• 2 Posts
  • 9 Comments
Joined 2 years ago
cake
Cake day: June 1st, 2023

help-circle
  • TreedavOPtohomelab@lemmy.mlVLAN Troubles
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Wow, that was a highly relevant thread! Feels like my search skills were lacking to not have come across that.

    Seems like I’m only a couple of adjustments away from getting this working, so I’ll give you some peace now. Thank you so much again for your time and advice!


  • TreedavOPtohomelab@lemmy.mlVLAN Troubles
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    When you ping google.com, does this resolve as Google’s v4 or V6 address

    It’s definitely returning the v4 address each ping.

    Which rule was this? But more importantly, in the Wireshark trace, does any traffic at all from 192.168.10.1 show up as a source IP?

    The “only allow access to internet” rule on the gaming interface which encapsulates the firewall alias I set as “privatenetworks” that included the LAN and gaming nets. As far as wireshark, I do see traffic from 192.168.10.1 as a source! Being totally fresh with you on the ARP broadcasts, with my current understanding, I don’t know if I’m picking it out right. I do see broadcast requests coming from my laptop to 192.168.10.1 via DNS with responses of AAAA ipv4only.arpa.

    To be clear, are you running 1 Gbps on the OPNSense interface and on all the switch ports?

    OPNSense has a 2.5 Gbps connection to from the modem to 2.5 Gbps port on the box itself. Then the switch that is connected to the LAN on both the OPNSense interface and the switch port are both 2.5 Gbps. The remainder of the ports on the switch are all also 2.5 Gbps capable, but there are some ports occupied by devices that only support a max of 1 Gbps.

    I did test the vlan by disabling ipv6 entirely and bam! All traffic flows no problem. Certainly a quick fix, but for no reason other than looking to understand and learn, I do want to get it working. I’ve got both LAN and the vlan set to track interface, and originally, both to allow manual adjustment of DHCPv6 and router advertisements. That seems to work no problem on the LAN with a prefix ID of 1, passes all ipv6 tests. On the vlan, though, prefix ID of 2, I do get the expected ipv6 leases with the corresponding ID, but it can never pass the ipv6 tests.


  • TreedavOPtohomelab@lemmy.mlVLAN Troubles
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Really appreciate your help on this!

    I’ve been messing with wireshark, but I’ll admit I’m not super sure how to interpret it all. Biggest thing standing out is some TCP retransmission packets, but nothing jumping out as an immediate failure. I realized I’m having similar difficulties across devices I test on the vlan. I’ve been using my laptop, and I can ping things like google.com or just the DNS of 8.8.8.8 no problem. I can’t ping the static router address of 192.168.10.1, but I think that’s because of the rule I have in place that includes all private networks, which includes the vlan net. I also realized that on the interfaces overview section, I’ve got 1 collision error on the LAN, and 2 in/out errors on the vlan on the out side, but I’m not sure how to assess those. Also correct that I am getting the expected DHCP assignments on the vlan side.


  • TreedavOPtohomelab@lemmy.mlVLAN Troubles
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I’m familiar with wireshark, but don’t have so much hands on experience with it. I’ll give it a shot and see the type of responses I’m getting back from the afflicted machine.

    In a the meantime, here’s some of the firewall rules I have set on the interface itself as well as some floating rules. I’m following the recent guide from home network guy to set this up.


  • TreedavOPtohomelab@lemmy.mlVLAN Troubles
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Hey! Thanks so much for the response.

    So correction again, I do have vlan10 assigned with an IP of 192.168.10.1/24, so that does appear correct.

    I have enabled ipv6 on both the vlan and the main LAN. I get assigned leases on both with the correct prefix I have set, and I have a requested prefix delegation of /60 on the WAN side, which also appears to have applied correctly. LAN I can pass all ipv6 tests, but the vlan I’m never able to pass any of the devices.


  • TreedavOPtohomelab@lemmy.mlVLAN Troubles
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Edit: so correction, the android and iphones can resolve certain domains, but I get timeouts with others. I’m running unbound as as the local resolver and have set the rule to allow traffic from the vlan to the DNS port.



  • I’d definitely prefer to have gone the AMD route for these, but N200 isn’t that awful, no? At least comparable to some Skylake gens? Not that that’s amazing in the modern day, but I’d say still capable enough with the included specs to not be too bogged down by some of the lighter distros.

    Better off with a Chromebook 10/10 times if you need something low powered, but I think it’s an interesting entry to the hardware space.