Compare commits
2 Commits
87e3a74aa1
...
1cfd87f450
| Author | SHA1 | Date | |
|---|---|---|---|
| 1cfd87f450 | |||
| 24728729f2 |
@@ -4,6 +4,21 @@
|
|||||||
|
|
||||||
## 2025-12-28
|
## 2025-12-28
|
||||||
|
|
||||||
|
### Guest VLAN Internet Fix
|
||||||
|
- Fixed Guest VLAN (10.4.30.0/24) having no internet access
|
||||||
|
- Root cause: OPNsense DHCP and firewall rules referenced non-existent 10.4.2.129 for DNS
|
||||||
|
- Fix: Updated all DNS references in OPNsense config.xml from 10.4.2.129 to 10.4.2.11 (Pi-hole)
|
||||||
|
- Affected: DHCP DNS server settings for all VLANs, firewall DNS allow rules
|
||||||
|
- Guest clients need DHCP lease renewal to get correct DNS server
|
||||||
|
|
||||||
|
### RustDesk Server Deployment
|
||||||
|
- Deployed RustDesk server LXC 129 on pm2 via ProxmoxVE helper script
|
||||||
|
- Configured static IP: 10.4.2.36
|
||||||
|
- Added local DNS: rustdesk.kav
|
||||||
|
- Public key: `UCLpXJifKwWZRWIPqVkyrVfFH89DE8Ca0iBNZselaSU=`
|
||||||
|
- Services: hbbs (signal), hbbr (relay), api
|
||||||
|
- Ports: 21115-21119 (TCP), 21116 (UDP)
|
||||||
|
|
||||||
### Network Infrastructure Cleanup
|
### Network Infrastructure Cleanup
|
||||||
|
|
||||||
#### Static IP Migration Complete
|
#### Static IP Migration Complete
|
||||||
|
|||||||
@@ -107,16 +107,16 @@ Unmanaged Gigabyte switches pass VLAN tags through (they just don't understand t
|
|||||||
#### DHCP Configuration
|
#### DHCP Configuration
|
||||||
|
|
||||||
All DHCP served by OPNsense:
|
All DHCP served by OPNsense:
|
||||||
- LAN: 10.4.2.100-200, DNS: 10.4.2.129 (Pi-hole)
|
- LAN: 10.4.2.100-200, DNS: 10.4.2.11 (Pi-hole)
|
||||||
- Trusted: 10.4.10.100-200, DNS: 10.4.2.129
|
- Trusted: 10.4.10.100-200, DNS: 10.4.2.11
|
||||||
- IoT: 10.4.20.100-200, DNS: 10.4.2.129
|
- IoT: 10.4.20.100-200, DNS: 10.4.2.11
|
||||||
- Guest: 10.4.30.100-200, DNS: 10.4.2.129
|
- Guest: 10.4.30.100-200, DNS: 10.4.2.11
|
||||||
|
|
||||||
#### OPNsense Firewall Rules (Implemented)
|
#### OPNsense Firewall Rules (Implemented)
|
||||||
|
|
||||||
| Rule | Source | Destination | Action |
|
| Rule | Source | Destination | Action |
|
||||||
|------|--------|-------------|--------|
|
|------|--------|-------------|--------|
|
||||||
| Allow DNS | IoT/Guest | 10.4.2.129:53 | Pass |
|
| Allow DNS | IoT/Guest | 10.4.2.11:53 | Pass |
|
||||||
| Block IoT→LAN | 10.4.20.0/24 | 10.4.2.0/24 | Block |
|
| Block IoT→LAN | 10.4.20.0/24 | 10.4.2.0/24 | Block |
|
||||||
| Block Guest→LAN | 10.4.30.0/24 | 10.4.2.0/24 | Block |
|
| Block Guest→LAN | 10.4.30.0/24 | 10.4.2.0/24 | Block |
|
||||||
| Block Guest→IoT | 10.4.30.0/24 | 10.4.20.0/24 | Block |
|
| Block Guest→IoT | 10.4.30.0/24 | 10.4.20.0/24 | Block |
|
||||||
|
|||||||
@@ -60,6 +60,7 @@
|
|||||||
| **Home Assistant** | 10.4.2.33:8123 | VM 100 (pm1) | hass.kavcorp.com | homeassistant.kav |
|
| **Home Assistant** | 10.4.2.33:8123 | VM 100 (pm1) | hass.kavcorp.com | homeassistant.kav |
|
||||||
| **Ollama** | 10.4.2.34:11434 | LXC 123 (elantris) | ollama.kavcorp.com | ollama.kav |
|
| **Ollama** | 10.4.2.34:11434 | LXC 123 (elantris) | ollama.kavcorp.com | ollama.kav |
|
||||||
| **Twingate** | 10.4.2.35 | LXC 101 (pm1) | - | twingate.kav |
|
| **Twingate** | 10.4.2.35 | LXC 101 (pm1) | - | twingate.kav |
|
||||||
|
| **RustDesk** | 10.4.2.36:21115-21119 | LXC 129 (pm2) | - | rustdesk.kav |
|
||||||
| **Foundry VTT** | 10.4.2.37:30000 | LXC 112 (pm3) | vtt.kavcorp.com | foundryvtt.kav |
|
| **Foundry VTT** | 10.4.2.37:30000 | LXC 112 (pm3) | vtt.kavcorp.com | foundryvtt.kav |
|
||||||
|
|
||||||
### Game Servers (10.4.2.40-49)
|
### Game Servers (10.4.2.40-49)
|
||||||
|
|||||||
Reference in New Issue
Block a user