Topics

Hello!
So I wanted to run this by some peoples and see what your advice is.

What I have is 6 Static WAN IP's.
What I have configured is 6 vlans w/ 6 DHCP Servers and 6 Interfaces in Switch Mode associated to its respective vlan.
Each Interface is running with a DHCP Servers to its respective vlan.
I have NAT and ACL's doing all what I need.
My question is, is this practical?

Should I have 1 Network and just NAT whatever WAN IP to whatever LAN IP would utilize it?
Should I have 1 Interface TRUNK 6 vlans to a Switch?

I just don't know how to do this practically. Would in theory each interface be ROUTED mode and have a switch at the end and run its own DHCP Servers?

Yeah it's a lot for home user but a lot of it is to experiment with. I have 6 switches to play with so wanted to kinda have fun. But also kinda stuck with vlan SVI interfaces or Routed interfaces and then 6 separate networks or 1 network using WAN to LAN IP on a need basis.

Hi so I am running everything through cloudflare and when I create a new letsencrypt cert I have to first disable cloudflare, create, then restart the cloudflare.

Does this too mean in renewals that I'd need to drop cloudflare each time It wants to renew? Can I set my letsencrypt to like yearly renewal?

Hey

So, I know that having access to this is a huge no no and I agree, but my thought process is to quickly enable my wireguard vpn from my phone, enable the caddy/ opnsense access and then from laptop I can access the opnsense dashboard and do what I need and then go back and disable it and use only when needed, that way it is not just open to the world.
I have done this.. But it will not ever load anything DASHBOARD, only sub categories [firewall, interfaces] etc which is fine, but was wondering if maybe something like opnsense would need a special setting in caddy.

Hello

I am looking for a 10Gb Switch. 8-10 Ports (10 GB). All my important devices have 10GB NIC's.
I have a Cisco SG350XG but it's so loud I wanna get something quieter. My only "need" in terms of management is I wanna create 6 vlans (6 networks and 6 dhcp servers).
Suggestions?

Hi all, so I been searching and what I found is either correct or I am implementing it incorrect.
I just wanna specify the folder where the reverse proxy can be reached.. Usually the simple IP Address and Port is sufficient but I need to specify /ubooquity/ directory. Nothing I do works.

http://<your-ip>:2202/ubooquity/

Hello

Currently running OPN in a VM environment with overkill 4 CPU's and 64GB RAM and 128GB HD.....LAN is a 40Mb nothing remotely fast but fast enough... Wanted to get out of the VM scenario and I have a spare Intel Celeron GR900 3.10Ghz, 16 GB RAM and 500gb HD...Will this suffice?

Hey

So I by no means say it is OPNSense, I simply am curious if there is possibly anything I need to do for PS5 [Console in general] in terms of opening ports? I assume all access is initiated inside out therefore I would not need any access, but, anything NAT wise or specific to PS5 or Game console?

PC games, like world of warcraft, never lag spikes. Seems it is only PS5 [Call of duty] or Xbox 360 [sea of thieves]

PS5 says NAT Type 3 if that helps..

So unless I have forgotten how to correctly google search, I really can't find anything that helps my needs.
I seem to be struggling with connecting my opns opnvpn to my frootvpn. I have my .opvn I kinda wish there was just an import option.
Anyway, I'm looking for a guide.

Help me 8(

I can not say that I really have anything "wrong" on my network in terms of speeds etc, aside from those random 20-30 minute lag sessions even when my bandwidth shows minimal, but I see MANY of these.

If it helps, 172.16.2.1 is the OPNSense LAN IP [And DNS Server [I have adguard and unbound]] and 172.16.2.2 is the Cisco Switch
If I am reading it wrong, 172.16.2.2 is being blocked from accessing 172.16.2.1:53 for DNS or even 8.8.8.8 for DNS?

Hello. So even while Monit errors out connecting to the mail server, I am sending and receiving from the mail server. I hate words like "it's OPNSense" because it most likely is me, but I can indeed verify that the mail server I inputted indeed works from my iPhone and laptop, so I do assume it is an issue on OPN.

This is the log, newest to oldest;

2024-12-28T10:11:30-07:00   Error   monit   Aborting event   
2024-12-28T10:11:30-07:00   Error   monit   Mail: Delivery failed -- no mail server is available   
2024-12-28T10:11:30-07:00   Error   monit   Cannot open a connection to the mailserver mail.mydomain.org:25 -- Operation now in progress   
2024-12-28T10:11:30-07:00   Error   monit   Cannot connect to [mail.mydomain.org]:25 -- Connection timed out   
2024-12-28T10:11:00-07:00   Informational   monit   'OPNsense.localdomain' Monit reloaded   
2024-12-28T10:10:59-07:00   Informational   monit   Reinitializing Monit -- control file '/usr/local/etc/monitrc'

Hi

Currently I have OPNSense [VM] as my firewall with 6 static routes to find where my 6 Networks are located which is on my SG350XG. I am having too hard of a time finding out where my bandwidth is being used and issues with slow network and it's simply too difficult trying to do so with having to look at 2 arps etc.. ANYWAY..

I want to move my 6 Networks/ vlans back to the OPNSense and 6 DHCP Servers as well. I want to run a TRUNK from OPNSense vlans 2-7 and then on SG350XG make a TRUNK for vlan 2-7 and then assign which interfaces I want each vlan. This way I can have 1 ARP and through OPNS I can see all the visual data!?

Hi so my OPNSense LAN is 172.16.2.1 and the Switch connected to it (that has the subnets) with a LAN 172.16.2.2. I have, on OPNSense, 6 static routes to find 6 networks on 172.168.2.2. On the Switch I have 0.0.0.0 172.16.2.1 default route back for all networks to reach Internet.
All works fine. On the Switch, Cisco SG350XG my arp table has all 20-30 lan ips as it should. On OPNSense the ARP table just shows 172.16.2.1 and 172.16.2.2. I was curious if both the switch and OPNSense clearly communicate via the 172.16.2.0 Network, should the OPNSense also be able to see the arp table as well?

Hello.

I have everything set up [correctly] as it all "works" but wanted to verify.

So I have a block of 8 static ips, 6 usable. x.x.x.177 - x.x.x.182 and .182 is the default WAN/IP that my OPSN Firewall obtains, so all other [WAN] IP's use that as their Gateway.
Under Interface:Virtual IP's I have x.x.x.177 - x.x.x.182... But I was thinking, do I need the x.x.x.182 as a virtual ip if it in itself is the firewall WAN IP?
Also, being I have only a block of 8, that is a /29 but in Virtual IP when I add an entry, would that also be /29 or would it be /32 as it is by itself?

I guess my question about cidr is what /x in the entry wanting? The specific IP standalone or as part of the 8 ips

Hello all

Wow, love the new forum look!!

So I have a working OPNS+Caddy and then a working Cloudflare (with a different domain) but was curious how to make this work or if I was able to, being a reverse proxy with certs and all. I don't mind experimenting etc but was hoping maybe some references or guide or recommendations?

Hello

So I have a block of 6 usable static IP's. My Opmsense FW has the default of x.x.x.182 as the main FW Ip/Gateway. This ip does not have a domain registered to it.
I have x.x.x.181 has a domain I purchased with it and also happens to host the inside devices caddy is using... right now I have it coming in on .182 and port forward to the correct lan and had to create a duckdns for that.. I wanna use my domain instead, but it is not the default wan ip.

Is this an option?

Hi

So I tested this 2 ways.

Left ON and have to disable it every day or other day.
Left OFF Internet has not been sluggish in a week it was off
Turned back ON, happened a day later.

I am assuming "I" have something set wrong, too picky, but not sure what!

Hello

So I have a working WG (running on a machine on the LAN side) with access to my whole LAN through the tunnel and I have a working Caddy on the OPNSense firewall used in conjunction with my "access per application" to specific apps/dockers on my various systems.

Is there a way to have them work together? Would there be any benefit? Is haven't ONE anymore secure than the other?

So, one on side everything says it is working good and correct, on the other when I do DNS LEAKE test it says "exposed and leaking and ISP can see everything" and yet the DNS Servers listed are nothing to do with my ISP.

Your DNS requests are exposed!
Whoever runs your DNS servers can log every website you visit.
162.244.53.198
i3D.net B.V
United States
United States
172.70.213.95
CloudFlare Inc.
United States
United States
162.244.53.202
i3D.net B.V
United States
United States
172.70.205.51
CloudFlare Inc.
United States
United States
172.70.205.233
CloudFlare Inc.
United States
United States

Hello

I have 192.168.2.181:9090 running cockpit on one of my Debian boxes and I am trying to make an entry through caddy to access it but no success. It does not error out or timeout, it loads, to a blank screen. I set up about 15 other entries on caddy to various LAN IP's as well as other 192.168.2.181 such as 8080, 9091 etc various apps but it seems something in cockpit is blocking the reverse proxy approach. I have googled some "solutions" but it seems not pertain to me cause they do not work

Hello

So, I see quite a few links on google and here about configuring etc, but what really is it used for? Is it beneficial beyond me already having NordVPN+OpenVPN config or my Wireguard [really just for home use]? Is it something I should use?
Just casually curious of peoples usages and thoughts on it.