Truenas not accessible from Other VLANs

TrueNAS General
,
1

Hello everyone,

This is my first post here, although I’ve been using TrueNAS for over 10 years. I’m experiencing a frustrating issue after setting up VLANs on my network: the TrueNAS web interface is not reachable from other VLANs.

Here’s an overview of my network setup:

  1. Firewall & Router:pfSense
  2. Switch: Dell PowerConnect (managed, VLAN tagging enabled)
  3. NAS: TrueNAS server

Network Details

  1. VLAN 1: pfSense, PC, and Switch (IP range: 10.1.1.X)
  2. VLAN 10: TrueNAS (IP range: 10.1.10.X)

Problem Summary

  • pfSense has “allow any-any” rules, and I can successfully reach all other devices across VLANs.
  • The Dell switch is configured to tag VLANs correctly on the respective ports.
  • TrueNAS Configuration: I have two physical interfaces set up, both with a gateway in the 10.1.10.X range.

From VLAN 1, I can ping and SSH into TrueNAS without any issues, but I cannot access the TrueNAS web interface.

Question

Does anyone know how I can resolve this issue? Is there a specific TrueNAS configuration or pfSense setting I might be overlooking?

Thank you in advance for any help!

2

Both interfaces in the same VLAN? That’s wrong. Remove one of them.

3

No, the VLANs are separate, and I’m only connecting to one interface at a time.

  • Interface 0: This interface has a static IP in the 10.1.10.X range. When I connect through this interface from a switch tagged port 10, I can’t access it from VLAN 1.
  • Interface 1: This interface uses DHCP. When connected to a switch port tagged with VLAN 1, it’s also not accessible from VLAN 10.

Any ideas on what could be causing this issue? Thanks for the help!

4
  1. You cannot have two default gateways. Remove the gateway from the one that is configured statically.
  2. You can then only access the interface in VLAN 1 from clients in VLAN 1 and the interface in VLAN 10 from clients in VLAN 10.
  3. Trying to access the interface in VLAN 1 from a client in VLAN 10 or vice versa leads to asymmetric routing and is very probably blocked by your firewall.

That’s how it’s supposed to work. There is no policy routing mechanism in TrueNAS that will send “answers” to what you think is the “correct” interface. If a client contacts TN and the client is in VLAN 1, then TrueNAS will always send via VLAN 1 according to its routing table. Again, this is how IP is supposed to work if there is no policy routing in place. And policy routing is not a feature present in TrueNAS.

2 Likes
5

Thanks for your reply,

i can confirm that the gateway set is only one, it is 10.1.10.1 set under Global Configuration
The strange thing is that the ping and ssh can reach from a VLAN to the oher

is it possible that the WEB interface has resriction?

interfaces
interfaces1248×460 16.5 KB

igb0
igb01211×460 30 KB

Global
Global1295×460 32.2 KB

WEB Interface
WEB Interface1300×460 27.1 KB

6

Interface restriction: if set to 0.0.0.0 - no.

If you set a static gateway in global configuration but at the same time use DHCP for another interface, that one will of course also get a gateway from the DHCP server.

That’s why I wrote you must remove the static one. There must be only one default gateway.

Or get rid of DHCP and configure both interfaces statically.

1 Like
7

after 3 sleepless nights, I solved the issue.

it was deriving from MTU restriction on the VLAN interfaces, it was set to 1492 in order to be in line to my WAN MTU to avoid re-package by the Router, but it apparently crated problem with some devices.

Removing this MTU restriction from my LAN and VLANs it immediately solved the problem