Right of the bat, I am new to OpnSense and a network enthousiast, but not a professional IT person. I have been relying on OpenWRT for the last 10 years or more but 2-3 years ago, I found that I was missing the feature to see statistics of what was happening on the network and control over identification of devices. Started looking around and checking whether going with the other one, or OpnSense and decided to go with the later.
I got myself a small N305 PC with 4 ports. Installed Proxmox, OpnSense and Omada and, never managed to replicate my current setup in OpnWRT on OpnSense. I have looked at what many videos, checked as many thread as I could found but did not found anything that was similar to what I was looking for an answer. Lets face it, most questions on OpnSense are very specific.
So here I am. What I want is I believe not that difficult, but I get a sense that maybe what I want to do, may need to be done completely differently.
What I am looking to do is the following:
OpnSense Router connected this way (all 2.5 GBE ports)
1 Port to Modem
1 Port to Managed Switch in the home office
1 Port to Managed switch of the house
1 Port to a POE switch, or in the future, to a POE injector for a 2.5 GBE Access Point serving the
The whole network is composed of 4 Vlans
1 For Management of network
1 For IOT devices
1 For The house
1 for the Guest
I have that exact setup working in OpenWRT, where I simply create the various VLAN against the bridge network. Then there is an interface to simply associate VLAN to port and put them T or U. I am trying to do the same, But I am a bit lost on how to Manage the various types of devices in OpnSense, and how to create new/associate them to come to what I want.
Thanks,
You find an interesting read here: https://forum.opnsense.org/index.php?topic=42985.0 for a start on OPNsense.
Since your OPNsense instance is virtual, you would create a bridge in Proxmox to include the ports to 'managed switch to the home office', 'managed switch to the house' and 'POE switch'. For WAN you either create another bridge or pass one interface directly to the VM. If you search youtube for 'opnsense on proxmox' you'll find plenty of how-to's.
It is recommended to have either only (U)ntagged traffic on an interface or only (T)agged traffic, not mixed. In your case create 4 VLAN (tagged), don't use VLAN ID 1.
If you create the interfaces/bridge(s) as mentioned above you end up with OPNsense and two interfaces for the VM, WAN (passed through or Proxmox bridge) and VLANs (Proxmox bridge).
You create the VLANs https://docs.opnsense.org/manual/other-interfaces.html#vlan and configure WAN.
Your first link seem to explain the emptiness. I can sometime be that guy who fiddles with things before looking at instructions, but in this case, I did follow videos and search the net for setting up OpnSense. At this moment, its working within the ProxMox server and my 2 main issues were to replicate the network configuration I have and get into Firewall rules.
From me reading through that link and the other links, here is what I think I was doing wrong.
1) I was assigning all devices pretty much all the times.
2) I checked LAGG once, but could not see any port so I just went by as I never used that. I see that LAGG might be part of the answer. I guess for my need, I could go with 1 LAGG to the house Switch and then put Office Switch, POE Switch to Main switch. They are all 1 GBE switch anyway, except main one that has SFP+ port for the future, maybe.
At this point, I guess what confuses me is how should I manage the port on which I have my servers running on Proxmox, whith Opensense's configuration?
(https://photos.google.com/album/AF1QipPgY37bf-K3mvlEvIry2vqZ5RqiMNsBdzrq43Bl)
As pointed on the Proxmox configuration, I did create a bridge on it
vmbr0 is VLAN aware as I have 4 different servers/address on it.
1) Proxmox, Management VLAN
2) Omada, Management VLAN
3) OpnSense, Management VLAN
4) Home Assistant, IOT VLAN
I guess at this point, the question is, should I keep this port out of the OpnSense configuration? Or, would it be a better approach to keep one port for management, and then get Home Assistant on the LAGG with the rest of the VLANs. Else, I am unclear how to manage port/vlan configuration of proxmox and those managed by OpnSense. Another way of looking at my struggle, if they were all physical standalone devices, I would manage, but that virtualisation kind of messes up what goes where.
Thanks,
As for OpnSense under Proxmox, see this, because it has its own pitfalls (https://forum.opnsense.org/index.php?topic=44159.0), too.
Thanks, duly noted. I checked in some of the tips and I wasn't far off. I had put 12 GB of RAM and 20GB of space and turned off firewall.
I have to say, I am not that totally new to all that. I have been playing and using Linux and FreeBSD for some time for various stuff (actually running Trunas).