Hello,
I'm so excited to finally have installed OPNsense on my box I bought 2 years ago (I first was trying to install through consol, never managed to, so I ended up buying a screen + keyboard just for it)
Install went fine, I couldn't use ZFS for I have only 1 drive, I've set all 4 RJ45 (iscg0 = Wan; icg1 = LAN1; icg2 =LAN2; icg3=LAN3)
each LAN will have their VLANs to isolate and manage groups of devices
Some VLANs will communicate with each others, some won't
LAN1 192.168.111.101 goes to a switch
LAN2 192.168.111.102 goes to my current Cisco Router/WiFi
LAN3 192.168.111.103 goes to the other switch
I've plugged my box between the modem and the network, no access to Internet, no access to OPNsense web GUI
I've plugged my box directly to my laptop1 (Linux) no access
I've plugged my box behind the router, no access (Router IP changed to 192.168.111.100/24 to match OPNsense)
I've plugged my box (WAN+LAN1) to the switch behind the router, no access to GUI
I've plugged my box (All four icg ) to the switch behind the router, I can ping LAN2 IP address but still can't access GUI
I'm sure I'm missing something simple/obvious, but just can't find what ?
Thank you
PS: A new section: "Newbe" or "Get started" might be a good option on this forum ?
Yes, you are missing that you cannot have different LANs with the same subnet - 192.168.111.0/24 in this case.
A bit more background would probably help.
- When you have a device with a firewall/router operating system like OPN installed, the default will treat each interface i.e. igc2, igc3 (th ephysical ones), after setup, as indipendent networks.
-- To "join them" behaving as a switch, you need to create a bridge. There are instructions but is not the default.
-- These are not VLANs, they are LANs.
- You don't need more than one drive to use ZFS. You can reinstall and use ZFS on the single disk. You benefit from a better filesystem compared to UFS.
- To use VLANs, they go under a single interface i.e. icg2 and your switch will need to be a managed one and set the connecting port from it to OPN as a trunk port with all traffic tagged.
Quote from: meyergru on September 16, 2024, 01:02:12 PM
Yes, you are missing that you cannot have different LANs with the same subnet - 192.168.111.0/24 in this case.
TY
If I understand correctly, I should have
LAN1 192.168.111.101
LAN2 192.168.112.101
LAN3 192.168.113.101
Rather than the current
LAN1 192.168.111.101
LAN2 192.168.111.102
LAN3 192.168.111.103
Yes ?
But that doesn't explain why I can't reach 192.168.111.101 while Laptop1 is plugged directly to the OPNs box ?
Quote from: MarieSophieSG on September 16, 2024, 02:01:03 PM
If I understand correctly, I should have
LAN1 192.168.111.101
LAN2 192.168.112.101
LAN3 192.168.113.101
Yes.
Quote from: MarieSophieSG on September 16, 2024, 02:01:03 PM
Rather than the current
LAN1 192.168.111.101
LAN2 192.168.111.102
LAN3 192.168.111.103
Yes ?
But that doesn't explain why I can't reach 192.168.111.101 while Laptop1 is plugged directly to the OPNs box ?
Your three ports are not in any way connected internally. So even if you connect the PC to LAN1, OPNsense's routing table might decide that that network (192.168.111.0/24) is really only connected to LAN2 and send the reply packets there.
This is the reason why you must use different IP networks for different physical networks.
Quote from: cookiemonster on September 16, 2024, 01:56:46 PM
A bit more background would probably help.
Sure thing ! what do you need me to post ?
Quote from: cookiemonster on September 16, 2024, 01:56:46 PM
- When you have a device with a firewall/router operating system like OPN installed, the default will treat each interface i.e. igc2, igc3 (th ephysical ones), after setup, as indipendent networks.
-- To "join them" behaving as a switch, you need to create a bridge. There are instructions but is not the default.
-- These are not VLANs, they are LANs.
TY, but I'm not there yet, that will be for later once I manage to reach the GUI ;)
Quote from: cookiemonster on September 16, 2024, 01:56:46 PM
- You don't need more than one drive to use ZFS. You can reinstall and use ZFS on the single disk. You benefit from a better filesystem compared to UFS.
TY, but when I selected ZFS option, it came up with 4 choices, and neither worked, it says there is no second drive for ZFS (not to mention RAID)
Quote from: cookiemonster on September 16, 2024, 01:56:46 PM
- To use VLANs, they go under a single interface i.e. icg2 and your switch will need to be a managed one and set the connecting port from it to OPN as a trunk port with all traffic tagged.
Oh ! hum ...
So my desired set up:
LAN1 = 192.168.111.101 (Unmanned switch1)
VLAN11 = 192.168.111.102-192.168.111.109
VLAN12= 192.168.111.110-192.168.111.113
VLAN13= 192.168.111.114-192.168.111.120
will not work ? Good to know
But first I still have to find a way to at least reach the GUI
Quote from: Patrick M. Hausen on September 16, 2024, 02:10:28 PM
Quote from: MarieSophieSG on September 16, 2024, 02:01:03 PM
If I understand correctly, I should have
LAN1 192.168.111.101
LAN2 192.168.112.101
LAN3 192.168.113.101
Yes.
Quote from: MarieSophieSG on September 16, 2024, 02:01:03 PM
Rather than the current
LAN1 192.168.111.101
LAN2 192.168.111.102
LAN3 192.168.111.103
Yes ?
But that doesn't explain why I can't reach 192.168.111.101 while Laptop1 is plugged directly to the OPNs box ?
Your three ports are not in any way connected internally. So even if you connect the PC to LAN1, OPNsense's routing table might decide that that network (192.168.111.0/24) is really only connected to LAN2 and send the reply packets there.
This is the reason why you must use different IP networks for different physical networks.
Right, I see ... thank you !
So unplugging everything and back to the test table to access the box (keyboard+screen) and reinstall from scratch ...
> Sure thing ! what do you need me to post ?
I meant a bit of background for you ;)
>TY, but when I selected ZFS option, it came up with 4 choices, and neither worked, it says there is no second drive for ZFS (not to mention RAID)
I haven't installed from scratch in a while but one of those should be "stripe". That is the option for a single drive.
Quote from: cookiemonster on September 16, 2024, 03:22:56 PM
> Sure thing ! what do you need me to post ?
I meant a bit of background for you ;)
Oh ! haha, I wasn't there. All good then :)
Quote from: cookiemonster on September 16, 2024, 03:22:56 PM
>TY, but when I selected ZFS option, it came up with 4 choices, and neither worked, it says there is no second drive for ZFS (not to mention RAID)
I haven't installed from scratch in a while but one of those should be "stripe". That is the option for a single drive.
Yes, that is the first option I tried, and got the error msg "second drive not selected/mising" (or something like that)
As I have to re-do the complete install anyway, I will try again, but no hope
Thks
QuoteYes, that is the first option I tried, and got the error msg "second drive not selected/mising" (or something like that)
As I have to re-do the complete install anyway, I will try again, but no hope
Thks
As lady luck would have it, here is a minutes-old picture.
https://forum.opnsense.org/index.php?topic=42791.0;topicseen see post #7 of that thread.
ZFS setup step, select that single drive and follow next steps.
Quote from: cookiemonster on September 16, 2024, 06:33:43 PM
QuoteYes, that is the first option I tried, and got the error msg "second drive not selected/mising" (or something like that)
As I have to re-do the complete install anyway, I will try again, but no hope
Thks
As lady luck would have it, here is a minutes-old picture.
https://forum.opnsense.org/index.php?topic=42791.0;topicseen see post #7 of that thread.
ZFS setup step, select that single drive and follow next steps.
TY, but no need, I found the bug ...
It's right here between the keyboard and the seat !
As I said, I did the complete reinstall and spent more time on the ZFS
The error message was *not* about a second disk, but about a *first* disk !
The menu suggest the disk, but you have to select it to go ahead and format it ... which I didn't not in the first try, hence the error msg
And indeed, when I select it, it works like a charm ...
Quote from: Patrick M. Hausen on September 16, 2024, 02:10:28 PM
Quote from: MarieSophieSG on September 16, 2024, 02:01:03 PM
If I understand correctly, I should have
LAN1 192.168.111.101
LAN2 192.168.112.101
LAN3 192.168.113.101
Your three ports are not in any way connected internally. So even if you connect the PC to LAN1, OPNsense's routing table might decide that that network (192.168.111.0/24) is really only connected to LAN2 and send the reply packets there.
This is the reason why you must use different IP networks for different physical networks.
I've reinstalled the OS and set the 4 icg as suggested
icg0 WAN DHCP
icg1 LAN1 192.168.111.101
icg2 LAN2 192.168.112.101
icg3 LAN3 192.168.113.101
Connecting my laptop to icg1, typing in the IP in both browsers, neither reach
Ping doesn't reach
I'm frustrated .. I've reconnected my old router to be able to write here
Any idea ?
I even tried to connect to each icg, in case the icg1 is not where I think it is (physically) but to no avail :/
Only the first/default LAN will have rules that will allow you to access the FW and go online, the others will need rules to achieve that. In your case it could be LAN1
Also. For simplicity the interface designated as LAN during setup, say LAN1 will have a DHCP service enabled (I think it is an option given at setup) so when you plug your laptop, it gets an ip and they can talk.
If for any reason that wasn't enabled, check the ip aff of your laptop. If is not in the range ie. 192.168.111.0/24 then change it manually on the laptop so they're both in the same network that way and can talk.
Quote from: newsense on September 17, 2024, 03:00:03 AM
Only the first/default LAN will have rules that will allow you to access the FW and go online, the others will need rules to achieve that. In your case it could be LAN1
Yes, I got that, that's why I'm only trying with the LAN (which I call LAN1, while LAN2 is actually OPT1, and LAN3 is actually OPT2)
What I said in my previous is about the physicall ETH, as there is no label on it, so out of the doubt I tryied with plugging my RJ45 to each, but I'm pretty sure it's the second from left
Anyway, LAN is icg1, which I gave 192.168.111.101 at install (installer/opnsense) option 2: Attribute IP
, after which I got the confirmation messge: "Your GUI can now be accessed via IP 192.168.111.101"
Quote from: cookiemonster on September 17, 2024, 10:30:44 AM
Also. For simplicity the interface designated as LAN during setup, say LAN1 will have a DHCP service enabled (I think it is an option given at setup) so when you plug your laptop, it gets an ip and they can talk.
If for any reason that wasn't enabled, check the ip aff of your laptop. If is not in the range ie. 192.168.111.0/24 then change it manually on the laptop so they're both in the same network that way and can talk.
Yes, I've been thinking about it since bedtime yesterday, and now connected from work as I can't wait ...
I don't get any IP even though I enabled the DHCP option on LAN (on all three actually but it doesn't matter here)
So DHCP enabled on LAN 192.168.111.101 with first address 192.168.111.102 and last 192.168.111.133 so I should get an IP ... but I remember my network spinning and not getting any
So that explain why I can't reach the GUI
But that doesn't solve my problem, I still can't communicate with my box :(
As I -obviously- didn't configure anything on the box, except for:
WAN = icg0 = DHCP in, no DHCP out;
LAN = icg1 = LAN1 = 192.168.111.101 DHCP enabled 192.168.111.102-133
OPT1 = icg2 = LAN2 = 192.168.112.101, DHCP enabled 192.168.112.102-133
OPT2 = icg3 = LAN3 = 192.168.113.101, DHCP enabled 192.168.113.102-133
Anything else was skipped (y/N)
Back to the test table, keyboard and screen
Would it change anything if I start with the live environment, tweak a few things (suggestions ?) and only then do the install ?
Or does the install take only the image and not the (modified) live environment ?
Just install, boot, connect a PC to the single LAN port and check if you get an address and if you can login to https://192.168.1.1.
If successful you can add the other two interfaces from the UI, add DHCP and firewall rules, check if you can login to the firewall on one of them, and then change the IP address and the DHCP of the original LAN.
Sounds like a plan?
A newly installed OPNsense with default configuration "just works". If it doesn't, there's a more fundamental problem, so start with that "known good" configuration.
Quote from: Patrick M. Hausen on September 17, 2024, 10:45:22 PM
Just install, boot, connect a PC to the single LAN port and check if you get an address and if you can login to https://192.168.1.1.
If successful you can add the other two interfaces from the UI, add DHCP and firewall rules, check if you can login to the firewall on one of them, and then change the IP address and the DHCP of the original LAN.
Sounds like a plan?
A newly installed OPNsense with default configuration "just works". If it doesn't, there's a more fundamental problem, so start with that "known good" configuration.
Yes sir, I'm on it !
There is an option during install about DHCP:
- For WAN, enter the new LAN IPv4 upstream gateway address
- For LAN, press <ENTER> for none:
As I'm on LAN (icg1) I simply type enter, right ?
Don't go through any of these dialogs. Just install and let it boot. It will work.
Tadaaaahhh !
It works !
I'm accessing the box via 192.168.111.101 (yes, I know, I wasn't supposed to)
I'm now doing the full update
The only difference is ... I'm accessing through Win10 laptop, not the Linux one
As the access is through browser, it shouldn't make a difference, but ...
Oh! and I found that ETH0 is on the far right (I thought it was on the left)
Oh ! and as suggested, I didn't configure the LAN2/LAN3
So yeah, that's that, I'm in now .... time to messup with the option (and probably reinstall a few times before getting back to serious)
Thank you all for your patience (my autism doesn't make it easy) and advice, you took my frustration away and made me happy !
MSSG
Is it normal that the system is in
- "The upgrade has finished and your device is being rebooted at the moment, please wait..."
for like 30+ minutes ?
EDIT: 1 hour ...
Depends on the power of the processor. An old one, say from 10 years ago, maybe. Anything from the last 5 years minutes. These are very broad statements, the real answer is based on more scientific numbers.
But in short it should only take a few mins. 30 mins sounds either a dinosaur of a cpu or it has booted and you just aren't connected network-wise correctly to it yet. i.e. you are on network A and the machine only listening on B.
simplest way to verify: connect physical monitor and keyboard.
Quote from: cookiemonster on September 18, 2024, 10:40:26 AM
Depends on the power of the processor. An old one, say from 10 years ago, maybe. Anything from the last 5 years minutes. These are very broad statements, the real answer is based on more scientific numbers.
But in short it should only take a few mins. 30 mins sounds either a dinosaur of a cpu or it has booted and you just aren't connected network-wise correctly to it yet. i.e. you are on network A and the machine only listening on B.
It' a 5105 JakerLake
But I found the problem ... The password for BIOS, if both root and user password are set, is also a boot password, so the machine did reboot but has been stuck at password prompt all night ::)
I've removed the user password in BIOS and now it boots just fine unattended ...
Quote from: cookiemonster on September 18, 2024, 10:41:14 AM
simplest way to verify: connect physical monitor and keyboard.
Yes, exactly what I did when I woke up :)
Suggestion for those who need it:
The OPNsense guide (https://docs.opnsense.org/manual/gui.html) is reach and very thorough,
But if you need a visual:
Complete beginner guide to setup OPNsense (https://www.youtube.com/watch?v=CXp0CgilMRA)
PS: This is my first post while behind OPNsense :)
how do I delete a post I did by mistake (I clicked quote instead of modify) ?
And how do I set this post as "Solved" ? is there a button somewhere or do I have to manually edit the title ?