#networking

Was using vyos as the router initially and that was working fine before I added pfsense between that and the internet.

but why pfsense

I have a feeling it’s a dhcp collision thing but idk

when you have vyos

@peak cloakTeachers

?

I set both the ip on vyos and pfsense to static so not sure. I'll check if it's a problem on my main router seperate from this whole project but I think it was showing up in dhcp clients.

It's a project for school. My teacher wanted pfsense and vyos

doesn't seem like DHCP problem @pulsar thorn

weird

https://cdn.discordapp.com/attachments/375444941905854464/912078844662542408/unknown.png

could you draw a diagram

Thought clients on main net were picking up, idk

of like networks and stuff

Of the network?

ye

Sure! I already have one made, one sec

that way ik what the ips mean

Not perfect but hopefully this helps!

I can log in to pfsense from any computer on the internal network in that diagram. Just can't seem to talk with the internet anymore.

PC to Internet?

or PF to Internet?

Yeah, any of the pcs in that diagram to the internet

First thing I’d check is that you’ve set rules on pf to allow devices to internet

So like, I can use the PCs on that network to log in to pfSense ( so dont think its a routing issue, could be wrong though )

I haven't touched pf at all since installing it. I think I maybe changed some dns settings but I don't know how to work it 😅

so it worked before?

The network worked before adding pfSense between the router and the internet.

ok I think I know why

I was able to access websites and what not.

does pfsense get a public IP?

and can you ping the internet from PF?

The rule at the bottom is the one I added to allow LAN (all interfaces bridged) to the internet, it’s a very crappy solution but it works

No, it does not. There's more to the diagram that I left out, like my main network for my home. PF is connected into my main home router and is getting an ip from that. In this case, 10.1.0.102. I guess that could be a "public IP" but it is not accessible from outside my lan.

One second, let me take a look!

That’s what we meant haha

that's a CGNAT IP, not piblic

Pfsense will show that as public though

yeah ik

just clarifying, if you get internet through that, that works, but it's not a global IP, in better terms

This is what my rules thingy looks like right now

still very confused by the network so idk

Default allow lan to any should be working though

using global IPs too? which I assume is for school

@peak cloakSorry! It's connected to a router that has internet so it should be working.

Im thinking go with this one for my home network
Zyxel XGS1010
https://www.zyxel.com/products_services/12-Port-Unmanaged-Multi-Gigabit-Switch-with-2-Port-2-5G-and-2-Port-10G-SFP--XGS1010-12/specifications

so the "internet" cloud is another device?

Yes

ok

makes more sense

I’m guessing ISP > Main network > pfsense > vyos?

Yep! Ish :p

ISP > Modem > Main Router > Bridged adapter - goes to pfsense > Vyos

Yup okay

So everything on your main network is working fine…?

Yep! Working right now.

That's why I'm a bit confused 😅

ah

the computers I was testing were giving dns errors

idk if thats helpful

If you're trying to access pfSense behind that router, you're running into double NAT.

well judging by your screenshot it's probobly not DNS

You'll either need to disable NAT on the main router or port forward ports from the main router to pfSense's

I'll be triple NAT'd I know, I don't care cause it's just a test

why are you using global IPs internally

that's what I think may be causing issues

not sure what you mean

You mean 10.x.x.x?

200.200.0.1/24, 210.45.0.1/24 ?

Oh lol

ohhh, I just picked networks at random

noo

you can't do that

refer to https://en.wikipedia.org/wiki/Reserved_IP_addresses

o, well i mean it was working fine before so idk

idk either

but it's not helping

like

everything will be getting natted so it'll be fine

well you may run into weird issues like this

I HIGHLY reccomend you change the subnets

In theory it might be ok but in the real world it’ll break down

use ips from 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8

idk, vyos is natting things to the pf so it should still be working fine right now, right?

If you can get rules to work then just change the ips and you should be fine?

change the ips

it may not be the issue now, but like

i cant right now unfortunately D:

ok so from this

@sweet moss what were you pinging?

www.google.ca

So vyos is saying it can’t reach it?

yeah that's what it looks like

if 192.168.0.1 is vyos

it is

show routing table in vyos

wait, so vyos cant reach pf but I'm logged in to pf right now?

How do I do that? 😮

no it can't reach google.com

uhh I think show ip route

let me check rq

that worked, 1 sec!

yeah

it doesn't have a global route

so you need to add one

o, im not familiar with that 😅 but thank you for helping so far

Vyos is outside my knowledge lol I can’t help with that, only pf :(

I can

ty for your help too :3

looking up the command rn

well trying to ssh into my vyos box rn

xD thank you

but the pub key is on my linux

ok in

@sweet moss set protocols static route 0.0.0.0/0 next-hop 192.168.0.2

assuming 192.168.0.2 is pfsense?

It is! I'll try that

and does pfsense have internet access

One second, restarting it quickly

? no need

yes it does I believe. It is connected to the internet but idk if you meant like checking in pf sense or what

vyos doesn't require restart for config chances

I had to restart it for something else

oh ok

and check if you can ping 1.1.1.1 from pfsense

Added that static route and everything immediately started working!

great

Thank you so much

vyos sometimes adds a default 0.0.0.0/0 route

idk the exact criteria

I think when it gets an IP from dhcp

I had it directly connected to my router previously so maybe that's why it didn't in this case.

but yeah 0.0.0.0/0 represents the internet

so you had to route to the internet, and it didn't know where to go and said "Destination host unreachable"

I feel dumb now lol

it's all part of learning

that's like the first thing I check when I get ping errors like those

the routing table

I'm so bad when it comes to understanding the whole routing thing, never fully learned it

Was too busy having trouble learning subnetting haha but finally got that for the most part

Looking at the original ping screen shot, it said "destination net unreachable" which would have pointed directly to a routing issue. "Destination host unreachable" is for reaching a host within a network

Ooo, never knew there were two different messages. I've only ever seen host unreachable and guess I just saw that again this time around

There are actually quite a few and very useful for determining where to start tshooting

didn't even notice that

learn something new every day

time to factory reset pfsense after messing with so many settings in case i broke something :>

That’s the worst feeling

its not a network issue

If I do a PTP with 10gb nic cards
Then I should get around 1gb transfer ... right ?

This
ASUS XG-C100C 10 Gbps

Um...You could hypothetically get higher, but the write speed of your storage might be limiting the speed. If you use a different protocol you might be able to get faster speeds.

Yea ... Im aware of that .. disk speed
I get good speed now (1gb speed) from the hdd ,, around 140mb depending on filesize and so on ..

1 gigabyte/s yes

Mooooore networking questions. Having trouble forwarding GRE using VyOS, if anyone has any suggestions :p

Don't think you can pnat GRE

o

wonder how i can 'forward' it or whatever its called

Maybe you can pass it to the next ip

Let me see

oki

Was setting up RRAS and found out I had two ports to forward and am now running into this issue :p

Well gre is not a port based protocol

Not tcp/udp based which has the concept of ports

hm

vyos was giving me an error similar to that, saying I couldnt setup ports for GRE

time to find more yt tutorials ig lol

Whats the config look like? As Present said, GRE is not port based.
I'm a Juniper guy and VyOS is close so see if removing the config for ports is possible

If not, check is VyOS has a nat static hierarchy

Config? Honestly don't really have one. Just setup a rule similar to the others since I figured it could be forwarded but am now learning it doesnt work :p

there's a show nat destination/source

and a bunch of sub options

if thats what you were talking about?

Did anyone know NVIDIA makes networking equipment? https://www.nvidia.com/en-us/networking

https://www.nvidia.com/en-us/networking/ethernet-switching/spectrum-sn4000/

well, they did buy Mellanox

Ray Traced Ethernet

Sounds like a good business venture to me

Does anyone have any experience with bridged networks? I put my ISP provided router into bridged mode, and connected my new router via ethernet(in the wan port of new router). I set up port forwarding on my new router but it does not seem to be working.

It should be working a little after you switch on bridge mode.

Whats happening exactly?

Nothing currently. The server I am forwarding to has port 80 22 and 25565 open in theory, but when I use a port scanner it shows they are still closed. The server has an internet connection for sure.

Ok, so the router has internet and you're able to access the web through it? Double check you have port forwarding setup as well as the correct firewall settings on your actual server.

I was thinking your router wasn't getting any internet

Port forwarding is set up, and I know it isn't firewall because it was working before adding the new router

How are you testing if the port forwards are working? If you are trying from a device behind the nat then it might just not work, but it might be port forwarded and accessable from a different network.

config as in your vyos config

yeah as juan said, GRE isn't tcp/udp based

what you need to do is something like this

set nat destination rule 1000 protocol gre

a vyos tip if you don't know already is pressing ? when typing out a command, it will tell you all the possible combinations

I think in theory this should work (replace IPs, interfaces, rule #s with appropriate ones)

    description "Forward GRE"
    inbound-interface eth0
    protocol gre
    translation {
        address 192.168.10.5
    }
}```

I put wireguard on vyos for the first time

was super painless after the small learning curve

oh yeah wg on vyos is nice

i put ovpn on and then my phone was mad cause ubnt has an old version

friend said wtf you doing, use wireguard lol

lol

I do mostly local control so I need for IoT access

Yah

Did you know android 12 removed support for VPNs?

native VPNs.

I was on vacation and was like crap, I forgot to move my VPN over... it doesn't work

VPN created on android 11, upgrade to 12 -> works
VPN creation attempt on android 12 -> "OK" button to create VPN never lights up

Eventually the menu will go away

Interesting, I did not know that

Native VPN's as in what? My VPN still works.

As in the OS itself being the VPN client. You need 3rd party apps going forward to make VPN connections

I also only use google devices so its very possible that another manufacturer can override what they did and offer native VPN.

Hey guys, I'm running across the interesting problem.

Read this pinned message.

I'm staying over at someone's place and they have a really odd networking setup. They live on a second house in a property owned by their parents. The main connection is a business connection with a dedicated IP that goes into the main house and then get processed by their step-father's bullshit networking setup with his firewall and his DNS service and all sorts of things that always break, and there is a line that runs to their home from a switch.

Originally they had a router he set up with AP mode. A few years back I replaced the router with a Netgear Nighthawk R7900P and set it up in router mode and everything would work fine. Every now and again the main network will break and things would get wonky, but would either get fixed, or a factory reset would fix it. During COVID some unrelated but things went down and not only could I not fly internationally across the continent to fix it, I wasn't able to properly walk them through the setup. They reset the router and I believe it automatically went into bridge mode. When you connected to the wifi browsing worked but it would say you're not connected to the internet and phone apps would work only in offline mode.

When I got here there was nothing I could do to access it, even after multiple factory resets. Looked online and the only solution was to keep factory resetting it. Eventually, after dozens of resets I got to the point that the Netgear Nighthawk app recognized it and let me do a basic setup. This allowed me to change the network name and password. I no longer get the "no internet" message, and most apps work now, though not all.

It took it a while to go from being "setup" and working, to being setup and working without that error. Even after that, I couldn't access the router directly from any device, neither over wifi nor by wire. Here is the interesting part, at some point a day later I could access 192.168.1.1, but only on my phone. When I try on a computer it tells me it cannot conntect.

I was typing a very long message, and had to step away for a moment. I'm not used to typing long messages, I come from IRC, but you know, slow mode and all, need to deal with not being able to hit enter every sentace.

It might be Netgear blocking second login attempts from a different device when it thinks that another device is logged into the admin panel. I have seen this, but do not know how to fix it.

Why would it only work with my phone though and not my laptop? I tried my laptop before my phone.

Did you logout on your phone?

Now I'll go to my phone

well that's normal

As you can see, it is not logged in. BTW I did try forcing it to connect via http.

I am aware it's normal, the point is it gives me the login option for my phone :P

ok

The only thing not normal about this is that it won't connect from a computer, only a mobile device.

On your desktop what is the default route?

same wifi?

Same wifi

I see on your phone you are using https://routerlogin.net but on pc you are trying https://192.168.1.1

hmm

can you ping it

Once I type in 192.168.1.1 it automictically redirects. Meanwhile on my laptop routerlogin.net redirects to https://www.netgear.com/home/services/routerlogincom/

ahhhhh, I hate netgear

making simple stuff complicated

At home I have DDWRT installed lol.

I just have a normal router...

IF you changed the IP range then 192.168.1.1 will not work.

well it doesn't seem like it

Wasn't easy, these are Costco routers, had to flash openWRT, but not connect to the router admin panel, rather before restarting after the flash SSH in and flash the model number of the none costco version to the ROM to make the router think it's a 7800 and then immediately flash DDWRT. Can't use OpenWRT because it doesn't support the chipset.

do nslookup routerlogin.net

The router is default everything except network name, password, and https mode.

ohhhh

I know why

maybe

change your DNS server to the router

@verbal ridge

I'll try

It would be stupid if netgear just blocks direct requests to it's IP, but it's netgear so what they do makes no sense sometimes

They don't, I've used this router for years. It could be that they broke something in their update when they tried to force the app on you though...

The reason I had to install DDWRT on my router was because they literally broke Wifi. Look it up, they made it so wifi will disconnect every few seconds to few minutes and required a hard reset. Also, once I switched my network speeds went from 250mbps WIRED, to 800mbps.

why I like my little ER-X

no bs like that

No change. I even set it to accept automatically so it should use the stupid local DNS that is set up.

huh

Their step father runs his own DNS because he doesn't trust anyone.

own recursive DNS?

Part of the reason this is so problematic is that he has a half assed setup that he isn't qulified to manage.

This entire place is setup like a large corporation, basically.

ye ik

homelab

I've been successful in working around it for many years, but now this happened.

Maybe I should try and downgrade the firmware. This probably happened with one of the updates like what happened to mine.

Now that I have access through my phone it might be possible?

Back

I'll try and find old firmware versions I guess

Netgear allows for firmware upload without logging into the machine. That could have been possible before.

You just need to have physical access.

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7900P-Firmware-Issue-Version-1-4-2-84-Browser-Issues/m-p/2152269

Somehow in all my time googling this issue this did not come up, because I didn't good for firmware XD

At least it shows that other people have it.

I've never seen this

https://kb.netgear.com/000059634/How-to-upload-firmware-to-a-NETGEAR-router-using-Windows-TFTP

I was wrong, my phone still says "no internet" but half the apps are no longer in offline mode

That link is the TFTP firmware upload without knowing the password.

Good to know

Well, I have internet...

But now I can't connect to the router even on my phone

Could take it a while like last time

Downloaded all the firmwares going back to 2017, just in case.

Ahh figured it out on my phone, only http works not https. Now to make my browser stop forcing http on my laptop >.>

nope, still the same issue even with IE

there are some settings you can change for it to keep the http, but my chrome is in french so any screenshot I send you is not going to help much. Usually I just have to write http://x.x.x.x (I don't know how to remove the hyperlink in this application)

yeah I did that, it just redirects. I did disable the HTTPS only mode

did you try enabling chrome desktop mode and then navigating to the address?

chrome desktop mode?

just re-read that you were doing this on laptop.

I don't use Google Chrome btw

Or Chromium. I even have it uninstalled on my phone.

Only Firefox/Waterfox

On my laptop it doesn't work with http either

ok I assume you're using firefox on your laptop too. Can you try turning off auto-fill and emptying your cache?

Yup, done and done

I've tried Firefox, Waterfox, Edge, and IE.

dang.. ok I have an emergency at the office. I'll check in again in an hour or two to see if you managed to figure it out. I've never seen a browser so hellbent on preventing for even trying to access an unsecured page before, this is very interesting

Hmm

some of the settings they mention could be browser, but if every browser does this, probably your security software. I don't know what you're running though

Well, I disabled bitdefender, and it never did this at home

.... you aren't set to a public network settings are you?

No

Though even if I was this shouldn't be an issue on my end

what's the error code on firefox again?

oh hey at least it's trying now, that's better than I thought

huh

This is the same thing it has been doing all along

doesn't help

I even disabled windows firewall

This has to be an issue with the router

ok last thing I'd try. Disable DNS in Firefox and try again. If the DNS you're on is some custom made thing, it COULD be trying to translate 192.168.1.1 to something else, who knows

uhh no

192.168.1.1 is an IP, can't be resolved to anything else

In your settings what does it say your default route is?

DNS or DNS over HTTPS?

^

shouldn't matter for this, I just use normal DNS so I can resolve local hostnames

I mean, I don't know how you can "disable dns" in a browser, but I can disable dns over HTTPS, not that it would impact IE

Ok. I guess I am lost. Could you port scan the router?

@verbal ridge I forget, do you have internet access?

or not

That would not effect if you get to the web management software.

no like, is traffic getting to the router

I have internet access. My laptop used to say no internet, but browsing worked, it now says connected. My cellphone says no internet, but browsing and most apps work, but not all pps.

huh

grabbing nmap

man.. nighthawk makes this so much easier.. I don't miss not having it

?

At first nothing worked except browsing on my phone. After many, many factory resets Spotify started working, but Google Maps and Lastpass still think I'm offline.

smells like dns

or some weird firewall blocking

DNS has almost always been our issue here, but I don't understand why it works on my phone and not on my laptop.

I should change the time zone on my laptop

Interestingly enough it seems that my laptop can't reach the time server

Changed it to PST

Lol pastebin doesn't work because secure connection failed

Doesn't even give me the option to not use it securly

if I had to guess this is because of that homelab setup

Or the incorrect system clock

It was bit defender

https://pastebin.com/gzpp63tE

Maybe I should factory reset it after the downgrade, but the issue is for whatever reason my phone doesn't have data even though it should

so if it gets messed up there is nothing I can do about it unless I get lucky again

@rocky badge todays the day

nice

Still no Poe injector yet though :(

speaking of unifi stuff, what does "wifi experience" actually mean? i see that it's fluctuating but i haven't noticed any actual changed, so....i'm not sure what it means.

nobody knows ™️

Mist has the same "experience rating" but actually list what contributes to it. Most of it is still vague/useless though.

wow, you aren't kidding. i guess its main purpose is to get people to buy more things to saturate their coverage

Ight I need a fair bit of help as I have found more issues with my houses networking. Is it alright if I post a my homes floorplans so i can show the issue better?

So highlighted in green is the issue, My room is the far left corner and has no connection atm, which is no issue as i have the rj45 connector needed to fix that. issue is that the middle bit highlighted in green is where a Hub should be, it turns out that all the Cat5e is not even hooked up. i need to know if its possible for me to do this hub myself. or will i need to get an electrician to do it for me? If i dont, where can i get a hub from? because atm im connecting to my main router (yellow toward the right) into a 2nd modem (yellow highlighted over the XX) and its an all steel house so its super slow.

what do you mean by "hub"?

well theres meant to be a centralized hub on the plan

as such to my room from where the hub should be

no, like....physically

Like a switch?

what hardware are you referring to?

Yeah a swtich

its mean to split off into other rooms of the house from the center there

but there isnt one yet

if the cat5e isn't hooked up yet, you'll need to decide how you want to terminate it. i'd personally recommend a patch panel and a switch

you can get a little 2U or so wall-mounted rack and it would work perfectly

or a straight-up wall-mounted patch panel https://www.amazon.com/Tripp-Lite-Wallmount-Ethernet-N050-012/dp/B000067SC6?th=1

to answer your question about needing an electrician, no, you can definitely do it yourself. i'd check with your local building codes to make sure, but it isn't dangerous or difficult. if the drops are already ran, that's the difficult part out of the way. terminating everything is just tedious, but pretty easy.

OK so rn this is all I have the white cable connecting into the wall, I'm going to have to terminate off this into the patch pannel to then be able to run Ethernet to my room, right?

okay, now i'm a bit more confused.

do you have just loose cat5e wires that go to this room?

or are you trying to run new wires?

Yes there are lose wires in that room from what i know

okay, if there are loose wires, then yes, you'll need to terminate them in some way

(there are tons of options for this, and really it's just a matter of what works best for you)

is that your modem? or what is that white box?

Thats not the modem no

thats just were we connect to

as we are currently on fixed wireless

a router?

a router/wifi combo unit?

the router is connected via the yellow cable

so, that's just a wifi AP?

Yeah I think so

Because the modem is next to it

ah, okay. it could also be just nonsense hardware that your ISP makes you use. regardless

i don't think that changes things. you need to terminate the loose cables. then you need a way to get the existing network to include those cables. that's where the switch comes in, assuming you have more than a couple

generally you want to do something like modem -> router -> switch -> terminated cables, wifi APs, etc. but that might not be possible if it's ISP stuff that's messing with it

where does the port that's already in the wall go?

Im guessing either the satiate dish or just terminated in the wall and is just sitting there

im think most likely the dish

is the dish how you get internet in the first place?

yep

okay, i also suspect that it goes to the dish

so that makes a little more sense. the white box is probably controller hardware for the dish, and then the router/wifi AP is the one sitting on the table

there are 2 cables coming out from that box. do both go to the router?

No there are 2 routers

we have 2 service providers

But I just tried to connect via an ethernet cable into one of the spare ports next to the yellow ones into a laptop to see if i could just connect right to there but no luck. any idea why it could be that it works when going to a modem but not to a computer

yes. because there's no routing service to assign an IP. they don't know how to talk to each other. it might work if you only had the cable between the dish and the laptop, not between the routers. because then the laptop would probably take the IP of the dish (aka, your public IP)

OK so just doing this and running a long cable to my room will not work. I know I can connect to the back of the router but doing so would disable wifi functions

it......shouldn't disable wifi

does the white ap/router box(on the shelf) have one ethernet port or multiple ports? I think the one on the wall is the modem converting coax to ethernet. with a switch for multiport out.

that would be bizarre if it did.

I watched a few videos and someone said it would disable wifi. Hence why I've been trying to properly wire up the cat5e rather than just run a long cable to my room

i think something that should be near the top of your list of priorities is to figure out what hardware you have and what all of it does. it will be much easier to make informed choices once you know what you have and what it does

it could be moca

i'm not familiar with that

ethernet over coax

verizon fios used to use it and I think they still do

so they would put the ONT outside

and then use already existing coax to get it to router location

Yeah it's a normal modem

that looks like a wifi router

i agree

That's what I meant sorry.

and the yellow cable goes where?

i think your "modem" for lack of a better word, is the box on the wall. if it does indeed go to your dish

yeah just use one of the yellow ports

^

at least try it. if it doesn't work like you want it to, then you can explore other options

I don't see why it shouldn't work

agreed.

and your other router looks the same as that one?

Yeah, just a different provider

ideally you would want one router

and just have WAN load balancing/failover

yup the wall mounted thing is just a modem/media converter then with multiport switch for connecting different routers up to the sat dish.

I dunno why, I'm still stuck living with my family and they need 2, as Father uses one for work, while the rest of us use the other for personally stuff, otherwise if there are 3 heavy loads on one provider provider entire internet shits itseldlf

Or the router catches fire

well being on sat sucks anyways.

it is HORRIBLE.

Sat? Is that like the Fixes Wireless? Because in Aus you either have Fixed wireless that connected to a tower that's connected to the NBN, wireless which is it's own thing or, NBN over fiber

you said that you have a satellite dish. that's what drako was referring to

Oh, yeah, it's better than what I use to have

60gb a months with a 1mb download speed max

NBN is a scam change my mind

it kinda is but i need it for Uni and well.... life

anyways if you have a line that runs into that room, where the router is to your bedroom you can hook it into the routers yellow ports then hook your computer up in your room.

Yeah, I'm lucky I can get 100/20 on fttc

I get 20/3

fttn?

no on fixed wireless

oh i wasn't reading above lol

fixed wireless speeds vary heaps though

ok so run a cat5e cable from one of the yellow ports up through the wall, and i can just put a switch in my roof and connect the end of that cable to a switch, and then put a male connecter on the end of the run closest to the switch and put an rj45 female port into my room

technically you do not need a switch there just one continuous wire, but yes a female rj45 in your room then you can have patch cable for either just your computer or add a switch there if you want to hook up multiple ethernet things in your room.

ok, i just already bought a keystone jack for my room, so i thought, put a switch in the roof and then i can put a male end on the run to my room and a keystone on the other end in my room

the wire from the router to your room would just be one continuous run. you can have male ends on it or one male one female it all depends on what you want. if you have a keystone then both ends male. plug into the keystone then plug a patch cable into the otherside. ¯_(ツ)_/¯

I'll try that, one second @peak cloak

do you think it'll break anything else?

it shouldn't

it's not like you are using gre for anything else

ill make a snapshot just in case

is there anything else I'd need to add to that rule? Like a dest address or anything?

oh wait

i think its right here lol

I'll give this a go, guessing the IP there should be the ip of PF?

the ip is what you forward to

I thought PF is in front of vyos

it is

ISP > Modem > Router > PF > VyOS

or should the ip be for the vpn server (using gre)

look at the message below it, you need to add inbound-interface and translation address

translation address is what it will forward gre to

so it would be something downstream, not upstream

ohh

so basically, this would be coming from a user and not the server

wdym

the router will forward gre from the user to the server

not from the server to the user?

well that's how nat works

true true, I'll try using the ip of the server that needs to use gre and see how it works

don't need any special rules from behind nat to access the internet

except the one src-nat

since the router will replace the source ip, with it's own WAN IP

and then track the connections

and when the traffic comes back, it's in the same connection, so it knows where to forward it back

but for new traffic from WAN it doesn't know

hm

didnt seem to work but maybe pfsense is doing something

you said you have triple nat before

need to add rules on every thing that does NAT

I only have double for this network project thing

and I think I did, I'm going to add a machine between pf and vyos to see if that can connect

that should narrow down where the problem is

well run tcpdump

much easier

what would that do

see packets

so first run tcpdump on pfsense

Found a tool called packet capture on pf

I think it's just tcpdump proto gre

and that will print all packets that are gre to the cli

so then try connecting, if packets show up, nice

oh in the console or something?

ye

maybe you can do it in the gui, idk

pfsense is directly connected to the internet?

or is there something infront of it

to a router but in this project we can go with yes

well where are you connecting from?

im trying to connect to a vpn server inside of that like mini network but the computer im connecting via is right beside pf so basically on the wan port

hmm ok

so try capturing using this

let me know the results

theres no traditional console i think, tried here but I think this is just to run config commands since there is no output

there should be..

@sweet moss ssh in

perhaps it is shell in here

yes

alright, its running it right now

Should I end it? Doesn't seem to be doing anything. Maybe if ran with verbose mode

so you tried connecting?

yeah

so yeah the packets aren't reaching pfsense

maybe try from a specific interface

tcpdump -i en0 proto gre

huh, still nothing

so yeah packets aren't even reaching pfsense

unless it's some other protocol (not gre)

This is kinda ish how my network is setup outside of that mini project network

I can connect to the server through vyos internally so that seems to be good

just not externally

main router is vyos?

no

oh just internet

main router is some tp link one for m entire network

WAIT

ohh I think I might know why

HOLD UP, virtual box has the adapter on the pc set to NAT

lemme switch it to bridged mode

it's not even that

maybe

oh

the tunnel works?

or just shows up in pfsense?

ah nice

yay 😄

tcpdump is very useful fyi

for troubleshotting

ooooo

it's like a debugger, for networking

thats putting out info now too

i wonder why it says i have no internet though

yeah, so you can insolate issues, look at packets, src/destination ips

prob something on vpn server?

must be

tempted to revert the router changes and see if it continues to work

still works after reverting the changes c:

ty for your help again

internet seems to be working now too, just took a bit to sync or something I guess

woo hoo!

Stupid UniFi controller isn’t working :(

is that the one in Docker

Got it to work

👍

The docker was working but speeds were horrible on wifi, so changed to an rpi b+ and somehow it’s better?

Don’t know how it affects it but it works now

Still have the same wireless speeds as before tho, so I think it’s a pfsense issue

controller shouldn't affect speed

or could've been a one off with your Internet

lots of variables and it's hard to isolate unless you can repeat

Once NanoHD stops updating I’ll show

what are you capped at?

So everything internal is 1Gb, uplink is 100/20

Internal speeds are what I mean when I Speedtest at the moment

I get roughly 150-200Mbps internal

https://www.reddit.com/r/sysadmin/comments/qzr9la/godaddy_hacked/

•Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.

•The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.

•For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.

•For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers

Unlucky

Wireless is up

fun

show wireless config

I mean if it's going through a switch shouldn't it be easily line speed?

https://i.ryois.me/GNozlF9tAU.gif

Access point is direct into pfsense

gonna change 5GHz to 153 or smth

yeah you're using 40mhz too

Change to 160Mhz 😈

w i d e channels

80 or 160?

160

aight

i am speed

I can do up to channel 64

leave channel on auto

I suspect it's just the speedtest

try iperf between different devices

that shows 900 on ethernet

i'll try iperf to pfsense

oh huh

weird

Try after the provision is finished

i wondered why my speeds hadn't changed, forgot to queue changes

lol yeah

gotta queue and apply

done that, now we wait

here we go...

still isn't working hang on

you might have to disconnect and reconnect idfk lol

just keeps telling me unable to connect

https://i.ryois.me/w61zJbgSZY.png

oh, keep waiting then lol

This is what I have at a client's site on 5ghz

it works now

and I can get like 600/600

now i get 300/220

what phone again

11 Pro

sorry no 13 Pro

Try using something like iperf3

i use airport app on 11 pro to scan networks

so it's not running in the browser

is there an app for it on ios?

yes

oh sheesh

I use the one with white icon and blue wifi icon

got iperf server running on pfsense

max of 320Mbps down over 30s

ok now try and find what channels are the best around you

download something like inSSIDer

ok

gonna try through a different nic on pfsense

that was using some broadcom thing

same again 300ish down

Downloading inssider now

Everything looks like it’s on the same channel

And it’s weird there’s hidden networks on the same bssid as my main net

Maybe go for channel 108 or something

do you guys have stuff like DFS

99% of your neighbors won't be on DFS channels

I don’t think anyone uses it, they’re all on isp routers

I can only think of one or two people, both over 100m away, that might use 3rd party equipment

I wish. its becoming more common in my neighborhood

I live right beside a university 😭

a lot of their cisco shit is on dfs

😭 https://i.ryois.me/1dXsfAi8jg.png

if you have 3k APs sitting in one spot, they did their wireless wrong

Nah, this is more than just theirs

I have around 150 APs logged from them

gonna go on VHT160 DFS 64 at high power

537 down on speedtest site

that's pretty good

iperf peaked at 634

How do I know which keystone diagram to follow

as long as it matches what's on the other end of the line

just use B

^

and most of the time, nowadays NICs can switch

ooh

moved back to 80mhz 144 dfs and it's back at 270

Well I'm not sure if this is A or B

just trying to get the highest frequency possible so I get the highest speed possible

a

white/green on side = a
white/orange on side = b

that wire looks wrong for either.

looks like someone did it backwards

@normal berry

Yeah it definitely is wrong but it looks like an attempted A

1,2 3,6 4,5 7,8

From my knowledge it was pre bought

As long as they are connected the right way electrically it does not matter. It becomes a pain if / when you are doing maintaining many long runs. If those are inconsistent then you end up wasting time and in proxy money.

Well it all wires up and working so much better than before

Try testing with iperf between two computers.

this might be a noob question but can i traverse across two nats if setup properly
ie a device pinging 192.168.0.1 when on 192.168.3.0
192.168.3.0 wan to lan to 192.168.2.0 wan to lan to 192.168.0.0

Does changing timezone in windows affect network performance?

i think so as long as you have routing set up to do so

no it shouldn't

@rocky badge Macos Wireless scan says I'm using 40MHz bandwidth...

okok

I changed settings and it reset don't worry

uhhhhhhhh

Where’s that?

Traceroute to an MC server

Nothing wrong with that traceroute. A single hop with high latency/splikes/loss is not an issue if its not consistent through the entire path

yeah end result was fine

Do you wanna hear about shitty ISP routes

My friend in CH traceroutes to a hosting company in FR, and it's over 70ms.
We try that from a different ISP and it's like 12 ms 🤣

Let me clarify

That's not across 2 nats

Thats just normal routing

Wait, I'm confused by what you say at the end?

Wan to LAN?

Like double Nat, no not without port forwarding

So i have a 2.4/5 ghz wifi connection. but my computer will only take the 2.4 ghz one because they arent separated into two connections. how do i make it take the 5 ghz one. w11 btw.

If your hardware supports 5G it would be the same way.

It can depend on a few factors. Its not too uncommon, especially when smaller ISPs peer with IX/IXPs and also use them as transport

On win10 there is an option within the details of your network card/adapter where you can set it to Auto/prefer 2.4GHz/prefer 5GHz - I'm not sure if it works the same on win11, but maybe it helps
And obviously you might want to check if your pc supports 5 GHz/WiFi 6/802.11ac

ngl why tf does the AX50 not get mesh but the AX20 does????

or the Archer AX1500

The ways of the industry are inscrutable

Fucking TP-Link dogshit company with dogshit marketing

Bought this thing for Onemesh

where

device manager > find your wifi adapter > Properties > Advanced Tab > "Preferred Band" > Change Value to "Prefer 5GHz band"

https://gearupwindows.com/how-to-force-wi-fi-to-connect-over-5ghz-in-windows-11-10/

as stated: this applies and works for win10 - it might work the same way in win11
EDIT: changed the link - this will work on win11 if your hardware supports it

thanks

the 70ms was always using direct IP transit, the other ISP's were using IX's instead

yea this ISP just preferes IP transit for everything

Well its always IP transit. The difference is most peer directly with transit providers as well as multiple IX. IX vs IXP are technically similar in that its a central point for providers to peer with each other without a direct connection. But in practice, IXPs also usually provide full transit as well via dark fiber or a leased P2P which overall can be dirt cheap or in some cases free for the peering.
Downside of transit through an IXP is sub-optimal routing. Hence why they might have saw a difference between the two ISPs.

Given its inside EU many providers actually connect to IXes, pretty sure it's really common there. It's weird that this ISP doesn't do IX

Yea basiclly double nat

Ok thank guess I could port foward

For two networks it depends how they are configured. I'm my test setup I can connect directly to a machine on another LAN without using port forwarding. These are machined are on different local networks, but can still use there local address. I have seen a few networks that are set up this way. Yet again I know little about networking.

Yeah you can have seperate networks next to each other, but not nated

Any ISP worth it's salt is peered with an IX. I am just guessing the reasons why it might be routed the way it is.

non-ISP here, inside multiple IX

Any ISP company

Hey, so i am trying to run my media server any tips on what software to use

I use jellyfin

is that a hosting company that you buy from

no, it's a media server software

https://jellyfin.org/

https://demo.jellyfin.org/stable/web/index.html#!/login.html?serverid=713dc3fe952b438fa70ed35e4ef0525a

do you host it on another computer

anything

as long as it can run it

and then you need to figure out storage for it

i have 2 500gb hard drives

my intended setup eventually would be to have a NAS running ZFS, so prob something like TrueNAS, and then have self hosted s3 buckets or something for my servers, so a share for all movies, which then jellyfin on another server would just read

ok

rn it's just a VM with storage which works, but slow

i installed it on my computer i am on rn because i dont want to drag out my old computer

I have it on a server I run 24/7

it's really just an optiplex

laptop?

jellyfin wont open

it's not something you get a gui for

🤦

https://jellyfin.org/docs/general/administration/installing.html#windows-x86x64

apparently you need to run jellyfin.bat

idk, I run everything on linux

can you help me locate that is it in the program files for the jellyfin

idk

look at the guide

i figured it out

thanks got it working

How would you learn and study for the 200-301 CCNA automation and programmability section? In particular the Cisco DNA section?

any way around relay on zerotier?

I have a full tunnel on my phone that only gets 4 down and up

My network has a double nat + cgnat so cant do anything about nat
Upnp is turned on so not sure wut to do :(

I was thinking about trying tailscale but if zerotier doesnt work I doubt tailscale would

thanks i was looking at making a plex server and spending money on it for a life time sub but if jellyfin can do all the same things without needing to pay money to use it on mobile then it might be a better solution for my needs;

main reason i came here was just confirming that for arch linux (endeavoros) if i want to make a vnc server i should use tiger vnc. the alternatives i've found so far that work on linux like realvnc are paid and i was wanting vnc software that is free to run since i want to vnc into my machines from my laptop occasionally, in addition to vnc into vms occasionally. I was also looking at Remmina as a vnc viewer but open to alternatives if anyone has any recomendations;

so i have a cat 5e cable running from my router to my switch in my room. i've tested that the cable is faulty and also tested if other cables we're faulty by laying a direct path from router to the switch with a new cable

and everything works

but how does a cat 5e cable go bad?

and it will be hard to replace i presume bcs its behind those plints that laminate have at the walls

with the old cable its capped to 100

and here it goes free

Oxidation

/ cable breaks from repeated bending

I see

I have a long enough cable

But theres a point where it goes through the floor and that is where it doesn't have space to go through so unless i make a hole its impossible to do

To replace rather

Was it always bad?

Or just suddenly?

Yeah only 4 wires, which is what 100base t needs vs the 8 1000 base t needs

we never noticed bcs our internet was shit

but now we have 300mbit

and now i see that the cable is bad

So the old one is just capped at 100?

yup

Ok that's not a bad cable

says 5e on the cable tho

So here's the thing

Look at the connectors, how many wires do you see inside

Each wire is a color

I suspect whoever made the cable either did some weird split thing or just terminated with 4 wires

Cat5e internally should have 8

Yep

Makes sense

is it fixable?

If you have the tools you could try re terminating it

But, you need to know how many wires are in the cable

exactly

and idk that, i'l ask my dad if we can route a new cable bcs im missing out on 2/3 of the promised speeds

Like for me, I have the tools, so it's just a quick snip off the connector see how many wires are in it, reterminate

my dad fixes electronics so perhaps he has the tools

And just to clarify, the cable never went bad. It was just a 100/100 cable

bcs i find it weird that a cat5e cable is connected with 4 so it would make sense it has 8 inside

i understand

anyways thanks for the advice

Np

will keep updates here if anything happens

ok so i spoke with my dad we are gonna replace the cable YEEEEESSSSSSSSSSS

don't ask to ask, just ask

havent seen rouing in a while

Same

He does chat tho kek, last message was just few hours ago

Anything, yes I know that SSL certs are whats needed to visit HTTPS websites in mist cases. In order to get a better answer you are going to have to as an actual question.

SSH certs

SSL certs you mean?

@rare gyro This pinned comment explains why asking if anyone knows about something is a bad idea.

Fixed

I’m having an issue with an ssl cert on a local profile expiring for all browsers on a particular site however when I switch local windows profiles the issue is fixed is there anyway I can keep the old profile without recreating it? Almost like the old cert on windows got corrupted

a self-signed cert you created?

It’s not a self singed certs so let’s say my windows machine has an invalid cert from Centauri-ins.com however I cleared ssl cache no go checked av didn’t work swap profiles works great doesn’t happen with any other site

then they probobly never updated their cert?

what is the site

Who the site or windows

the site

That is the site

what is the site, so I can try on my end

Centauri-ins.com

Let me get back to you on that’s not right

I can pull it up

huh

I checked for a AAAA as well

www works with a 403 error

but yeah the cert is valid

nvm, I see now, the main URL won't work, I googled it originally which put me to https://www.centauri-ins.com/ConsumerPortal/ which does work

cert was just issued 3 days ago

so that's prob the issue with cache or something

yah

Try this site instead https://www.centauri-ins.com/Main/PISignIn.aspx?ReturnUrl=%2FMain%2FPIMain.aspx

yeah works, something is wrong on your end

something with cache

Is it OK to put my VMs and jails in the same freebsd box that acts as a router? I have one physical box and want to host servers on DMZ with VMs and VLNs

I wouldn't

So it will be fine if I just host the router as a VM?

I mean that too is ehh

myself I like to seperate things

so I don't myself in a mess if I mess up something or something goes down

So I think I will put in VM and when I could I will buy 1u server for router

or just get a dedicated router?

I always prefer that vs just pure software like pfsense or vyos for core routers

Like mikrotik Cisco etc...?

yeah, I myself have a er-x right now as the core router

But u can't modify the sowftwer as u please that what I like

Tuning with staff

why would I need to do that

and I can actually

like I installed wireguard support on my ER-X

Its only for my home and I'm only learning

so am I

which is why I also prefer a dedicated machine

plus it's cheaper

Cisco router cost more then a new car

well those are for ISPs, companies

Hhh

ofc I don't need that

but like the ER-X I got for like what 70 bucks

and it frees up my servers to do other stuff

or like I also have the HEX-S

also cheap

U like to have one machine for one task?

How do u mange them all and backup them etc...?

not for everything, for me it's just cheaper and makes more sense to have a dedicated router

as for managment they don't need much

Oh u meant only the router

ye

it's function is just to critical IMO to just shove in a VM

especially when learning

Anyone used Openstack before? Is it as complicated to install and maintain as it sounds? Thinking about trying it in a homelab environment

I also have libenms so I can moniter everything from one place

The network?

well individual devices on the network

see

My mind is telling me: have one folder stracher duplicate that every where

it's really just for monitering

?

I mean that I like to put all of my data in one main folder

for like backups?

And sync that between my main machine and the server

No litraly everything

why

No idea

In case I will lose one of the aouther

so backups

for some reason I really like the config syntax vyos and edgeos (ER-X) use

files/
pub/
docs/
VMS/
etc...

I looked at it once, too overkill for me..

Hey guys! One question. I use pfsense and ubiquiti switch. I have setup a full network vpn in pfsense, so everything after pfsense is under vpn protection. What I want to know is: is it possible to create a second vpn connection so that I can connect through my phone or computer outside of my network and get access to my server and every other device that is on my home network?

r/assholedesign

Comcast website claims +$0/m more on multiple plans if I sign a contract again, but once clicked its +$20/m or more
my favorite was the -$20/m downgrade thats actually -$5/m

so what you want is basically a vpn server

ofc it's possible

rn what you are doing I understand is tunneling all traffic destined for the internet via a vpn, basically acting as a vpn client which I don't really recommend, but you do you

I badly want a pikvm but it's so $$$

unless I completly diy it which is less than optimal

https://level1techs.com/video/level1techs-kvm-keyboard-video-mouse-switch-4k60hz-monitor-usb-switchbox ??

thing is, I want something like ipmi or idrac

over IP within web browser

main thing would be the ability to turn things on/off, reinstall OS, etc

since I have remote access anyway when it's on

but let's say I'm not home or away, I'd like to be able to

sub optimal it is then - that sounds more like home assistant.

well yeah, it's basically remote hands

if only the HAT was in stock

you know what, it may not be that pricy to DIY

Dunno if it's the right place to ask but... Can you use US market smartphones in Europe? Like i know for a fact LTE should be fine as there is always more than one band available and US phones have the same bands other than 800mhz but how about calling, does it work at all? I'd love to import some 2nd hand top end Samsung, considering how ridiculously cheap they are in states

I have before. I use pixel phones

They work in Asia too

Yes. I have a vpn provider and I tunnel my whole network through that. I would like to be able to access my server at home and all my devices just by connecting to my home network through a vpn connection.

If you have a server you should be able to run a wireguard or OpenVPN client in the server with that port forwarded to the public internet. Then you could use your phone or other mobile device to access your home network.

What does your VPN protect you from?

See the problem is going to be that you can't port forward

so i'm moving to a house the size of the land is 9000sqft and the house is 3400sqft across 3 floors, it's all made of brick and concrete what's the best system to make sure we can get wifi everywhere ?

Unless you can with yours

Wired access points everywhere

would a mesh system be recommended or something else

any recommendations on access points?

i figure 2 of them should cover each floor cuz the top floor is technically only half a floor if that makes sense

Uhh, tp link omada has good APs, ubiquiti, rukus

Keep in mind you will need ethernet to each

gonna need a lot of ethernet

is there a way to buy it in bulk?

Yeah ofc

I have a whole box

Then you just make runs, cut it, terminate, done

oh i can make them myself?

Everyone does

didn't know i could do that

i was just gonna buy like spools of 100ft or something with the bits on the end

What's the layout look like?

ummm i'll have to draw it out one sec

@peak cloak that’s the layout of the house

The bottom floor and 1st floor are a kind of U shape the top floor is just a rectangle

Idk how to draw 3D objects i failed autocad and technical drawing in school so

The entrance to the house is on the first floor

Hmm yeah at least 1 AP on each floor I would say

If you want good wifi that is

yeah cuz the wifi where i live sucks rn

You would also want a poe switch and a controller for the APs

so these are the 2 packages we're looking at choosing from

we have a poe switch rn but it's kinda ass i think

Yeah that's internet, you can have amazing internet but shitty wifi

Cuz concrete

doesn't concrete kill the signal by like half for each room it has to go through or something

500/250 is more than enough for most people

well there's 6 of us

Thickness matters

and the Gb internet is only $200 more that's only $30USD

and we're not getting cable so

There's 5 people in my house, we have 300/300, we like never use all the bandwidth unless downloading something

Usually when I look it's just like idling at like 1-2 mbps

250 with 4 people, yeah the average for me too is really low

yeah like me and my youngest brother are the biggest users honestly and that's just cuz we pc game n shit

torrenting arch isos always gets me all the speed c:

so you think just go with the 500down?

But yeah the optimal wifi setup would be a wired AP on each floor or maybe more, have it all terminate to a Poe switch, then to router and out to isp

Tbh yeah

Save some money, it adds up

You can always upgrade no?

so you think poe switch and router on the 1st floor, 2APs on that floor and 1AP on the top maybe?

yeah we could always upgrade

Yeah, the difficulty is running all the wires

Also don't forget to get a controller so you can have seamless roaming. Basically you connect the APs to the controller and manage them all from that controller

I have one eap225 myself

running the wires shouldn't be too hard of an issue, i can run it along the bashboards next to the floor and up the side of the stairs

But house is wood and drywall so it covers basically the whole house

Easier to run wires tho, walls are hollow

yeah we don't build houses out of wood and drywall in the caribbean

unless i can run the cables on the outside of the house, are those cables like...weather poof?

Depends on what you get

https://amzn.to/3xsNQ8b would this poe switch be alright?

There's outdoor rated cat6, direct burial, plenum rated, etc.

or wait no i think we need more than 8 ports because we're putting in a security system too

Yeah that switch does 802.3af, as long as AP supports that you are fine, although you would want to check total wattage since that's only 53w and only actually has 4 Poe ports, which is misleading

think it might be better to look for the APs first?

trying to find some wall mounted ones that won't look weird or out of place

Omada actually has these little wall mount ones with a switch

Could put more of those maybe since they are smaller

@stoic stag https://www.tp-link.com/us/business-networking/omada-sdn-access-point/

https://www.tp-link.com/us/business-networking/omada-sdn-access-point/eap235-wall/v1/

Maybe a bit overkill, idk

those might be perfect actually

and for $60 a piece on amazon that's not too bad, could get 4 of those, 2 for the main floor, one for upstairs and one for the bottom floor cuz people aren't really gonna be there too much

plus a poe switch and a controller