses) in the IPSEC P1 RemoteGateway option, which works great when you don't fat-finger the name--couldn't resolve my typo. BTW--This product (pfSense) is incredible... the log pages are awesome... and I am back on track. Thank you.

            There's a lesson here... I jumped on the default WAN LAN interfaces because that is what I changed... but it was basic troubleshooting that prevailed (we geeks make problems as complicated as we can).

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.