Community discussions

MikroTik App
 
notthebee
just joined
Topic Author
Posts: 1
Joined: Thu Apr 14, 2022 9:29 am

Unable to access devices with static IPs from a different subnet

Wed May 25, 2022 1:50 pm

I have several VLANs on my network, notably 10.0.0.0/24 for Docker applications (Macvlan) and 10.13.13.0/24 for Wireguard clients (the Mikrotik router acts as a Wireguard server). The main (non-VLAN) subnet is 192.168.3.0/24
When I'm at home and trying to access the devices with static IPs from the main subnet (192.168.3.0/24), it works with no issues. However, when I'm VPN-ning into the home network, I can't access those devices. At the same time, the same devices also receive a second (dynamic) IP from the DHCP server on the router, despite already having a static IP assigned by the router. I am able to access those devices via their dynamic IPs:
● aria ~ ping 192.168.3.230                                                      
PING 192.168.3.230 (192.168.3.230): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- 192.168.3.230 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

● aria ~ ping 192.168.3.59                                                                                     
PING 192.168.3.59 (192.168.3.59): 56 data bytes
64 bytes from 192.168.3.59: icmp_seq=0 ttl=63 time=46.355 ms
64 bytes from 192.168.3.59: icmp_seq=1 ttl=63 time=38.365 ms
64 bytes from 192.168.3.59: icmp_seq=2 ttl=63 time=31.205 ms
64 bytes from 192.168.3.59: icmp_seq=3 ttl=63 time=31.699 ms
64 bytes from 192.168.3.59: icmp_seq=4 ttl=63 time=33.145 ms
^C
--- 192.168.3.59 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 31.205/36.154/46.355/5.698 ms
The Docker containers on the 10.0.0.0/24 subnet are also not able to access the static IP devices. Weirdly enough,
arping
works:
● mona ~ docker exec -it homeassistant bash
bash-5.1# ping 192.168.3.230
PING 192.168.3.230 (192.168.3.230): 56 data bytes
^C
--- 192.168.3.230 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
bash-5.1# arping 192.168.3.230
ARPING 192.168.3.230 from 10.0.0.18 eth0
Unicast reply from 192.168.3.230 [e4:1d:2d:d9:61:90] 0.230ms
Unicast reply from 192.168.3.230 [e4:1d:2d:d9:61:90] 0.248ms
Unicast reply from 192.168.3.230 [e4:1d:2d:d9:61:90] 0.271ms
Unicast reply from 192.168.3.230 [e4:1d:2d:d9:61:90] 0.405ms
Unicast reply from 192.168.3.230 [e4:1d:2d:d9:61:90] 0.330ms
^CSent 5 probe(s) (1 broadcast(s))
Received 5 response(s) (0 request(s), 0 broadcast(s))
bash-5.1#
There are no firewall rules that explicitely isolate those VLANs.
I've attached the output of export hide-sensitive.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: mvz71, NetHorror and 79 guests