In the topology shown in the picture, computers on vlan 10 and vlan 20 cannot access the internet. I can see the IP addresses of the computers in Live View, but they cannot access the internet. Do I need an additional rule or routing for this?
https://imgur.com/a/7neml0o
Yes, both. The default "Allow LAN to any rule" has "LAN net" as the source address - that's 192.168.1.0/30 in your case(?). You could change that to "any", or add additional rules for your subnets. You'll also need to add routes to those subnets on OPNsense, but your diagram suggests you've already done that?
IMO, a simpler setup is to only use the switch(es) for VLAN tagging/untagging.
The VLANs are handled by OPN. No static routes are needed... All inter VLAN traffic is controlled by what is allowed to enter at the VLAN gateway (at OPN).
Quote from: dseven on December 27, 2024, 08:47:03 PMYes, both. The default "Allow LAN to any rule" has "LAN net" as the source address - that's 192.168.1.0/30 in your case(?). You could change that to "any", or add additional rules for your subnets. You'll also need to add routes to those subnets on OPNsense, but your diagram suggests you've already done that?
192.168.1.0/30 exactly what kind of rule should I write for the network address can you give an example
The same as the default "Allow LAN to any rule", except instead of "LAN net" as the source, it'd be your subnet (172.16.10.0/24 or whatever it is). You could create an alias with a list of all your routed subnets and use that as the source for a single rule.