Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Newbie
    Join Date
    Jan 2019
    Posts
    5

    Default Transparent Bridge & Multiple Subnets

    I realize that this topic has been beaten to death, but I’m still having trouble getting it working, so I hope someone can help.

    My very basic layout is as follows:

    ISP modem -> Unifi Secure Gateway (router) -> Untangle (transparent bridge, version 14.1.0) -> switch -> clients

    On the Unifi Gateway, I have a subnet (192.168.1.x) for the wired and wireless clients. This passes through Untangle where I do content filtering. The Untangle machine is statically assigned 192.168.1.2, and the gateway for this network is 192.168.1.1. Everything works perfectly.

    What I’m trying to do is add a separate network at the USG to serve as isolation for certain devices. The subnet is set up in the USG and assigns 10.0.0.x to the devices that use a designated SSID. The gateway for this network is 10.0.0.1.

    The problem, of course, is that the 10.0.0.x clients don’t receive an IP and obviously don’t have internet access when Untangle is there (even if I statically assign a 10.0.0.x IP, they still don’t get connected). Once the Untangle machine is removed, everything works as expected.

    I’ve read through the wiki pages, and what I’ve tried so far is:

    - Adding an alias to the bridged interface. No difference.
    - I’ve tried changing the isolated network to 192.168.2.x and changing my IP on Untangle to a /16, but this hasn’t helped either.
    - Adding static routes. I’m sure this is where I’m not doing things properly. Currently I have a static route with a network of 10.0.0.0/16, and a next hop of 10.0.0.1. I can currently ping 10.0.0.1 from Untangle, but traffic still isn’t getting through on the clients. Untangle complains that 10.0.0.1 isn’t reachable (even though I can ping it).

    I’m obviously misunderstanding something, mainly due to lack of experience I’m sure, but I’ve read through that wiki and what feels like hundreds of forum posts, and I’m just not able to make this work properly. I hope someone can help. If screenshots or more information is required, please let me know.

    Thanks in advance.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,818

    Default

    How are you adding the second range on the Unifi? Is it a VLAN or alias?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Jan 2019
    Posts
    5

    Default

    Hi jcoffin,

    It's a second network, with an assigned VLAN (I'm using 10). That same VLAN is then used in the dedicated SSID. imgur.com/a/77tclyq (I'm unable to post links)

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,346

    Default

    Why does everyone insist on doing this the hard way?

    Replace the USG with an Untangle router already, USGs are a joke of a UTM, they have no place on a modern network until Ubiquiti actually builds a working product. Now, if all you want is a router, go for it... but it is not a UTM.

    If that switch is a Unifi switch you have another option, terminate your VLANs there, have a SINGLE IP range going from that switch to the USG, and give Untangle the static routes for the networks beyond the not routing swtich.

    Otherwise, you have to 1.) Terminate your VLANs on Untangle, and 2.) use WAN balancer to source route the appropriate traffic to the appropriate gateway IP address. Do anything wrong, at all, and packets simply will not flow. Or worse, because half of this technology is tolerant of poor configurations, it'll sort of work in some circumstances and leave you confused. Sound familiar?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,818

    Default

    Ah, the VLAN will not be seen by Untangle (or any other device) unless the VLAN is added to the Untangle. VLANs on a bridged device is generally not recommended since it is difficult debug and configure.

    Here is an article to added this https://support.untangle.com/hc/en-u...n-Bridged-Mode
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Newbie
    Join Date
    Jan 2019
    Posts
    5

    Default

    Thanks jcoffin. I've created the vlan interfaces and adjusted WAN balancer per that article, but still not having any success. Please see imgur.com/a/77tclyq again for screenshots of what I've got. Any other suggestions?

    Thanks again.

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,818

    Default

    You will need to start debugging with ping. From the Untangle can you ping the VLAN Unifi router? Can you ping the Untangle from the VLAN PC? etc. Answers to ping questions will point to the issue.

    Edit: Note that bridged VLANs are very difficult configure correctly. I don't recommend them without previous experience working with multi-router VLAN configurations.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Newbie
    Join Date
    Jan 2019
    Posts
    5

    Default

    I currently cannot ping the VLAN router (10.0.0.1) from Untangle. And from the VLAN side, I have absolutely no network at all. Clients can't even connect to the AP's when Untangle is inline. As I said, once I remove Untangle from the equation, the setup does work. So it's obviously a misconfiguration in Untangle somewhere, I just don't know where.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,346

    Default

    Quote Originally Posted by mbregg View Post
    I currently cannot ping the VLAN router (10.0.0.1) from Untangle. And from the VLAN side, I have absolutely no network at all. Clients can't even connect to the AP's when Untangle is inline. As I said, once I remove Untangle from the equation, the setup does work. So it's obviously a misconfiguration in Untangle somewhere, I just don't know where.
    Did you read what I posted at all?

    You must terminate the VLANs on Untangle, on both sides. You'll know you have Untangle working on the "WAN" side correctly, when Untangle can ping your gateway. Then you do the same for a statically configured or addressed client on the "LAN" side. Then finally, you use WAN Balancer to source route the IP range of the VLAN in question, to the correct gateway IP address.

    Do ANY of that wrong, and you'll be where you are.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,818

    Default

    Quote Originally Posted by mbregg View Post
    I currently cannot ping the VLAN router (10.0.0.1) from Untangle. And from the VLAN side
    I would fix this issue first. Without the ability to ping the router, nothing else will work. Is the Untangle directly connected to the Unifi? Or is there a switch in between.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2