omv5 or OS blocking network after subnet change

  • Hi


    Problem: after changing subnet of omv5, the external connection to my nas and dns is no longer working


    - I installed the latest omv5 on SD card (terramaster nas F4-422: intell cpu, 12Gb ram and 3 nic's insite) by creating an vmware image, convert the image, update grub, update os, (...) I used DHCP address with fixed lease of 192.168.1.12/24. Gateway and DNS given by dhcp: 192.168.1.1. Everything is working fine.

    - I switched my server subnet 192.168.30.x/24 (by gui or omv-firstaid).

    - Reboot.


    Problem:

    - DNS no longer working: on ssh prompt nlookup http://www.google.be -> no server found.

    - external connection is no longer possible (e.g. ping)


    However:

    - after reboot: I got my dhcp addresses 192.168.30.12

    - after reboot the ssh message is telling me my gui is available on 192.168.30.12:80

    - on the ssh prompt I see my gui is listening on *:80. with telnet I can check this: ok. site reachable


    What I tried:

    network:

    - omv-firstaid: nic fix addresses. somethimes it gave me errors back, sometimes not.

    - omv-firstaid: reconfigure gui port

    --> I checked /etc/netplan/* and applied netplan. It is not here where it is going wrong.

    - restart nginx, reconfigure nginx: "omv-salt stage run deploy"

    - I make sure apache is off.

    - iptables => alle chains accept. No firewall configured.

    - routing: my routes for the new subnet looks fine.

    DNS:

    - manual overwrite dns in /etc/resolv.conf by adding my dns server


    I slowly realised it is propably not the omv install itself, but somewhere in my OS level, my subnet is hardcoded. When I go back to the old subnet, everything is working fine.



    Can someone point me out where else I can dig?;(


    regards


    Johan.

  • votdev

    Approved the thread.
  • Hi


    I did some more research:

    - complete new install starting from my subnet (192.168.30.x): on vmware level everythings works fine. After that I need to convert to an img file, write it to my SD-card and put it on my omv nas.

    - I connected a laptop to my omv network cable to check if my switch is configured well.

    - my switch (zyxel 1900, L2 switch) is setup to tag all packages with vlan ID 3.

    --> conclusion: I have the same issues: on ssh shell: dns is blocking; omv is not reachable from outsite; I can get dhcp addresses.


    lesson: I learned omv is not blocking some IP's / IP's are not hardcoded insite. However, vlan tagging is not working as expected on omv.


    Second experiment:

    - create nic enp2s0 without vlan: 192.168.1.12 using omv-firstaid

    - create vlan port on enp2so.3 (192.168.30.17)

    - config switch to be on default (no vlan) network, be a trunk and let pass tagged ID3 traffic.



    conclusion: both interfaces are working fine. Nice. It seems tagging traffic down the road on the switch is not a good idea with omv. However it works fine for other devices.


    to be continued:

    - I like to block regular access and only keep the tagged vlan3 traffic.

    - I need to bond 2 nic on this vlan3. this can't be done via gui. LACP protocol used.

    - I have a third 10Gbit nic which should directly connect, without switch, to one of my PC's.


    Johan.

  • Hi


    First 2 points accomplished:

    - I like to block regular access and only keep the tagged vlan3 traffic.

    - I need to bond 2 nic on this vlan3. this can't be done via gui. LACP protocol used.


    1) first point: my bonding port bond0 has no explicitly assigned ip address. See config below. In theorie a hacker could gain access on my terramaster, reconfigure my network and assign himself an regular address. It is not blocked on switch level. (If I do so, the vlan 3 subnet won't work anymore)


    2) second point: Define on switch level a LAG with 802.3ad (also called LACD) support.

    3) for backup purposes, I keep a simple config created via the omv5 gui. This will be overwritten afterwards.

    I created a 60-myconfig.yaml file. This file is executed after the other one. Pay attention, you may no longer apply network config via the gui. It will may clear /etc/netplan/*


    execute and apply network:

    netplan --debug try

    netplan --debug generate

    netplan --debug apply

    systemctl restart networking


    The last point is remaining. Keep you posted.


    And my original question: still stands. omv doesn't like vlan tagging on my switch. I found a workaround by using bond0.3 subnetting without giving the bon0 interfaces an IP in the main subnet.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!