My guess is that the server receives the packet from the client with src .11.101 dst .10.102 and tries to respond over the interface that has .11.102 assigned. The client expects a response from src .10.102 and drops the packet. But I would turn on a packet sniffer in the gateway to see if the returning traffic even passes the Firewall in scenario 1.
teslasaur
joined 1 year ago
Give use the URL and that 100-number might go 🚀 For testing purposes, naturally.
Reset the AP to make sure it uses dhcp for its own ip and update firmware from unifi network after adopting the AP again.
Test it by swapping places of the access points to find out if the issue is related to the access points or something else.
For those uninitiated, it's a mix between orange and apple soda. Pretty fuckin good. My favourite has to be Portello or Julmust.
OpenVPN connect on both. I load the .ovpn-file that is exported from the server and that's it.
Personally I would have gone for OpenVPN access server on Debian. Fairly simple and well documented for those starting out.
I have used and worked with OpenVPN connect on android, PC and Mac.
By making a bridge in the opensense interfaces you have created a layer2 network. This means that all the devices connected on that network are broadcasting their Mac addresses and are added to the ARP table on the opensense. Since they all are on the same physical network and the same subnet, none of the traffic will ever hit the layer 3 rules on your opensense.
If you want opensense to handle the rules of the traffic you will need to put the devices on different subnets and separate clans. Create a gateway address for every vlan on the opensense and point your devices to the opensense as their gateway.
Expensive is relative. Systembolaget is so huge that they have incredible deals with certain vendors and makers. I know fo a fact that most single malt whisky from scotland are cheaper to buy from systembolaget as compared to a Tax Free shop abroad. Beer and (usually)cheap wine however is pretty expensive due to the added alcohol tax.
It has to do with link priority on the server. You'd imagine that a server that receives a packet that has a return address on the same subnet as it self logically would use that interface instead.
A similar thing happens in switches. For example if you have two vlans on a switch and both vlans have an ip assigned, connect a computer to one of the vlans. You will only be able to reach the switch on the non-routed connection. Even if you also are allowed to reach the second vlan through a router/Firewall.