OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: motamedn on November 08, 2020, 09:05:22 pm
-
I cannot get into interface during bridge creation no matter what I do. Please tell me what I'm doing wrong:
WAN: hn0 - "External" virtual switch - plugged into modem
LAN: hn1 - "Internal" virtual switch
LAN1-4 + LANWIFI: hn2-5+hn6 - "External" virtual switches used for the 4 ports of my add-in NIC and WiFi6, respectively
Steps to reproduce problem:
1. All interfaces enabled
2. LAN is set up with static ipv4. All other non-WAN interfaces are set up with "none" for IPv4/IPv6 configuration type.
3. Bridge0 created with Lan1-4+lanwifi
4. Replacing hn1 with bridge0 on LAN interface leads to no access to OPNSense.
Connecting another PC to one of the other RJ45 does not allow me to access the interface, either. I confirmed that replacing hn1 with hn3 and using hn3 to connect to another PC *DOES* work.
tl;dr I cannot get to the point that I can add hn1 into the bridge to finish setup and its driving me nuts. what am I doing wrong?
-
I have run OPNsense in Hyper-V successfully but have not created a bridge
Have you read this article
https://docs.opnsense.org/manual/how-tos/lan_bridge.html
-
Yep that was one of the guides I followed. Step 3 is basically where I was. When you replace the LAN interface with the bridge. At that point, everything is lights out.
Similar guide here: https://protectli.com/kb/how-to-enable-lan-bridge-in-opnsense/
**OPNsense Bridge Menu
**Under the Interfaces tree select Assignments
**Change the LAN interface to bridge0 and click Save
**Note: At this point access to the web interface will be lost. Plug into either port OPT1 or OPT2 to regain access.
-->lights out.
-
Sorry I'm not sure I'll be much help as I haven't setup a bridge within OPNsense before.
After reading this from the manual
At this point you will need to swap your LAN cable from the existing LAN connection to one of the NICs that were added to the bridge interface, once connected then you must wait, it can take some time for the interface to come back up, but keep refreshing the web interface until it does.
Is it possible the web interface is starting on a different IP address?
Are you able to get onto the console of OPNsense through Hyper-v and see what its network config is from the shell?
I am assuming you are swapping cables by instead swapping interfaces presented by Hyper-v
-
No worries, great questions:
1. I am using an Internal network virtual switch for LAN so I'm not sure how I would go about unplugging that.
2. It is possible that there is a different IP address but even when I go into the console and 'assign the ip' it doesn't work. Yes I re-connect the cable
3. I tried introducing a switch between the two PCs (PC w/ virtual machine and 2nd pc) in case that was the issue. It is not.
I haven't messed with swapping the interfaces in HyperV. I certainly thought about doing it but figured it would make things worse.
Maybe from the get go, I should select one of the I-350's ports (hn2-5) for LAN instead of hn1 (internal)..
**edit: Nope. starting from hn2-3 and going to hn4-5 or hn1,4,5 didn't work either**
-
I just tried doing it using just the external switches (hn2-5) and it still gives up at the same steps.
I only installed OPNSense, ran the wizard, then updated it. Was I supposed to set up some firewall rules or something?
-
Are you able to explain what your goal is with OPNsense and using a bridge?
Maybe I'm a bit confused as to what you are trying to achieve.
-
Yes-not trying to do anything fancy. This is being run on a PC that is always on. I want to use one of the ports to go to my access points and switches to move on to the other devices on the network. I want them all to be on the same 192.168.0.x network.
-
Sorry if this is basic stuff I am asking here...
So you have a PC that is always on and is running Hyper-v
You have a guest that is OPNsense and is your perimeter firewall/router
I'm not sure why you are needing to use a bridge?
Are you trying to use your 4 port NIC as a LAN switch?
Is OPNsense providing DHCP for the 192.168.0.0/24 LAN network?
If you are not using VLAN's then you would have two physical ports used on your PC that attach to two virtual switches in Hyper-v.
One is WAN and goes to your internet, and one is LAN that connects to your LAN switch
Your OPNsense guest then has two interfaces, one WAN and one LAN that connect to your respective Hyper-v switches.
If you want multiple ports connecting to your LAN switch, have you considered a LAGG?
You would usually break out separate networks to separate interfaces on your firewall for network segmentation and separation.
-
Sorry if this is basic stuff I am asking here...
So you have a PC that is always on and is running Hyper-v
You have a guest that is OPNsense and is your perimeter firewall/router
I'm not sure why you are needing to use a bridge?
Are you trying to use your 4 port NIC as a LAN switch?
Is OPNsense providing DHCP for the 192.168.0.0/24 LAN network?
If you are not using VLAN's then you would have two physical ports used on your PC that attach to two virtual switches in Hyper-v.
One is WAN and goes to your internet, and one is LAN that connects to your LAN switch
Your OPNsense guest then has two interfaces, one WAN and one LAN that connect to your respective Hyper-v switches.
If you want multiple ports connecting to your LAN switch, have you considered a LAGG?
You would usually break out separate networks to separate interfaces on your firewall for network segmentation and separation.
No reason to apologize. I am new to all this and take no offense.
1. I have a modem connected directly to RJ45 #1 on a PC that is always on. This PC has an add-in 4-port NIC (intel I-350)
2. This PC is is running OPNSense and RJ45 #1 is being used only by the OPNSense VM.
a. This PC is also used to browse the web
b. This PC hosts other VMs in Hyper-V, for instance 'home assistant' which controls other smart-home devices over LAN.
3. As it is, I have my "LAN" configured to be an internal virtual switch. If I understand correctly, that allows it to 'virtually' share the network connection to the host PC and to the other VMs on the machine. That part is working well.
4. In order to build out the LAN to the rest of the network, I need to use another RJ45 port, which is where the I-350 comes in. I am trying to build a bridge so I can both run the "internal virtual switch" and an RJ45 port from the I-350 within the same LAN so they can talk together. It may be nice to be able to leverage the other ports of the I-350 NIC down the line, but I'd settle for one in conjunction with the internal network right now.
Is OPNsense providing DHCP for the 192.168.0.0/24 LAN network? yes
If you are not using VLAN's then you would have two physical ports used on your PC that attach to two virtual switches in Hyper-v.
One is WAN and goes to your internet, and one is LAN that connects to your LAN switch.
Your OPNsense guest then has two interfaces, one WAN and one LAN that connect to your respective Hyper-v switches. That is my understanding too but doesn't this skip over the 'internal network'?
If you want multiple ports connecting to your LAN switch, have you considered a LAGG?
You would usually break out separate networks to separate interfaces on your firewall for network segmentation and separation. I have no idea what a LAGG is. care to elaborate?
I tried to attach a photo that shows the basics of the setup. Sorry my first stab at drawing this. Internet comes in from 'cloud' to modem to the PC with a physical port that is directed to firewall (OPNSENSE on the PC which is to the bottom right). One virtual switch "Internal" goes to the other VM and to the PC itself. one of the physical ports on the PC would move on to the rest of my network.
-
I'm going to try a workaround. Kind of 'cave man' but I could try removing one of the RJ45 ports (like hn5) from the virtual machine altogether. I could then get rid of 'internal' and set up LAN to be hn2 and cable out from HN2 to a switch that has one cable to rest of network, one cable that goes back to hn5.
WAN --> OPNSENSE (on PC) --LAN = hn2 --> SWITCH --> internet
Host PC <-------hn5 ---------|
-
I think most of your confusion is to do with virtual networking rather than OPNsense. Would this be correct?
You 'physically' have a PC that connects to your modem.
This PC has multiple network interfaces.
One interface connects to the modem
One interface connects to the LAN switch
When you setup Hyper-V on a PC, it creates a virtual switch and connects your existing LAN port to this switch. This is then shared by the host PC and the new virtual switch.
Any virtual machines you then create can also connect to this virtual switch and have access to the LAN.
You then want to create an additional 'external' virtual switch in Hyepr-v for WAN which connects to another port on your PC. Do NOT share this with the host. You plug your Modem cable into this port.
When you create your OPNsense VM you give it two interfaces. One connects to the WAN switch and one to the LAN. You might want to look at the MAC addresses presented from Hyper-v to match these up.
Anything that wants to connect from LAN to WAN has to go via the OPNsense router.
ALL LAN traffic will pass via your existing PC's LAN port to your switch.
If you want to later increase bandwidth or provide resiliency to this LAN connection, you can aggregate multiple ports together (Link Aggregation) LAG or in OPNsense LAGG.
-
Yes, you are correct and thank you for your patience. That was a revelation. So stupid--I hadn't considered that my host machine can sip off the outgoing LAN port. I now have an unshared (with host PC) WAN coming in and a shared (with host PC) LAN going out to my network. I tried this before but I did not reset the host machine after setting it up this way (just had reset the VM and done ipconfig/release and renew). I removed all the extraneous adapters and set it up as you mentioned and reset the PC and voila: both machines are online. Thank you very very much!
If you want to later increase bandwidth or provide resiliency to this LAN connection, you can aggregate multiple ports together (Link Aggregation) LAG or in OPNsense LAGG. I'd be interested in learning more oabout this. Any where I should read up on this at?
-
Happy to help and I was asking the exact same questions once!
Link Aggregation is quite a topic for reading and I would encourage you to investigate it well before proceeding.
In most scenarios that provide any real benefit you will need a managed switch where you can set this up first.
Read up on LACP.
If you have the equipment to do this and need the bandwidth/resiliency then you will be creating this between your Hyper-v hosts LAN switch and your physical switch.
Then all guests including OPNsense can benefit from this.
All good fun though!