OPNsense Forum
English Forums => General Discussion => Topic started by: rt050 on January 27, 2021, 05:11:54 pm
-
Hi all,
I have a requirement to change subnet mask to cater for expanding our public IPs. Problem is that I'll need to do this entirely remotely.
Gateway isn't going to change as I can expand backwards so just the subnet mask and I guess it'd be good to move the WAN IP to the start of the usable range.
Before pushing ahead and doing this, is there anything I should expect to happen or go wrong? As I mentioned, I need to do this remotely so once I hit save on that WAN interface change and apply the settings, will I need to restart the interface or reboot or anything or should I be able to keep connectivity?
Thanks
-
depending on the criticality of that remote site, either have someone available as remote hands and/or install some sort of emergency access. could be as simple as an old unused laptop/pc which uses an internet connection that does not depend on the opnsense install (cellular). just install some remote control software on there. setting something like that up is, in my opinion, time well spent. you'll have peace of mind that you can still access the box and intervene if anything goes wrong.
that said, it depens a little bit on your setup whether or not something may or will go wrong. i guess if it's a simple setup with automatic NAT you should be able to just change the IP and netmask on-the-fly. if it's more complex, you may have to adjust other things, too. chances are you're going to miss something. so again, have a backup/emergency plan. everything else is madness
i would probably choose to change the settings and then reboot rather than apply. but that's just a personal "tick", i like making sure systems come up in an expected/desired state
-
Well, it all went well until...
Changed WAN prefix - good
Changed WAN IP - good
I changed the final setting which was the prefix on a virtual IP and now everything is offline.
I'll have to wait until the morning, maybe a reboot will solve it.
-
Reboot solved the problem. Should have done that in the first place!