Hi, I'm probably asking a stupid question so my apologies beforehand.
I've just installed a new OPNSense box for my homelab (small super micro 19inch box with a couple of nics) and that works fine, I've added Pi-Hole on a raspberry Pi4
And just assigned one of the nics of the OPNSense box and connected the Pi to that directly (new ip range).
The static IP of the Pi-hole box is set as the DNS for the LAN interface and the general DNS is set to OpenDNS servers.
Although this seems to work, it feels a bit sloppy.
Oh, the reason for using one of the OPNSense box NICs for the Pi as opposed to directly plugging the Pi into the Lan switch is just aesthetics, so probably not the best reason.
1. Would it be better to use 2 bridged NICs as LAN and connect 1 port to the Pi and the other to the switch where the rest of the equipment is connected? (I read the bridging NICs is not advised?)
2. Forget about a separate NIC on the OPNSense box and just link the Pi to the Switch connected to the LAN port
3. Keep my current setup.
The thing is that I would like to use one of the (10 available on the OPNSense box) NICs for VPN where I just connect this port to a separate Switch (I've 2 more available in my rack) so that I end up with 1 switch connected to the LAN port of OPNSense and 1 switch connected to the (to be configured) VPN port of the switch.
The reason for all of this is that I would like to he able to plug in one or more test machines that just connect to my corporate VPN while leaving the normal LAN unaffected.
The normal lan should be served by the PiHole DNS and the VPN, well by the VPN.
I'm not sure how I could set this up.
Kind regards!
I have my pi-hole running as a VM in the normal home LAN to keep things simple. Maybe I'll put it in a separate subnet one day but I see not too many convincing advantages.
If you're running a homelab, you may want to consider running a hypervisor on the Supermicro and run OPNsense and Pi-Hole as virtuals. Pair it with a managed switch to play around with bonded VLAN's for storage, backup, management, etc. That will put those NIC's to good use 8)
Bart...
Thanks, hmm virtualization might be a good idea indeed maybe I'll take a look on https://dietpi.com/ seems to have a VM image with Pihole.
And should it be possible to dedicate 1 interface to a VPN tunnel and leave the LAN port unaffected?
Quote from: Broodjeworst on May 20, 2020, 11:08:43 PM
And should it be possible to dedicate 1 interface to a VPN tunnel and leave the LAN port unaffected?
Indeed you can but it will have to join your WAN traffic at some point. You can also separate your management traffic internally or run a separate storage/backup network. Scope for experimentation.
Bart...
Quote from: Broodjeworst on May 20, 2020, 11:08:43 PM
Thanks, hmm virtualization might be a good idea indeed maybe I'll take a look on https://dietpi.com/ seems to have a VM image with Pihole.
Or use the normal debian installation. Works like a charm here...