Yes, the hex mostly acts as a switch, except where it provides Internet via NAT over the client network (.2.0/24, vlan 200) via the main router that has a built-in VDSL modem and Wireless.
/begin fail
The different subnets/vlans should intentionally not communicate directly, which, stupid me, of course they can once the route has been added on a client... I am so facepalming my 5 year ago self right now...
So now I added the following fw rules to achieve separation and am no longer able to connect to the other subnets from each one:
/end of fail...
What I would like to achieve is for the roadwarrior peers (locally I can access all VLANs on certain switch ports) to be able to communicate with the .2.0, .8.0 and .9.0 networks so I can administer my network as if I'm at home.
But, as with the ping using the routerOS /ping utility, I can only ping the hex and nothing else (the 192.168.8.254 ist the pihole address on the server network):
/begin fail
The different subnets/vlans should intentionally not communicate directly, which, stupid me, of course they can once the route has been added on a client... I am so facepalming my 5 year ago self right now...
So now I added the following fw rules to achieve separation and am no longer able to connect to the other subnets from each one:
Code:
13 chain=forward action=drop in-interface=bridge-vlan200 out-interface=bridge-vlan800 log=no log-prefix="" 14 chain=forward action=drop in-interface=bridge-vlan200 out-interface=bridge-vlan900 log=no log-prefix="" 15 chain=forward action=drop in-interface=bridge-vlan800 out-interface=bridge-vlan200 log=no log-prefix="" 16 chain=forward action=drop in-interface=bridge-vlan800 out-interface=bridge-vlan900 log=no log-prefix="" 17 chain=forward action=drop in-interface=bridge-vlan900 out-interface=bridge-vlan200 log=no log-prefix="" 18 chain=forward action=drop in-interface=bridge-vlan900 out-interface=bridge-vlan800 log=no log-prefix=""What I would like to achieve is for the roadwarrior peers (locally I can access all VLANs on certain switch ports) to be able to communicate with the .2.0, .8.0 and .9.0 networks so I can administer my network as if I'm at home.
But, as with the ping using the routerOS /ping utility, I can only ping the hex and nothing else (the 192.168.8.254 ist the pihole address on the server network):
Code:
me@roadwarrior2 ~ % ip a show dev wg_hex10: wg_hex: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 192.168.253.101/24 brd 192.168.253.255 scope global noprefixroute wg_hex valid_lft forever preferred_lft forever inet6 fe80::acee:a55c:5740:adfb/64 scope link stable-privacy proto kernel_ll valid_lft forever preferred_lft foreverme@roadwarrior2 ~ % ip rdefault via 192.168.179.1 dev wlp3s0 proto dhcp src 192.168.179.6 metric 600192.168.2.0/24 via 192.168.253.2 dev wg_hex proto static metric 1192.168.8.0/24 via 192.168.253.2 dev wg_hex proto static metric 2192.168.9.0/24 via 192.168.253.2 dev wg_hex proto static metric 3192.168.179.0/24 dev wlp3s0 proto kernel scope link src 192.168.179.6 metric 600192.168.253.0/24 dev wg_hex proto kernel scope link src 192.168.253.101 metric 50me@roadwarrior2 ~ % ping 192.168.253.2 -c4PING 192.168.253.2 (192.168.253.2) 56(84) Bytes an Daten.64 Bytes von 192.168.253.2: icmp_seq=1 ttl=64 Zeit=1.75 ms64 Bytes von 192.168.253.2: icmp_seq=2 ttl=64 Zeit=16.3 ms64 Bytes von 192.168.253.2: icmp_seq=3 ttl=64 Zeit=40.0 ms64 Bytes von 192.168.253.2: icmp_seq=4 ttl=64 Zeit=1.94 ms--- 192.168.253.2 ping-Statistik ---4 Pakete übertragen, 4 empfangen, 0% packet loss, time 3005msrtt min/avg/max/mdev = 1.749/15.004/40.026/15.606 msme@roadwarrior2 ~ % ping 192.168.2.1 -c4PING 192.168.2.1 (192.168.2.1) 56(84) Bytes an Daten.--- 192.168.2.1 ping-Statistik ---4 Pakete übertragen, 0 empfangen, 100% packet loss, time 3037msme@roadwarrior2 ~ % ping 192.168.8.254 -c4PING 192.168.8.254 (192.168.8.254) 56(84) Bytes an Daten.--- 192.168.8.254 ping-Statistik ---4 Pakete übertragen, 0 empfangen, 100% packet loss, time 3036msStatistics: Posted by phlinx — Sun Dec 31, 2023 3:06 pm