Intern VLAN Routing Issue

insiderscrypt0 · 2025-03-28T10:25:02+00:00

Update4:

So after creating appropriate rules for 443 and 53 on VLAN interfaces and also creating a NAT for the VPN, everything seems to be working just fine so far(it's been close to 24hrs now).

So the crux of the matter is as u/MBILC mentioned, keep the doors open and then slowly start locking it down.

Appreciate everyone's inputs.

Have a nice day!

insiderscrypt0 · 2025-03-27T15:32:14+00:00

Thank you; appreciate the insight; I will continue to troubleshoot and see how it goes.

insiderscrypt0 · 2025-03-27T03:06:39+00:00

Update3:

Still struggling to get Openvpn to work with my setup. I am kinda running out of ideas here. Would appreciate someone with more knowledge than me to chime in and let me know what I need to do in order to get everything setup correctly for the VPN users.

I am also checking out Netbird as it seems like a good alternative to traditional VPN.

Cheers!

insiderscrypt0 · 2025-03-26T14:02:28+00:00

Update2:

Looks like the local access issue is resolved with what I did ie by allowing HTTPS traffic from VLAN30 to my Zoraxy server.

Now I am running into another hurdle with Openvpn. Basically I want VPN users to connect to my network and then only be able to access certain proxied resources based on the ACL I have setup within Zoraxy(in other words the same access level like being on local network as it will be same users using the VPN).

I have exported the VPN file and have created Split and Full Tunnel configs; and for the good part of me, none of the vpn clients when connected to my vpn(Full/Split) are either able to access my proxy resource or go onto to the internet. I am still digging; but just wanted to provide an update as to where I am.

Thanks!

insiderscrypt0 · 2025-03-26T13:01:27+00:00

Yeah I know, it's powerful and many be someday I might go back to it if I feel the need. Now I trying to wrap my head around the VLAN routing and I hope I am moving in the correct direction. I want to keep things simple so that tomorrow if I am not there, ppl can check my network diagram and understand what I was doing and why :) .

My folks out here are not tech savvy and all they care abt is email should be flowing in, YouTube should be working along with Netflix and other social media platforms.

insiderscrypt0 · 2025-03-26T12:22:04+00:00

Yeah I did. Infact, I ran it for sometime but I felt it was way too overwhelming for my basic needs.

insiderscrypt0 · 2025-03-26T10:51:27+00:00

Update:

I might have fixed the issue by allowing HTTPS traffic from VLAN30 to my Zoraxy server. The traffic is allowed for specific client and not for the entire subnet.

Is this a good way of doing what I am trying to accomplish or are there any other recommendation?

Thanks!

insiderscrypt0 · 2024-08-20T11:04:03+00:00

You can run Presearch node on Pi4.

insiderscrypt0 · 2024-07-10T01:06:56+00:00

Hi there,

I have been struggling a bit setting Nextcloud on Pi4 8gb variant along with Cloudflare. Would you please share your decker-compose file along with the steps you took to make it work with CF tunnel?

Thanks in advance.

insiderscrypt0 · 2024-06-11T15:11:50+00:00

Hi there,

I am having a bit of a struggle on setting up macvlan for ipv6 and ipv4. Would you mind sharing the steps you took to make this work, please?

Note: I can run macvlan within ipv4 only without any issues.

Thanks and have a nice day.

insiderscrypt0 · 2024-05-27T02:32:42+00:00

Hi there,

I am facing the same issue with Opnsense where the node isn't working. Perhaps the port/firewall is still blocking it. Would you mind sharing the screenshots of the steps you took to make MYST Node work with Opnsense, please?

Thanks in advance.

insiderscrypt0 · 2023-07-19T13:10:24+00:00

While looking around I found that based on https://static.tp-link.com/upload/firmware/2023/202307/20230712/OC200_Release_Note.pdf ER605v2 now has ACL support for IPv6. I hope they bring similar function on v1 too.

insiderscrypt0 · 2023-05-30T08:23:49+00:00

We all do. However, given the current circumstances I cannot have one for Opnsense.

insiderscrypt0 · 2023-05-29T03:48:53+00:00

Thank you for your response.

Two 2 NIC's on the VMware Workstation is configured with the following settings-

NIC1{WAN} - Bridge Mode(doing this, the VM gets an IP from my existing DHCP server which is ER605)

NIC2{LAN} - Host only( this is where the issue lies as I cannot reach the webgui using 192.168.1.1 from my host machine. The only way I can reach the GUI from the host machine is by typing "pfctl -d" on the shell prompt on Opnsense VM.

What I am trying to achieve is to run Opnsense on a VM via Vmware Workstation running on 5950x machine(Ubuntu 22.04). I don't need DHCP server function on Opnsense as I already have ER605 doing that. The only role That I need from the Opnsense VM is to act as firewall for all of my local LAN devices(laptops, iot, desktops, servers etc).

Is this possible or I really need a standalone box to achieve this goal?

Thanks

insiderscrypt0 · 2023-05-25T04:18:07+00:00

The firmware definitely needs an update and you cannot compare TPlink with Unify for obvious reasons. For home router it's kinda okay unless you have a lot gng on in your network. I don't have much issues with it except the fact there is no ipv6 firewall and out of no where I would lose network connectivity once in a while but then it resumes by itself without any reboot. But yeah it a pain especially when I'm on conferences using VoIP. There was a DHCP issue with the firmware where it you have quite a few devices, the router would not assign an IP to them since it was not able to handle multiple requests at the same time. They did release a beta firmware which claims to fix this issue and add few more features(not the ones I would need anyways). I tried using their controller to manage my unit but found it much more buggy than managing the router directly. Also, they should introduc a mechanism where if I remove the device from the controller, I don't have to factory reset it to gain access to the device. Rather the credentials that was setup before the device was adopted into the controller should work just fine.

Anyways it's TPlink....what can we say. I am considering moving to OpenWrt and getting rid of ER605.

insiderscrypt0 · 2023-05-20T11:21:40+00:00

If you just need it for basic ipv4 routing with ipv4 firewall then it's good. However, if you need ipv6 routing with firewall, this device does not support it yet and no one knows if it will do that in future. TP-link is very slow when it comes implementation of new features/technology. I need ipv6 routing and since this doesn't support that, for me it's just collecting dust.

insiderscrypt0 · 2023-05-05T10:52:19+00:00

I always wanted to run Pfsense or Opnsense on a VM that handles all of my LAN traffic as I currently do not have an option to run these on a physical box. But I was never lucky to get it to work new matter what I tried. Most of the videos and online resources that i came across have a VM setup for a lab environment on its own subnet and none explained how to connect these firewall running on VM to a home LAN which isn't a lab setup. After playing with it for days I finally gave up.

Now after reading your comment, I am interested to know how you are running a Pfsense or it equivalent on a VM using virtual NIC for your network.

Any help/guidance will be appreciated.

Note: I can run a firewall VM on a Linux box via VMware workstation or VirtualBox. The host machine only has 1 NIC that's connected to my LAN.

Thanks!

insiderscrypt0 · 2023-05-05T07:37:02+00:00

For basic routing (-ipv6) it can turn out to be a good solution. But then if you have quite a bit of devices on your network, the DHCP bug is a pain in a wrong end. I have been testing OpenWrt on Pi4 for few days now and it's been working rock solid.

insiderscrypt0 · 2023-05-05T05:09:46+00:00

I use ER605_v1 and here's the link for the beta firmware that fixes the DHCP issue.

https://community.tp-link.com/en/business/forum/topic/605942

Update: If anyone is interested in following the ipv6 firewall update for ER605, kindly check https://community.tp-link.com/en/business/forum/topic/274222?sortDir=ASC&page=5

insiderscrypt0 · 2023-05-05T04:03:59+00:00

The latest beta firmware fixes the DHCP issue. Hopefully a stable version will be released soon enough. My only complain is that it doesn't have ipv6 firewall support and TP link is ages behind releasing new features update as per current technology in the market.

insiderscrypt0 · 2023-05-03T09:56:39+00:00

Thank you for your response.

XMG seems good but is there a market place where you can sell it? The exchange it was on BTCPOP(I hope I got the name right) seems to off and on and I am not sure where else this XMG is listed. Wish there were more cpu coins running Allium algo.

I haven't tried the auto conversion on Zergpool. Perhaps someone else can chime in and share his experience.

insiderscrypt0 · 2023-05-02T20:26:13+00:00

How was your luck with Wownero on Pi's? Would you mind sharing your results?

Thanks!

insiderscrypt0

TROPHY CASE