Hi,
I just bought a Protectli V1610 setup with the latest version of OpnSense; 6 ports, Intel N6005 Quad Core CPU at 2.0 GHz (Turbo 3.3 GHz), 16 GB ram.
I also have 4 switches (2 for servers, 2 for clients)
Here's simplified layout of my target network:
Port 1 => Switch S1 (TRUNK VLAN 10, 20)
Port 2 => Switch S2 (TRUNK VLAN 10, 20)
Port 3 => Switch C1 (TRUNK VLAN 10, 30)
Port 4 => Switch C2 (TRUNK VLAN 10, 30)
Port 5 => PC(Untagged VLAN 10)
Port 6 => WAN
I've setup 3 bridges Like follow:
Bridge10 => VLAN0.1.10 - VLAN0.2.10 - VLAN0.3.10 - VLAN0.4.10 - Port 5 untagged (Used as IT Admin network, for Router, Switched, VoIP, etc.)
Bridge20 - VLAN0.1.20 - VLAN0.2.20 (Used for Servers)
Bridge30 - VLAN0.3.30 - VLAN0.4.30 (Used for Clients)
I did setup the Tunables as expected for bridges.
Everything works like you'd expect, besides Port 5...
From Port 5, I get an IP from the DHCP, I can ping everything in the Bridge10, but I can't reach Bridge20 nor Bridge30.
Yes, I did setup the firewall rules correctly.
To assert this, if I try to do the same from Switch S1, and set Port X as untagged vlan 10, I can ping everything everywhere.
Clearly, I could just plug directly into my switch instead of my router, but I am curious about what I am missing...
This is my home lab and my goal is to learn as much as possible.
Note: all the switches are in different physical locations. I guess I could buy a parent switch to avoid switching in my router, but it feels like such a waste to have 4 port at 2.5GB unused...
If you have any comments or feedback, please feel free to share.
Edit:
I just realized I posted this in the VPN instead of General... Sorry, I can't seem to move nor delete my post...
In this case, I will add one more question:
I plan on adding a Wireguard VPN to my setup, the VPN would ideally be onto it's own subnet, outside of my 3 VLANs.
Will I once more have issues with reaching the rest of my networks from my VPN, just like I am stuck on my Port 5?
Cheers!