Best Of
Re: LTE5388-M804 loses network after some time
@RobTheNetworkGuy I have several SIMs and noticed the bug may occure mainly with one of them (not 100% sure, but I don't remember having the issue with the other SIM). As one difference is this LTE provider is IPv4 by default, I asked this LTE provider to enable IPv6 and changed APN configuration to IPv4+IPv6. FYI my network behind (pfSense) is IPv4 only, so IPv6 is only on LTE side. For now, every 12 hours the Zyxel detects "RILCMD: ConnState[0] is not attach in RS_READY." and then restarts the whole connection process including DHCP (udhcpc) with a new IPv4 address… but yet no connection loss during the last 36 hours.
Do you have an IPv6 address assigned, and if not maybe you could give it a try? Again, only on LTE side: no need to enable IPv6 on your pfSense.
Addendum: 48h and yet no network loss, except a few seconds every 12h. It seems to be that Zyxel fails to handle the DHCP IPv4 new address, but detects it if IPv6 is enabled and restarts the connection properly. My 2 cents.
Re: Accessing shared folders over IPSec Site to site VPN
To ping from office1 to office2 you need
firewall rule on Office 2
from IPSec_VPN
to LAN1
firewall rule on Office 1
from LAN2
to IPSec_VPN
I don't get why you can't ping from office2 to office1
do you get logs in office 1?
PeterUK
Re: Ubiquity vs USGFlex700
Little hint: scoop deep into Security Policies before design editing ;)
mMontana
Re: Ubiquity vs USGFlex700
You could use one port on Zywall and VLAN the other subnets on it each with their own zone
PeterUK
Re: Ubiquity vs USGFlex700
So. ge2 should communicate with ge8. Am I correct?
As most firewalls softwares, Zyxel ZLD have on top of interfaces an "higher" level of grouping called "zones". Into Zyxel devices, the default names should be Lan1, Lan2, DMZ, Guest; some devices have Wireless zone too, but don't quote me on that.
You can identify that into Security Policies: you are asked for zones, than interfaces, than "ip objects" like ranges, subnets, ip, whatever.
You can also see the zone assigned to the interface editing the interface itself; unfortunately as default, Zyxel assigne the same name for interfaces and zones but whatever. You can assign more interfaces on the same zone, but only one zone for any interface.
As default setting, LAN1 and LAN2 zones are allowed to communitate without hassle. Routing is automatically defined when editing the interfaces and their ip address, and the policy is there. So maybe assigne ge2 as LAN1 and ge8 as LAN2 zone, if security policy was not completely zapped away, should do the trick.
Zones can be customized and can be added but only when interfaces are available. Zyxel firmwares consider "interfaces" also vLANS and more things".
This… at least as fast explaination.
Otherwise, if you want on the same subnet ge2 and ge8 (would get rid of the necessity of security policy and routing policy between these two) you have to create a bridge between them, but long story short I strongly advise against that choice.
I'd love to see the outcome of your issue, if possible.
Have a lot of fun, your setup seems really promising from the devices here shared.
mMontana