Two OPNSense Router

[cardins2u]

Hi franco,

I been trying to setup two OPNSense to route to each other and fail horrible.

OPNSense1
WAN: 10.2.10.10
Gateway: 10.2.10.1
LAN: 192.168.10.1/24

OPNSense2
WAN: 10.2.10.20
Gateway: 10.2.10.1
LAN: 192.168.20.1/24


I'm trying to interconnect OPNSense1 to OPNSense2. I created the gateways and static routes. I setup the firewall to allow access but it wont work. can you give me some help.

thank you

[djGrrr]

Have you disabled NAT on the WAN side of each OPNsense?

[franco]

Hi cardins2u,

djGrrr may be right: disable outbound NAT if you want to do native routing between the subnets.

Also make sure the "block private networks" option is off in the WAN interface settings.


Cheers,
Franco

[cardins2u]

Cool that worked!

SO in your experience. Is it better to connect two subnet through the LAN or WAN interfaces?

I'm sure both need firewall settings to work. Which method would be preferable.

[cardins2u]

@franco

Now that I got everything working and even ping across sub nets. I hit into another issue:


 second of all all though I can ping one of the server ips from OPNSense1 to OPNSense2 computer web server https://10.0.0.45:8443 (unifi controller). When I go to the address it wont load. I have to open up CMD and ping the 10.0.0.45 then reload https://10.0.0.45:8443 for the website to work.

do you know what I'm doing wrong?

[franco]

Connecting through WAN or LAN (or OPT) is a matter of trust: WAN traditionally means no trust, LAN means unrestricted trust, OPT means partial trust. You certainly have less issues with moving the routing to LAN or OPT. OPT will probably fit best.

I'm not sure about the ping required to be able to access the server. It may be some type of state tracking getting in the way. It's probably related to the WAN-type routing. Did you disable NAT?


Cheers,
Franco

[cardins2u]

yes I'm using LAN to lan right now. Everything works fine from OPNSENSE1 to 2.

but from 2 to 1 you have to ping to work.