I’ve set up interfaces 2 to 5 as a switch, with interface 2 as the master. Interface 1 is the WAN port with an IP configured and has a VPN attached. Interface 2 has an IP address configured and acts as the CPU connection to the switch. There’s nothing attached to interfaces 2 or 3. A device is connected each to Interface 4 and to Interface 5. Neither of the interfaces 3, 4 or 5 are configured with an IP address. For some reason I can ping across the VPN to the devices attached to interfaces 4 and 5 but I can’t ping from the device on interface 4 to the VPN or the device on interface 5. Using firmware 4.16 (yet to update but don’t think it would affect this). Help - what am I missing?
Check firewall rules on each side of the VPN? On hosts you’re testing from?
Thanks elgo. I’ve switched the firewalls off and no change unfortunately. Plus, I can ping between devices attached to the switch but I can’t ping from one end of a VPN to devices attached to the switch at the other end. The VPN is configured with a destination subnet of /24, and all the attached devices are within this range but nothing gets to them. Its as if the cpu won’t forward a ping from the VPN to the switch.
I’ve updated to 5.7 and am going to try the same. I see that some ‘switch’ things have changed. There is now a CPU port in addition to the 5 interfaces on a 450G.
I’m still thinking about some filtering somewhere, if you disabled FW personnal devices then… I would check your routerboard filter rules. I suppose VPN tunnel has it’s own (sub)interface so must have it’s own ruleset if you wanna some flow to enter your LAN?
Got to the bottom of this - it was an issue of routing. I had ‘ganged’ two 450Gs together with both master (cpu) ports configured in the same IP range as the devices attached to the switches on both devices. My confusion arose from thinking that the master (cpu) ports communicated through the switch. Actually, in this arrangement, the CPU ports communicate in parallel to switch communication. After spending hours getting thoroughly confused with routing I configured both 450Gs as CPU devices only and attached them to an external switch and discovered the answer 10 minutes later.