Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: Fauconjeff on April 17, 2025, 03:07:05 AM

Title: DHCP for Public IP subnet
Post by: Fauconjeff on April 17, 2025, 03:07:05 AM
I currently have a working HA pair of OpnSense 25.1 with two WAN connection. I successfully set a GW failover group using both WAN with virtual IP (CARP).

On WAN-1, my ISP is giving me 5 differents public subnet. Here is an example of their ASR920 router config for me:

ip address 210.1.1.1 255.255.255.248  (my current internet WAN-1 gateway, with failover on another ASR920 (WAN-2))
ip address 210.2.2.1 255.255.255.240 secondary
ip address 210.3.3.1 255.255.255.240 secondary

ip route 210.4.4.0 255.255.255.240 210.1.1.1
ip route 210.5.5.0 255.255.255.240 210.1.1.1

I successfully set all 210.4.4.0 and 210.5.5.0 subnet using Virtual IP Alias on the same VHID group as my primary 210.1.1.1 gateway. I can then use all theses IP to do port forward to any server.

Let's forget the HA setup for now:

I'm now trying to use both secondary subnet (210.2.2.0 and 210.3.3.0) and have theses range available with DHCP for lab device. I want devices to receive public ip from OpnSense without NAT.

I added two new nic card and set the opnsense to 210.2.2.2 and 210.3.3.2 to have the dhcp server available for both subnet. I also added two gateway on the Wan-1 interface (210.2.2.1 and 210.3.3.1). Dhcp server is running on these two new nic card with correct range with both .1 as the dhcp gateway instead of .2 and 8.8.8.8 as the DNS.

I added a firewall rules on each new nic with correct gateway. (Pass, in, interface wan1_210.2, source wan1_210.2 net, gateway GW_wan1_210.2)

A device now receive 210.2.2.3 or 210.3.3.3 with .1 as the gateway and 8.8.8.8 as the DNS but i can't reach internet.

This was really complicated to explain, i hope you will understand :)
Title: Re: DHCP for Public IP subnet
Post by: viragomann on April 17, 2025, 01:48:40 PM
Quote from: Fauconjeff on April 17, 2025, 03:07:05 AMI added two new nic card and set the opnsense to 210.2.2.2 and 210.3.3.2 to have the dhcp server available for both subnet. I also added two gateway on the Wan-1 interface (210.2.2.1 and 210.3.3.1).
You cannot add these as gateway to tha WAN, since thy belong to a subnet, which is assigned to a different interface.

Also there is no need to assign gateways for this to WAN.
Text only | Text with Images