OPNsense Forum
English Forums => General Discussion => Topic started by: Yewtink on March 28, 2024, 05:46:58 pm
-
I have my wan and lan1 working. I believe that I need to create a bridge for lan1-lan5 so that I can have a single network accessible any where on the lan. But from what I have read in the docs that is a bad idea. I need a single DHCP server that ports 1-5 will send the traffic in different directions on my lan. Is it possible to setup a virtual switch to do what I want? I am not good with the proper terminology so if someone can point me in the right direction it would be greatly appreciated. Basically 192.168.1.1 is the dhcp server and lan1-lan5 distributes to different area of the house with a switch or wireless access point for the clients to connect.
I do plan to use vlans in the future but just need to get the entire network up and running now.
-
You probably want to setup a LAN bridge.
https://docs.opnsense.org/manual/how-tos/lan_bridge.html
-
That what I was thinking but I saw somewhere that opnsense can't monitor all 5 lans, that it will only watch the last port. That is wasn't recommended to be used. But the PC is serious overkill so it might not matter or that has been patched since I saw the post about avoiding bridged lans?
-
The instructions did say that this is not a recommended way.
Make a backup of the config, then start testing?
I would probably connect a switch to LAN, cascade to the second switch, etc. but trying the bridge would be worth doing just to find out if it works for possible situations that one might run into.
-
Setting up a LAN bridge is not technically impossible, but will put a strain on your CPU for cross-traffic.
Considering the low prices for manageable switches these days, it may be preferable using one of these.
-
Setting up a LAN bridge is not technically impossible, but will put a strain on your CPU for cross-traffic.
Considering the low prices for manageable switches these days, it may be preferable using one of these.
Even with a 8 core 3.8 ghz, with 16 gb ram? I am running a single lan to a managed switch so wouldn't the load be minimal? Guessing the AP might put a little strain but I typically only run a few wifi devices I try to keep my networks wired.
(https://i.postimg.cc/NG2GRhHy/myopnsense.png)
-
Just try it. What bad thing could happen?
-
I finally got it to work. I am new this and wondering what I should be learning more about. I will make a network topology map later of my goal and maybe get a better understanding what I need to be focusing on.
thanks for the help guys.
-
Make sure you follow the documentation to the letter. These two tunables you are supposed to set are essential. ;)
-
Make sure you follow the documentation to the letter. These two tunables you are supposed to set are essential. ;)
1000% a different tutorial I was following didn't include that part. That was why I pulling my hair out.
-
1000% a different tutorial I was following didn't include that part. That was why I pulling my hair out.
Why are you following some arbitrary tutorial instead of looking into the official product documentation, first? Serious question - this happens so frequently and I fail to understand it. Whenever I try a new product, documentation is the first stop.
What can the project do to improve this situation?
-
see below...
-
Why are you following some arbitrary tutorial instead of looking into the official product documentation, first? Serious question - this happens so frequently and I fail to understand it. Whenever I try a new product, documentation is the first stop.
What can the project do to improve this situation?
Usually it comes down:
1) A web search shows it first.
2) Sometimes I have difficulty following along, the other source is easier to follow or understand. Or it is a video guide that I can follow along with.
Another issues comes to mind. I don't have an IT background and the documentation is written by someone with in-depth networking knowledge so something that is obvious to the writer is not so obvious to me. The other guides they will explain in detail why or why not to do something that was skipped over in the "Official Guide". Another issues I have ran into is the guide will be correct for version 24.1 but minor patch in say version 24.1.1 will change the GUI just enough I can no longer follow the "official doc". (like check box removed, added or totally different GUI all together) Unofficial guides seem to get updated before the official.
Like right now my network worked flawless for 2 days, suddenly my AP has been denied internet access. I am getting errors but it is in code lots of numbers but I am unable to click anything to take me to the issue. Would be nice if there was a link I could click that would take me to the problem. Maybe it does that now and my pop-up blocker is stopping it??
The other issue I am having is attempting to play a multi-player Xbox game on 3 different devices. Hosting on the Xbox Series X and joining from my PC works perfect. But I can't get it to connect going the other way Hosting a game on PC and joining on Xbox X I get failed to connect to host. Then I tried playing on Xbox One to Xbox X and they will connect fine. But the game is so unplayable with the lag. I finally found a site that mention that it was a known issue with Xbox and that the work around was to share the internet connect from my desktop to the Xboxes. I all ready had ordered a 2.5gb nic card that I am waiting for so I am hoping that will fix that problem.
I am guessing the AP issues is because I don't have a switch and I was hoping to keep the 2.5gb in the house.
Would it require a smart switch for the AP to work or would a dumb switch work fine?
I was playing with Proxmox with OPNsense before I bought the new hardware. Proxmox has the ability I believe to create a virtual smart switch it that possible with a direct install of OPNsense?
-
The switches in your diagram above, what are they? Do they have enough ports for everything wired and still have a couple left over?
In short, I would not create a bridge.
I would either get a bigger switch (if needed) or do the following:
OPNsense LAN --> switch 1 --> switch 2
AP1 --> switch 1
AP2 --> switch 1 or switch 2
Yes switch 2 is another hop, as long as switch 1 is not "full" (at capacity) you won't really be losing performance. And most switches in home or light business are not near capacity.
You could also make the above "better" by getting a third switch that is faster to work as the first level, then connect switch 1 and switch 2 to this new switch. Both AP could also connect to this new switch, depending on capability.
-
It is not so much the size of the switch but the speed I wish to keep. The gaming lan I would like to keep everything 2.5gb. Everything thing else I am happy with 1gb. To get a smart 2.5gb switch is really expensive that is part of the reason I chose the mini computer that I did. I figured one wire = one 2.5gb branch, but I really didn't think the access point would choke like it did. (cheap junk or limits of mesh technology?) I use the Mesh Access point as wifi bridge (not possible to set in bridge mode) that my 3rd AP grabs the signal and sends it into my detached wired office. I have been fairly pleased with the speed and the range of the wifi coverage. I felt that I was asking way to much from the little Deco hardware and it was over worked and would crash at least once a month and I would have to reboot everything manually until it recovered.
The way it was wired is how it was shown. I ended up dropping the 2nd access point. Then I was was having issues with the access point themselves. They are TP-Link Deco x55 they seem to work nice until they sync up with the cloud and all hell breaks loose. I reset the OPNsense router to right after I setup the bridge. Then plugged a dumb switch in front of the AP and walked away.
My original plan was to run wires to: router NICs are 2.5gb (I know I will never see that but my plan was to be available when I am LAN gaming with my nephews. hoping to keep 2.5 from router to game room)
ETH0= WAN
ETH1= lan bridge
eth5= 2.5gb computer I was using to set things up
eth2= 2.5gb living room to (smart switch) 1gb
eth3= 2.5gb game room (dumb switch 2.5gb)
eth4= 2.5gb was a wire out to the yard where I have an outdoor rated WIFI6 access point that also covers the house and about 300ft away.
eth5= 2.5gb went to another AP I had in the house. (I believe it was to close to the other AP causing problems, removed it) The wifi was still missed up so I did a system reset on wifi and still couldn't connect. That is when I reset the firewall and ever thing is working. But I have next to no security, right now.
I did have openDNS setup for a while so IDK if it was blocking the TP-link AP from reaching the cloud or another firewall rule I set had blocked it. I can't find much support from TP-LINK. But I am kinda worn out with missing with it. I did find a OPNsense Book 4th gen I just ordered from Amazon and going to start reading and see if I can get caught up.
I feel like I need to draw up my network topology and layout all my goals. Is their any chance there is an interactive tool or website that I could enter my network and use groups to get a list of recommended settings and plugins to use?
I want to have an office, streaming, (XBOX) gaming, zones and eventually a vlan to connect my sisters network next door to mine to share our printers and my game servers for my nephews. But I don't want the traffic to go out over the WAN. My ISP is really slow 25mb/5mb which would making gaming impossible. But I believe over WIFI6 it should be acceptable.
I attempted to find an OPNsense retailer, partner, tech in my area. But the nearest place was over hour away and only posted commercial rates. :( I am about 2 hours south of Washington DC and about 2 hours North of Richmond Virginia.
sorry for the novel again. Lots of ideas rolling around in my head and trying to figure out which ones are on track and which ones are just confusing me.
-
Just configure the LAN bridge by the official documentation and get everything working. Creating a separate (V)LAN for a different client can be postponed for later. Regardless of the FUD the FreeBSD bridge works fine since a complete rewrite some years ago. I't definitely not a switch so don't expect wire speed from client to client at 2.5 Gbit/s. Nonetheless it does work quite well.
Get your main network up and running with a LAN bridge, then measure if there are any performance bottlenecks you find unacceptable - only then consider a redesign with a proper switch.
Then think about VLANs and certain clients etc.
HTH,
Patrick
-
Hey, i got the same appliance but my setup is a bit different but maybe you can still help me out ?
I've installed proxmox on the appliance and virtualized OPNSense , using PCI passthrough gave to OPNSense VM a WAN and a LAN interface. Everything is working .
I have a managed switch on lan and everytime i connect a device a get an ip address so everything seems to be working.
Now i would like to do something different.
Right now proxmox is plugged to the switch using a cable and i would like to use a bridge to get rid of cable using a virtual brige .
I've created a Virtual bridge on proxmox and given it to OPNSense, using the official guide i then created a brige between the vnet0 and lan but proxmox does not receive any ip address
-
Eventually I have a feeling you will end up buying a 2.5gbps switch, looks like you can get a 5 port that includes a 10gbps uplink for around $44usd. No idea if these cheap switches will really perform, but https://www.servethehome.com/ has a bunch of reviews on some "cheap" 2.5 and 10gbps switches that might be worth looking at.
Summary is that I think you are going to get tired of fooling around trying to bridge those ports and get full speed out of them. Maybe it works, maybe it doesn't, but a switch is going to be a lot easier down the road.
-
So far I have been working the bugs out of other hardware on my network and my ISP finally confirmed that I was behind a double nat.
Is there and idiot proof way to understand error log (see attach photo)? I figured it was about the double nat, hoping there is a plugin or gui that would take me to the error. The rid was clickable but it did nothing when I clicked on it.
Another question I have if I decide to drop the bridge. I understand that I will have to add lan eth2-eth5, but do they require their own IP address? Think it would be obvious they would have to be static address, so if I am working down stream on eth3 do I still access the OPNsense with the current eth1 IP or would it be a seperate IP for each?
I know that if I wanted to I could put each one on their own subnet and link or route together. I did read that but I was hoping to keep things simple for now. As I get a better understanding I will probably separate the office network, home wifi, gaming network and have a public printer share and streaming into their own each independent LANs.
thanks!
-
To keep things simple - if you want to use more than one port of your device for LAN clients - you should definitely build a LAN bridge following the OPNsense documentation. Anything else would require to create multiple interfaces, multiple DHCP pools, firewall rules for everything, dealing with multicast ... not quite fun.
What part of the LAN bridge documentation is not working for you?
-
What part of the LAN bridge documentation is not working for you?
I am not sure that there is a problem. My access points was breaking (just stop working) I've had them a few months and the router and 2.5g switch was new. So I wasted days looking for problems in the wrong area. Then computer problems (windows update reset/broke office network), then something else, and something else. But I was wanting to have all areas getting 2.5g then dropping to 1g at each of the (3) switches. Currently everything is connected with @ 2.5g except 1 AP that is connected to 1g switch (only device) that I am using like a bridge to connect to a 2nd mesh AP that takes the signal into the office to a 16 port 1g smart switch. I have been having frequent network issues and spending many days and weekends resetting the old routers. (TP-Links) IMO once a very good affordable product, now with the trend of everyone wanting to move to a mobile cloud system they are pure garbage. Some how the cloud sync would override my latest configuration and would reset to an older state that was no longer appropriate. The reason I decide to go with OPNsense router so I had 100% control and not 5% control.
I still haven't created the network topology map that I have been planning for 2 weeks now. But because of the previous comments I have reran 2 new cat6 cables so everything is linked by wire. (router > switch > devices). Except the branch that goes to the office, router > 1g switch > Mesh AP <<wifi 6 about 200 ft away>> Mesh AP > Switch > Devices.
Trying to figure out how I can (ahem) should plan on linking lan to lan next door about 260 ft. My sister has young kids that is into Minecraft and I plan on hosting LAN game servers at home so the whole family can game together without the signal going out over the WAN connection. Because we live out in middle of nowhere our internet service is really to slow for online gaming. So one of my trains of thought is to remove 1 NIC from the bridge (or maybe 2) IDK still reading up on VLANs. So the point of the post earlier was IF I remove 1 NIC how to I set that up. IDK if setting up a VLAN to run to the office through the APs would cause issues with my mesh system (2) nodes off ETH2 and (1) off ETH4. Again still really new to VLAN I know that I can tag devices and the Smart Switch in the office can work as a VLAN client, OPNsense VLAN server. Not fully understanding how that would affect or if it would affect the AP.
- On the Bridge I assigned a static IP, do I need to define the mac as well? Or if that is left blank it will auto assign the MAC address on eth1?
- Oh I did remember one issue I had, the cable plugged into ETH1 wasn't connecting to the switch. Glanced over the settings and nothing jumped out to me as to why. So I moved the cable to ETH3 and it started working.
-
I haven't made any changes in my network in about a week. Last night my wifi started going offline randomly. When I logged in on the router checking for updates (still current) I found 2,500,481 errors on the bridge. How do I access the log to figure out what is going on?
-
:-\
I believe the errors are related to the DNS on my Xbox's.
-
Here is my simple network topology.
(https://i.postimg.cc/yJFk2WYS/mynetwork.png) (https://postimg.cc/yJFk2WYS)
Still looking for help.
(https://i.postimg.cc/DJvyDgMt/Screenshot-2024-04-17-182704.png) (https://postimg.cc/DJvyDgMt)
My ISP doesn't use IPv6 wondering if enabling this would improve the network for my Xbox at least on the LAN side?
-
Here is my simple network topology.
(https://i.postimg.cc/yJFk2WYS/mynetwork.png) (https://postimg.cc/yJFk2WYS)
Still looking for help.
(https://i.postimg.cc/DJvyDgMt/Screenshot-2024-04-17-182704.png) (https://postimg.cc/DJvyDgMt)
My ISP doesn't use IPv6 wondering if enabling this would improve the network for my Xbox at least on the LAN side?
Almost certainly not.
-
To keep things simple - if you want to use more than one port of your device for LAN clients - you should definitely build a LAN bridge following the OPNsense documentation. Anything else would require to create multiple interfaces, multiple DHCP pools, firewall rules for everything, dealing with multicast ... not quite fun.
What part of the LAN bridge documentation is not working for you?
(https://i.postimg.cc/v1mxgDd1/image.png) (https://postimg.cc/v1mxgDd1)
My bridge has 2,930,088 errors. Still haven't found troubleshooting documentation or anything that can help. I figure it will be something stupid simple as checking the wrong box or missing a config step. But I don't have a clue where to start looking for a fix other then rereading the setup documentation.
I did find out when I reloaded an old configuration, that eth1 wasn't included in the bridge in that saved version that is why I was not getting network a connection.
I have been asking about the MAC address assignment for the bridge. I do not know why the log keeps showing MAC changes for eth1-eth5. I assumed it would see it as a single port and be given the same mac to all ports, unless it was internal way of identifying a specific port. I have no clue how the programing side of things work.
I am still having issues with my TP-Link x55 AP and X50-outdoor AP. I really don't think it has anything to do with Opnsense because they was a problem before I moved to Opnsense. That is why I moved to separate devices I thought separating the jobs it would reduce the load on them and they would work. The mini pc I am using the highest usage I have seen will be a 20% load for less then a few seconds then it goes right back to less than 1% load.
But I have gained 4Mbps in down and 2Mbps up by ditching the x55 router function for just AP.
-
If you have unconnected ports in that bridge you will have output errors. This is not a problem.
-
If you have unconnected ports in that bridge you will have output errors. This is not a problem.
What about the Mac addresses changing? Seems like it should be static to match IP.
All ports are being used now.
-
Eventually I have a feeling you will end up buying a 2.5gbps switch, looks like you can get a 5 port that includes a 10gbps uplink for around $44usd. No idea if these cheap switches will really perform, but https://www.servethehome.com/ has a bunch of reviews on some "cheap" 2.5 and 10gbps switches that might be worth looking at.
Summary is that I think you are going to get tired of fooling around trying to bridge those ports and get full speed out of them. Maybe it works, maybe it doesn't, but a switch is going to be a lot easier down the road.
I wore myself out redoing the setup and always getting the same results on the Xboxes.
After exhausting my patience I bought a cheap 8 port 2.5g manage switch, to replace the 2.5g dumb switch I bought a month ago.
Set the static IP address for it and saved the Xboxes mac addresses to the assigned ports and rebooted everything..
I no longer have UPNP errors and have Open NAT ;D
https://a.co/d/c1D2u7N (https://a.co/d/c1D2u7N)
Still having issues with my wifi flaking out. I did run a dedicated lan cables from a bridged ports directly to the TP-Link X55 & X50-Outdoor I am using in AP mode.