I recently purchased gear to upgrade my network and have chosen OPNsense as my firewall/router. To allow the switch from one router to another, I am working to configure OPNsense as far as I can before switching out my old router for the new one.
I successfully got OPNsense up and running with a new install with a 192.168.1.1/24 range in the LAN with the WAN being provided via DHCP from my current router. However, my desired end state network uses 10.1.1.1/24, not 192.168... So, I reset OPNsense to factory settings and set 10.1.1.1/24 as the LAN static IP. However, now nothing is working.
Fios --> ASUS RT-AC86U (10.1.1.1/24 private IP space) --> OPNsense
OPNsense details
- WAN DHCP (has IP of 10.1.1.177 from the Asus' DHCP)
- LAN IPv4 10.1.1.1/24 with DHCP enabled
- allow all firewall rules for LAN/WAN
I successfully get an IP and can access the OPNsense web gui when connected to LAN. However, neither a LAN connected computer nor the OPNsense box itself are able to connect out to the Internet. Example, Pinging 1.1.1.1 from the OPNsense web gui times out.
I am assuming that my problem is based on the fact that my legacy network is using the same RFC-1918 private networking space (but I'm not positive) since it worked with OPNsense using 192.168.1.x.
Any help or thoughts getting this up and running would be greatly appreciated.
I guess the problem is that the WAN IP address is within the IP range in the LAN segment. Assuming that your information listed here is correct.
Each network segment should have its own address range.
E.g.
WAN segment (controlled by DHCP on ASUS router): 10.0.0.x/24
LAN segment (controlled by DHCP on OPNsense router): 10.1.1.x/24
hrm. I was afraid it was a problem similar to that. So, if that is, indeed, the issue am I right in assuming there would be no way to configure the OPNsense router to lift/shift to replace my old one in the same network space while having Internet access while doing the configuration?
thanks for the swift response
I have also already put a new OPNsense into operation by connecting the old router on the WAN side.
But in this case you must at least temporarily configure another range on the LAN side and then connect the computer there to configure it. And shortly before the normal operation and the exchange against the old ASUS exchange again against the current range.
makes sense. thanks for helping me out.