Need a second pair of eyes

PhilipPeake · November 17, 2024, 3:12am

For reasons that are stupid, so I won’t open that can of worms here … I need to extend my 1.0.0.0/24 network to 10.0.0.0/23.
Configured a 10.0.1.X static address in DHCP.
I made the changes, and forced a DHCP update on the devices that matter - looks fine, correct addresses and netmasks.

However, there are problems with connectivity between devices on the 10.0.0.0 and 10.0.1.0 ranges - and I can’t see the problem.
No matter how hard I stare at the config.
I am hoping it’s one of those things a second pair of eyeballs will see right away.

Config listing attached.
2024-11-16.rsc (7.63 KB)

anav · November 17, 2024, 3:31am

First try rebooting the router.
Everything looks good so far, did you enter in netmask manually or did it simply popup??
Go back and re-enter this 10.0.0.0/24 for address dns-server=10.0.0.21,1.1.1.1,8.8.8.8 and gateway=10.0.0.1 and ensure netmask is not filled in ( then hit apply )
Remove this static default DNS rule.
/ip dns static
add address=10.0.0.1 comment=defconf name=router.lan
Something is weird in our ROUTING RULE…
Did you mean to ONLy send ONE IP out the wireguard .23
Or did you mean the whole subnet and put the 23 on the wrong spot???

/routing rule
add action=lookup src-address=10.0.0**.23/32** table=VPN

Maybe it was supposed to be
add action=lookup src-address=10.0.0.0/23 table=VPN

PhilipPeake · November 17, 2024, 3:39am

#4 - yes, just one IP to that wireguard connection

I use Webfig to configure it - I just changed the /24 to /23 on the address and everything updated - apart from the Hairpin config, I had to manually change that.

I will reboot, and make the othe changes that you suggest.

PhilipPeake · November 17, 2024, 4:21am

Cleanup and reboot done - no change.
This is really odd … I just can’t see it ..
2024-11-16-2.rsc (7.66 KB)

anav · November 17, 2024, 1:27pm

Grasping at straws myself..

1A. Lets clean up DNS a bit.
From
/ip dhcp-server network
add address=10.0.0.0/23 comment=defconf dns-server=10.0.0.21,1.1.1.1,8.8.8.8
gateway=10.0.0.1 netmask=23
TO:
/ip dhcp-server network
add address=10.0.0.0/23 comment=defconf dns-server=10.0.0.1 gateway=10.0.0.1

(note add do not add mask on the config line).

1B. IP DNS remains the same …
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8

Why the need to create a FW address for your WANIP, if its is static, then its not required and just use the IP in rules
IF its dynamic then you need to resolve it, most use dyndns url from my IP cloud

ex.
/ip firewall address-list
add address=###mynetname.net list=WAN-IP

Move hairpin loopback sourcenat rule to the top of the rules.
All the destination nat rules will require dst-address=actual WANIP (if static) OR dst-address-list=WAN-IP (if dynamic )

anav · November 17, 2024, 1:31pm

Silly me!!
This is the problem
/ip pool
add name=dhcp ranges=10.0.0.100-10.0.0.200

SHould be:
/ip pool
add name=dhcp ranges=10.0.0.100-10.0.1.200

Or perhaps you need to express it like so
add name=dhcp ranges=10.0.0.100-10.0.0.254,10.0.0.1-10.0.0.254

rextended · November 19, 2024, 8:47am

Did you reboot those devices?

The devices themselves do not change the subnet mask from /24 (255.255. 255.0) to /23 (255.255. 254.0) by themselves.

They only do this when the lease expires and the DHCP server is configured correctly.

dlynes · November 28, 2024, 8:58am

Do you have any devices on the network using static IP addresses? If so, make sure that you’ve updated them to use a /23 subnet as well. Otherwise, they won’t see anything in the 10.0.1.0/24 portion of the subnet.