Nope no site to site VPN with a network of 192.168.30.x, client only. I use VPN for my laptop when I am away form the home office and such. But I don't ever remember a hotel Wifi or other locations having 192.168.x.x networks usually they have 10.x.x.x.
I have done multiple reboots and the route with 192.168.30.0/24 via 172.16.124.2 dev tun0 hasn't come back. So yes something was fixed. We just don't know what did what and that bothers me. I imported my old configuration into a new router two weeks ago, and the old router is sitting on the shelf waiting for replacement memory that went bad. Also started to re-factor how I am isolating my server farm from other traffic those are the only two configuration actions I have taken in say in a year with Untangled. Unless you want to also account for the update to 16.6.2 that was pushed out over a month ago.
-
If I recall correctly tun0 is a VPN interface, which suggests you have a VPN configured on the unit that created that route. Mucking around in the console didn't fix anything, because on next reboot you'll be right back where you started.
192.168.30.0/24 exists in a state of conflict, you must fix the confict.
I repeat, YOU HAVE FIXED NOTHING.Leave a comment:
-
What I did this morning was SSH into the system and ran these commands:
ip route del 192.168.30.0/24 via 172.16.124.2 dev tun0
ifdown eth2.30
ifup eth2.30
and the routing table is now correct and VLAN 30 is working:
Code:107.218.228.0/22 dev eth0 proto kernel scope link src 107.218.230.178 107.218.228.1 dev eth0 scope link 172.16.124.0/24 via 172.16.124.2 dev tun0 172.16.124.2 dev tun0 proto kernel scope link src 172.16.124.1 192.0.2.0/30 dev br.lxc proto kernel scope link src 192.0.2.1 linkdown 192.0.2.200/30 dev utun proto kernel scope link src 192.0.2.200 192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.252 192.168.11.0/24 dev eth2.11 proto kernel scope link src 192.168.11.254 192.168.14.0/24 dev eth2.14 proto kernel scope link src 192.168.14.254 192.168.20.0/24 dev eth2.20 proto kernel scope link src 192.168.20.254 192.168.30.0/24 dev eth2.30 proto kernel scope link src 192.168.30.254
Maybe some things are just best to be let unknown?Leave a comment:
-
I think I found the problem take a look at the routing table for 192.168.30.0/24. Why did Untangle build the routing table like this? Looks like a bug to me it should have had the same attributes of 192.168.20.0/24
= IPv4 Table main =
107.218.228.0/22 dev eth0 proto kernel scope link src 107.218.230.178
107.218.228.1 dev eth0 scope link
172.16.124.0/24 via 172.16.124.2 dev tun0
172.16.124.2 dev tun0 proto kernel scope link src 172.16.124.1
192.0.2.0/30 dev br.lxc proto kernel scope link src 192.0.2.1 linkdown
192.0.2.200/30 dev utun proto kernel scope link src 192.0.2.200
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.252
192.168.11.0/24 dev eth2.11 proto kernel scope link src 192.168.11.254
192.168.14.0/24 dev eth2.14 proto kernel scope link src 192.168.14.254
192.168.20.0/24 dev eth2.20 proto kernel scope link src 192.168.20.254
192.168.30.0/24 via 172.16.124.2 dev tun0Leave a comment:
-
Added a new VLAN interface with 16.6.2 and no return traffic routes to this VLAN
I am working on creating a new VLAN tagged 30 to put all my severs on. It would have close to the same firewall configuration as my default until I can get hosts on it and start locking down. ie. It's wide open to the all other networks. Any machine I connect to this VLAN will get a DHCP so I know there is bidirectional between the NGFW and the device, I can see the network session just fine in the logs but the response from the remote device never gets routed back to this VLAN. I have tried to ping though the FW to other VLAN's and from other VLAN's back to this one.
I have tried 3 times with:- create VLAN
- reboot
- test
Then:- remove VLAN
- ]reboot
To try to get this new VLAN to work. I have the other 3 VLANs still working fine it's just this fourth one for some reason will not work. Here is snap of my interfaces:
Leave a comment: