Re: vlan problem
Hi, finally, I following to https://wiki.debian.org/NetworkConfiguration, make both openbsd and debian support vlan, then I can ping/connect both side now. Thanks. On 2019年1月29日 09:53:07 [GMT+08:00], johnw wrote: >Hi, thank you first, and I think I totally misunderstand vlan. > >I want create vlan network, because minidlna / wifi. > >My openbsd system have 4nics(em0-3), and em2 is connected a wifi >rounter(tplink), which already setup as bridge, >and the wifi client(sony tv/mobile) can request dhcp/ip from openbsd. > >And em3 is directly(no switch/pub, just cat6 cable) connected >linux/debian system, >and this debian is kvm/lxc host, and the eth0 is already setup as >bridge, (debian/lxc/kvm also can request dhcp/ip from openbsd) >one of the lxc/guest is minidlna server. > >I created bridge0 on openbsd(em2, em3 and vether0), reference of this >https://www.openbsd.org/faq/faq6.html#Bridge. >and setup 10.10.10.1/24 on vether0, so debian(lxc/kvm/minidlna) and >wifi(tv) all is the same subnet (10.10.10.0/24). >and I can see minidlna server on tv/mobile, it work. >(one thing is I need run mcastproxy on vether0 to make minidlna/tv >work, >both up/down stream on vether0, before 6.4 is not needed, I don't know >why) > >Now. I want try to setup vlan network like this. (I don't know is it >popper way or even impossible) >em2 --> bridge0 >em3 --> 10.10.10.0/24 (debian/kvm/lvm on this) >vlan3 --> on top of em3 --> bridge0 >vether0 --> bridge0 >(bridge0,vether0,em2,vlan3) --> 10.10.20.0/24 (wifi/tv/mobile on this) > >And I can split (is it good idea?)two subnet, but also can set minidlna > >server to use 10.10.20.0/24 (wifi network). > >I think, I need to setup debian/bridge to support vlan tagged to >achieve >it, right? > >I am wondering, how people setup home network, to serve dlna (all >Iot/computer on one subnet)? > >Thank you, thanks all. > >Zé Loff 於 2019-01-28 16:29 寫到: >> On Mon, Jan 28, 2019 at 07:57:01PM +0800, johnw wrote: >>> hi, I want create vlan network, I create two files >>> >>> hostname.vio0 >>> up >>> >>> hostname.vlan0 >>> inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10 >>> >>> then reboot >>> >>> I can not ping 10.10.10.1 >>> >>> If I create bridge0, and add vio0 and vlan0 to bridge0, then I can >>> ping 10.10.10.1 >>> >>> Or if I just use vio0 without vlan, >>> hostname.vio0 >>> inet 10.10.10.101 255.255.255.0 10.10.10.255 >>> I can also ping 10.10.10.1. >>> >>> Why vlan0 not linked vio0(parent) without create bridge? >>> >>> Is this normal? AM I miss understand vlan? >>> >>> (eg: I also tried on real machine with hostname.em0 card, same >result) >>> >>> Thanks. >>> >>> >>> >>> >>> >>> Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC >> >> You don't give any details regarding the physical network (are both >> machines virtual? are they connected directly? is there a switch >> between >> them?) so we are left guessing. Given the lack of information, I'll >> just state some general stuff about VLANs and try to guess what's >> happening. >> >> Usually, packets run around without a VLAN tag (something that added >to >> their header), so everything that leaves vio0 or em0 will go out >> untagged and usually when the get to an ordinary switch they go out >on >> all ports and get picked up by whichever machines are connected to >it. >> These machines, unless configured otherwise, will only pick up >untagged >> packets. >> >> When you configure a vlan device, you are appending a VLAN tag to >some >> of the packages that leave a physical interface. Crucially, the >> packets >> have to be received by a host that has an interface that is >"listening" >> on the same VLAN, i.e., that's expecting tagged packets with the same >> vnetid. So unless the receiving end also has a vlan interface, it >> won't >> be expecting tagged packets and will thus ignore them. >> >> My guess is that in your case the other host has 10.10.10.1 on a >> "normal" interface, instead of a tagged one. And since it is not >> expecting tagged packets for that subnet (or at all), it ignores the >> ping. >> >> To fix this you have two options: either create a vlan device on the >> other host and configure it with 10.10.10.1 or have a managed switch >> between both hosts that has a port configured to VLAN 10 and that >> untags the packets that leave that port. >> >> When you bridge vio0 and vlan0 -- note: for clarity this should be >> vlan10 and not vlan0, to match the vnetid. this is not mandatory but >> makes the configuration easier to understand -- I am guessing that >the >> packet leaves the vio0 interface untagged, and that's why it gets >> picked >> up on the other end. >> >> Also, note that there is no requirement for a managed switch, >unmanaged >> switches will gladly pass tagged packets around. However, unlike >> managed switches, they won't forward them to specific ports and/or >> untag them. > >-- >Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182
Re: vlan problem
Hi, thank you first, and I think I totally misunderstand vlan. I want create vlan network, because minidlna / wifi. My openbsd system have 4nics(em0-3), and em2 is connected a wifi rounter(tplink), which already setup as bridge, and the wifi client(sony tv/mobile) can request dhcp/ip from openbsd. And em3 is directly(no switch/pub, just cat6 cable) connected linux/debian system, and this debian is kvm/lxc host, and the eth0 is already setup as bridge, (debian/lxc/kvm also can request dhcp/ip from openbsd) one of the lxc/guest is minidlna server. I created bridge0 on openbsd(em2, em3 and vether0), reference of this https://www.openbsd.org/faq/faq6.html#Bridge. and setup 10.10.10.1/24 on vether0, so debian(lxc/kvm/minidlna) and wifi(tv) all is the same subnet (10.10.10.0/24). and I can see minidlna server on tv/mobile, it work. (one thing is I need run mcastproxy on vether0 to make minidlna/tv work, both up/down stream on vether0, before 6.4 is not needed, I don't know why) Now. I want try to setup vlan network like this. (I don't know is it popper way or even impossible) em2 --> bridge0 em3 --> 10.10.10.0/24 (debian/kvm/lvm on this) vlan3 --> on top of em3 --> bridge0 vether0 --> bridge0 (bridge0,vether0,em2,vlan3) --> 10.10.20.0/24 (wifi/tv/mobile on this) And I can split (is it good idea?)two subnet, but also can set minidlna server to use 10.10.20.0/24 (wifi network). I think, I need to setup debian/bridge to support vlan tagged to achieve it, right? I am wondering, how people setup home network, to serve dlna (all Iot/computer on one subnet)? Thank you, thanks all. Zé Loff 於 2019-01-28 16:29 寫到: On Mon, Jan 28, 2019 at 07:57:01PM +0800, johnw wrote: hi, I want create vlan network, I create two files hostname.vio0 up hostname.vlan0 inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10 then reboot I can not ping 10.10.10.1 If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping 10.10.10.1 Or if I just use vio0 without vlan, hostname.vio0 inet 10.10.10.101 255.255.255.0 10.10.10.255 I can also ping 10.10.10.1. Why vlan0 not linked vio0(parent) without create bridge? Is this normal? AM I miss understand vlan? (eg: I also tried on real machine with hostname.em0 card, same result) Thanks. Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC You don't give any details regarding the physical network (are both machines virtual? are they connected directly? is there a switch between them?) so we are left guessing. Given the lack of information, I'll just state some general stuff about VLANs and try to guess what's happening. Usually, packets run around without a VLAN tag (something that added to their header), so everything that leaves vio0 or em0 will go out untagged and usually when the get to an ordinary switch they go out on all ports and get picked up by whichever machines are connected to it. These machines, unless configured otherwise, will only pick up untagged packets. When you configure a vlan device, you are appending a VLAN tag to some of the packages that leave a physical interface. Crucially, the packets have to be received by a host that has an interface that is "listening" on the same VLAN, i.e., that's expecting tagged packets with the same vnetid. So unless the receiving end also has a vlan interface, it won't be expecting tagged packets and will thus ignore them. My guess is that in your case the other host has 10.10.10.1 on a "normal" interface, instead of a tagged one. And since it is not expecting tagged packets for that subnet (or at all), it ignores the ping. To fix this you have two options: either create a vlan device on the other host and configure it with 10.10.10.1 or have a managed switch between both hosts that has a port configured to VLAN 10 and that untags the packets that leave that port. When you bridge vio0 and vlan0 -- note: for clarity this should be vlan10 and not vlan0, to match the vnetid. this is not mandatory but makes the configuration easier to understand -- I am guessing that the packet leaves the vio0 interface untagged, and that's why it gets picked up on the other end. Also, note that there is no requirement for a managed switch, unmanaged switches will gladly pass tagged packets around. However, unlike managed switches, they won't forward them to specific ports and/or untag them. -- Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
Re: vlan problem
This works for me: $cat /etc/hostname.vr1 up $cat /etc/hostname.vlan2 inet 10.0.2.254 255.255.255.0 NONE vlan 2 vlandev vr1 $cat /etc/hostname.vlan100 inet 10.0.100.254 255.255.255.0 NONE vlan 100 vlandev vr1 OpenBSD 6.3 (GENERIC) #3: Thu Dec 20 09:35:15 MST 2018 t...@syspatch-63-i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC As Josh mentioned, you also need 802.1Q managed switch. Then you have to configure your VLANs on your switch. Example: let's have any 16ports switch: 16p - configure as uplink for vlan2 and vlan100 1-10p - configure as ports of vlan2 11-15p - configure as ports of vlan100 Then connect 16p to your vlanNIC of openbsd box. On Mon, 28 Jan 2019 20:02:19 +0800 johnw wrote: > My system is: > > OpenBSD 6.4-current (GENERIC.MP) #639: Sun Jan 27 14:27:05 MST 2019 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Thanks. > > On 2019年1月28日 19:57:01 [GMT+08:00], johnw wrote: > >hi, I want create vlan network, I create two files > > > >hostname.vio0 > >up > > > >hostname.vlan0 > >inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10 > > > >then reboot > > > >I can not ping 10.10.10.1 > > > >If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping > >10.10.10.1 > > > >Or if I just use vio0 without vlan, > >hostname.vio0 > >inet 10.10.10.101 255.255.255.0 10.10.10.255 > >I can also ping 10.10.10.1. > > > >Why vlan0 not linked vio0(parent) without create bridge? > > > >Is this normal? AM I miss understand vlan? > > > >(eg: I also tried on real machine with hostname.em0 card, same result) > > > >Thanks. > > > > > > > > > > > >Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC > > > Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC -- radek
Re: vlan problem
On 2019-01-28, Josh Grosse wrote: > On Mon, Jan 28, 2019 at 07:57:01PM +0800, johnw wrote: >> hi, I want create vlan network > > vlan(4) **REQUIRES** switching equipment that supports > 802.1Q Ethernet tagging. These are known as "managed > switches". > > At the risk of adding confusion, but...you can still send vlan packets to a dumb switch and receive them on another machine - they just see the vlan header as something inside the 'data' part of the frame which they don't care about. You just get all the vlans on all ports, no segregation.
Re: vlan problem
On 2019-01-28, johnw wrote: > hi, I want create vlan network, I create two files > > hostname.vio0 > up > > hostname.vlan0 > inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10 > > then reboot > > I can not ping 10.10.10.1 > > If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping > 10.10.10.1 > > Or if I just use vio0 without vlan, > hostname.vio0 > inet 10.10.10.101 255.255.255.0 10.10.10.255 > I can also ping 10.10.10.1. > > Why vlan0 not linked vio0(parent) without create bridge? > > Is this normal? AM I miss understand vlan? > > (eg: I also tried on real machine with hostname.em0 card, same result) > > Thanks. > > > > > > Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC > I think you misunderstand vlan. Maybe describe what you're trying to do and see if somebody can suggest how to do it, which might involve vlan interfaces, or might not.
Re: vlan problem
On Mon, Jan 28, 2019 at 07:57:01PM +0800, johnw wrote: > hi, I want create vlan network vlan(4) **REQUIRES** switching equipment that supports 802.1Q Ethernet tagging. These are known as "managed switches".
Re: vlan problem
My system is: OpenBSD 6.4-current (GENERIC.MP) #639: Sun Jan 27 14:27:05 MST 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Thanks. On 2019年1月28日 19:57:01 [GMT+08:00], johnw wrote: >hi, I want create vlan network, I create two files > >hostname.vio0 >up > >hostname.vlan0 >inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10 > >then reboot > >I can not ping 10.10.10.1 > >If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping >10.10.10.1 > >Or if I just use vio0 without vlan, >hostname.vio0 >inet 10.10.10.101 255.255.255.0 10.10.10.255 >I can also ping 10.10.10.1. > >Why vlan0 not linked vio0(parent) without create bridge? > >Is this normal? AM I miss understand vlan? > >(eg: I also tried on real machine with hostname.em0 card, same result) > >Thanks. > > > > > >Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
vlan problem
hi, I want create vlan network, I create two files hostname.vio0 up hostname.vlan0 inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10 then reboot I can not ping 10.10.10.1 If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping 10.10.10.1 Or if I just use vio0 without vlan, hostname.vio0 inet 10.10.10.101 255.255.255.0 10.10.10.255 I can also ping 10.10.10.1. Why vlan0 not linked vio0(parent) without create bridge? Is this normal? AM I miss understand vlan? (eg: I also tried on real machine with hostname.em0 card, same result) Thanks. Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
Re: pppoe over vlan problem
On Tue, Sep 24, 2013 at 9:57 PM, Henning Brauer wrote: > * Daniel Gillen [2013-09-24 17:36]: > > After some debugging with tcpdump, I found out that from 5.0 to 5.1, > > OpenBSD introduced vlan priorisation support (IEEE 802.1p) and per > > default sets the vlan PCP field to the value 3. > > > > Unfortunately, my ISP only allows connections when this field is set to > 0 :( > > what? you are kidding, right? > > talk to the ISP and tell them they're on drugs. it is perfectly fine > to ignore the prio field, but requiring a specific value is absolutely > ridiculous. if they don't fix it, share who it is to warn people. > > that said, resetting should hav worked, I have a vague idea where that > bug might sit; can't check deeper right now tho. oh how much i wish we > had a bug tracker.one you can." > Actually, Orange, the biggest french ISP only accepts PPPoE connections with PCP field set to 0. Asking them to change this stupid behavior might be... "difficult". There is a plethora of xDSL providers here. But with optical fiber, we are totally screwed. This ISP is the only choice.
Re: pppoe over vlan problem
* Daniel Gillen [2013-09-24 17:36]: > After some debugging with tcpdump, I found out that from 5.0 to 5.1, > OpenBSD introduced vlan priorisation support (IEEE 802.1p) and per > default sets the vlan PCP field to the value 3. > > Unfortunately, my ISP only allows connections when this field is set to 0 :( what? you are kidding, right? talk to the ISP and tell them they're on drugs. it is perfectly fine to ignore the prio field, but requiring a specific value is absolutely ridiculous. if they don't fix it, share who it is to warn people. that said, resetting should hav worked, I have a vague idea where that bug might sit; can't check deeper right now tho. oh how much i wish we had a bug tracker. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
pppoe over vlan problem
Hi list I recently upgraded my firewall from OpenBSD 5.0 to 5.3 (i386). Unfortunately, after the upgrade process, my pppoe connection to my ISP didn't work anymore. I'm using kernel pppoe with the following setup: /etc/hostname.xl1: up /etc/hostname.vlan0: vlan 35 vlandev xl1 up /etc/hostname.pppoe0: inet 0.0.0.0 255.255.255.255 0.0.0.1 \ pppoedev vlan0 \ authproto pap authname "login" authkey "pass" \ up !/sbin/route add default -ifp pppoe0 0.0.0.1 After some debugging with tcpdump, I found out that from 5.0 to 5.1, OpenBSD introduced vlan priorisation support (IEEE 802.1p) and per default sets the vlan PCP field to the value 3. Unfortunately, my ISP only allows connections when this field is set to 0 :( As a work-around, I removed the setting of this field from the kernel and now it works but I wonder if there isn't a better way to solve my issue. According to the vlan(4) manpage, this should be fixable using a pf rule. I tried all the following (with and without "out") but none worked :( match out on vlan0 set prio 0 pass out on vlan0 set prio 0 match out on pppoe0 set prio 0 pass out on pppoe0 set prio 0 Any ideas are welcome. Thx in advance -- Unix _IS_ user friendly - it's just selective about who its friends are!
Re: VLAN Problem
Is possible You need to specify the netmask of your vlan interfaces cat out one of your hostname.vlan?? and show us one of mine looks like inet 10.120.6.102 255.255.255.0 NONE vlan 6 vlandev em0 On 1/26/09 10:42 AM, Denis Souza wrote: Friends, I'm using OpenBSD 4.1 with a VLAN with 2 IPs only (Netmask 30bits-255.255.255.252), but the SO is classfull, creating a link line in my router table: # netstat -rn ... 172.16/16 link#12 UC 10 - vlan1 ... But in my project the subnet 172.16.0.0/16 is wrong. The correct subnet is 172.16.1.1/30 to VLAN1. How may I do this with OpenBSD, because I have others subnets in my project: 172.16.2.1/30 to VLAN2, ... , 172.16.9.1/30 to VLAN9? Is this possible with OpenBSD? Thanks, Denis
VLAN Problem
Friends, I'm using OpenBSD 4.1 with a VLAN with 2 IPs only (Netmask 30bits-255.255.255.252), but the SO is classfull, creating a link line in my router table: # netstat -rn ... 172.16/16 link#12 UC 10 - vlan1 ... But in my project the subnet 172.16.0.0/16 is wrong. The correct subnet is 172.16.1.1/30 to VLAN1. How may I do this with OpenBSD, because I have others subnets in my project: 172.16.2.1/30 to VLAN2, ... , 172.16.9.1/30 to VLAN9? Is this possible with OpenBSD? Thanks, Denis
