3. VPN tunnel woes on XG-7100-1U using built-in WAN and LAN VLANs

VPN tunnel woes on XG-7100-1U using built-in WAN and LAN VLANs


    • Hey guys, it's the programmer (masquerading as a networking guy) again (translates: out-of-his depth, league).
    • I have four geographic sites running Netgate XG-7100-1U with optional NICs.
    • I have IPSEC site-to-site tunnels up and running between the sites, and also to Microsoft Azure.
    • I have remote access OpenVPN working.
    • All of this works great when I setup my own WAN and LAN interfaces on the optional NIC.
    • Everything (except the Azure S2S tunnels) breaks when I try to use the built in WAN and LAN (4090 and 4091) that came somewhat pre-configured.
    • I suspect it has something to do with VLANs (of which I have limited understanding)
    • I have a handful of subnets that I would like to setup, so I am anxious to use ETH1, and ETH2-8 for WAN and LAN, leaving the optional card open for other uses (Subnets, VLANs)
    • Giving up would be easy, but then I wouldn't come to understand what I am doing wrong.
    • Thoughts?

    Thanks.

    0
  • LAYER 8 Netgate

    There is no meaningful difference between using router ports and those switch ports when it comes to getting something like a VPN running. There are no VLAN tags out on the wire. It is an untagged port.

    I would look at the logs and see what is failing. Post here if you aren't quite sure what you're looking at.

    I assume the internet works fine and it's just the VPNs you're having problems with?

    1 2 Replies

  • @Derelict Will do. From what I read in the manual (and not knowing jack about networking I have been reading for days), you are exactly right; those 4090 and 4091 tags are only used internal to the device. I will follow your advice, and post back.

    0

  • @Derelict Problem Solved! Thanks. Your suggestion of reviewing the logs put me right on it. I was typing FQDNs (rather than hard-coded IP addresses) in the IPSEC P1 RemoteGateway option, which works great when you don't fat-finger the name--couldn't resolve my typo. BTW--This product (pfSense) is incredible... the log pages are awesome... and I am back on track. Thank you.

    There's a lesson here... I jumped on the default WAN LAN interfaces because that is what I changed... but it was basic troubleshooting that prevailed (we geeks make problems as complicated as we can).

    1
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy