Is there any specific reason why SWos devices lack IP address mask, Default gateway and DNS fields so that can be accessible from networks on other segments than the one the devices are attached to?
How difficult it is to be implemented in a future firmware update?
Anybody having the same problem accessing SWos appliances from networks other than their home network, please let me know if you have any workaround.
Thank you in advance.
Re: SWos Devices IP Addressing
SwOS has a very simple IP stack. It doesn't initiate connections, it only replies to connections. Hence it doesn't need DNS and many other things. The mechanism is that it replies to same MAC address from which packet (belonging to same connection) arrived. Which (in theory?) means that it should be accessible from other subnets because SwOS will simply reply via router's MAC address ... which incidentally is just what normal IP device would do, only mechanism of discovering MAC address is different.
So did you actually try to access SwOS device via router and you failed? Or you just suspect it doesn't work and you complained in advance?
So did you actually try to access SwOS device via router and you failed? Or you just suspect it doesn't work and you complained in advance?
-
-
pnikolatos
just joined
- Posts: 2
- Joined:
Re: SWos Devices IP Addressing
Complain in advance? Is this a new technique to resolve difficulties in accessing network appliances?
I' ll try it in my next project, Thanks for your kind advise.
Seriously now, I try to reach my customer's appliances over VPN that is connecting me to his site.
I never had that problem using ROS appliances either with 6.xx or 7.xx version, or third party layer 2 switches, that usually provide a simple layer 3
mechanism to make them accessible over different network segments.
This time I had to use SWos appliances and unfortunately found out that accessing them through VPN via plain dstNAT is a pain in the ...brain.
Just today I've read about that "simple replying mechanism" SWos is implementing to answer back to same MAC address from which packet the packet arrived, which in theory means that it should be accessible from other subnets but it doesn't, or at least is not working for me.
The only reason I' m posting is to see if anybody else tried to resolve the problem and if it was a success or not, before doing any deep dive in to firewall for any possible workaround.
I' ll try it in my next project, Thanks for your kind advise.
Seriously now, I try to reach my customer's appliances over VPN that is connecting me to his site.
I never had that problem using ROS appliances either with 6.xx or 7.xx version, or third party layer 2 switches, that usually provide a simple layer 3
mechanism to make them accessible over different network segments.
This time I had to use SWos appliances and unfortunately found out that accessing them through VPN via plain dstNAT is a pain in the ...brain.
Just today I've read about that "simple replying mechanism" SWos is implementing to answer back to same MAC address from which packet the packet arrived, which in theory means that it should be accessible from other subnets but it doesn't, or at least is not working for me.
The only reason I' m posting is to see if anybody else tried to resolve the problem and if it was a success or not, before doing any deep dive in to firewall for any possible workaround.
Last edited by pnikolatos on Wed Jul 26, 2023 4:18 pm, edited 1 time in total.
Re: SWos Devices IP Addressing
Add additional src-nat rule changing your VPN IP to the VPN server local one to let the SwOS answer locally.
Maybe proxy-arp is not configured properly?
Maybe proxy-arp is not configured properly?
Re: SWos Devices IP Addressing
I don't use a VPN to access my switches, but every time I access any of them it is from a different LAN and therefore is routed. Works fine. Nothing special required in the router.
Who is online
Users browsing this forum: No registered users and 3 guests