Announcement

Collapse
No announcement yet.

Added a new VLAN interface with 16.6.2 and no return traffic routes to this VLAN

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Added a new VLAN interface with 16.6.2 and no return traffic routes to this VLAN

    I am working on creating a new VLAN tagged 30 to put all my severs on. It would have close to the same firewall configuration as my default until I can get hosts on it and start locking down. ie. It's wide open to the all other networks. Any machine I connect to this VLAN will get a DHCP so I know there is bidirectional between the NGFW and the device, I can see the network session just fine in the logs but the response from the remote device never gets routed back to this VLAN. I have tried to ping though the FW to other VLAN's and from other VLAN's back to this one.

    I have tried 3 times with:
    • create VLAN
    • reboot
    • test

    Then:
    • remove VLAN
    • ]reboot

    To try to get this new VLAN to work. I have the other 3 VLANs still working fine it's just this fourth one for some reason will not work. Here is snap of my interfaces:

    Click image for larger version Name: image.png Views: 173 Size: 48.8 KB ID: 396491
    Tags: None
  • #2
    I think I found the problem take a look at the routing table for 192.168.30.0/24. Why did Untangle build the routing table like this? Looks like a bug to me it should have had the same attributes of 192.168.20.0/24

    = IPv4 Table main =
    107.218.228.0/22 dev eth0 proto kernel scope link src 107.218.230.178
    107.218.228.1 dev eth0 scope link
    172.16.124.0/24 via 172.16.124.2 dev tun0
    172.16.124.2 dev tun0 proto kernel scope link src 172.16.124.1
    192.0.2.0/30 dev br.lxc proto kernel scope link src 192.0.2.1 linkdown
    192.0.2.200/30 dev utun proto kernel scope link src 192.0.2.200
    192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.252
    192.168.11.0/24 dev eth2.11 proto kernel scope link src 192.168.11.254
    192.168.14.0/24 dev eth2.14 proto kernel scope link src 192.168.14.254
    192.168.20.0/24 dev eth2.20 proto kernel scope link src 192.168.20.254
    192.168.30.0/24 via 172.16.124.2 dev tun0

    Comment

    • #3
      Looks like a network range conflict with a remote site.
      Attention: Support and help on the Untangle Forums is provided by
      volunteers and community members like yourself.
      If you need Untangle support please call or email [email protected]

      Comment

      • #4
        What I did this morning was SSH into the system and ran these commands:

        ip route del 192.168.30.0/24 via 172.16.124.2 dev tun0

        ifdown eth2.30

        ifup eth2.30

        and the routing table is now correct and VLAN 30 is working:

        Code:
        107.218.228.0/22 dev eth0 proto kernel scope link src 107.218.230.178
107.218.228.1 dev eth0 scope link
172.16.124.0/24 via 172.16.124.2 dev tun0
172.16.124.2 dev tun0 proto kernel scope link src 172.16.124.1
192.0.2.0/30 dev br.lxc proto kernel scope link src 192.0.2.1 linkdown
192.0.2.200/30 dev utun proto kernel scope link src 192.0.2.200
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.252
192.168.11.0/24 dev eth2.11 proto kernel scope link src 192.168.11.254
192.168.14.0/24 dev eth2.14 proto kernel scope link src 192.168.14.254
192.168.20.0/24 dev eth2.20 proto kernel scope link src 192.168.20.254
192.168.30.0/24 dev eth2.30 proto kernel scope link src 192.168.30.254

        Maybe some things are just best to be let unknown?

        Comment

        • #5
          If I recall correctly tun0 is a VPN interface, which suggests you have a VPN configured on the unit that created that route. Mucking around in the console didn't fix anything, because on next reboot you'll be right back where you started.

          192.168.30.0/24 exists in a state of conflict, you must fix the confict.

          I repeat, YOU HAVE FIXED NOTHING.
          Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
          NexgenAppliances.com
          Phone: 866-794-8879 x201
          Email: [email protected]

          Comment

          • #6
            Nope no site to site VPN with a network of 192.168.30.x, client only. I use VPN for my laptop when I am away form the home office and such. But I don't ever remember a hotel Wifi or other locations having 192.168.x.x networks usually they have 10.x.x.x.

            I have done multiple reboots and the route with 192.168.30.0/24 via 172.16.124.2 dev tun0​ hasn't come back. So yes something was fixed. We just don't know what did what and that bothers me. I imported my old configuration into a new router two weeks ago, and the old router is sitting on the shelf waiting for replacement memory that went bad. Also started to re-factor how I am isolating my server farm from other traffic those are the only two configuration actions I have taken in say in a year with Untangled. Unless you want to also account for the update to 16.6.2 that was pushed out over a month ago.



            Comment

            Previous template Next
            Working...
            X