OPNsense Forum

English Forums => General Discussion => Topic started by: pigbait on June 16, 2015, 02:53:09 am

Title: Need help with an odd network cofiguration :)
Post by: pigbait on June 16, 2015, 02:53:09 am
first of thanks to the developers for all your hard work on OPNsense.

My question is today is regarding setting up an unusual network configuration.

I'm quite new to all this and have read hours on hours of information but some terms are still a bit over my head, so anyhow let me get going on what I'm looking for.

I have a firebox x750e its setup and running OPNsense perfect, the firebox x750e is equipped with 8 lan ports.
currently i have 1 port assigned as wan and the remaining 7 ports are bridged the firebox is also running a VPN from private internet access. now I have 2 wireless routers I have one setup after my ISP modem and before the firebox... This give me a small wireless network without VPN protection. the second wireless router is setup in bridge mode and goes after the firebox... this gives me a wireless VPN network.

This setup works great for all my internet browsing but for some resonne I cant get local access from PC before the VPN or to PC's after the VPN..

Im not using all the ports on the firebox so maybe there is a diffrent way to set all this up?

I hope you guys have an understanding of what I'm trying to achieve..

Thanks Pigbait



Title: Re: Need help with an odd network cofiguration :)
Post by: pigbait on June 17, 2015, 05:42:21 pm
Anyone?

Sent from my SM-N910W8 using Tapatalk

Title: Re: Need help with an odd network cofiguration :)
Post by: franco on June 19, 2015, 06:07:13 pm
I am unsure about your setup without a little bit of diagrams and network address configurations (even if just mocked). What comes to mind is that:

(a) either routes are missing that would enable all subnets to route from and to each other.
(b) a firewall rule is missing to allow those subnets to communicate.

You can check for both cases in the firwall logs, filtering traffic that goes from one net to another while pinging and seeing if the box drops or passes them. If there is no traffic whatsoever, (a) is probably the case. If there is blocked traffic it is (b), if there is traffic flowing in but not coming back (e.g. ICMP ping) then the packages get lost on the return path. In this case a packet capture on the input and output interface may reveal where the packages are dropped. It may also point to (a).

(c) there is a bug in OPNsense that specifically prevents your setup from routing properly, we'll have to eliminate (a) and (b) first to get to this one. :)
Title: Re: Need help with an odd network cofiguration :)
Post by: pigbait on June 19, 2015, 07:35:51 pm
Thanks for the reply franco, I'll draw up a diagram this weekend with a better explanation.

Sent from my SM-N910W8 using Tapatalk

Title: Re: Need help with an odd network cofiguration :)
Post by: chol on June 21, 2015, 12:17:11 am
#1 First thing I would do is eliminate the WiFi router between your OPNsense and your modem. OPNsense can handle modems (and VPN), quite well too - and: OPNsense is by fare the more capable firewall than your WiFi plastic box!

=>Why you set your network up in this way? Is the WiFi router in one box with the modem or are they separate boxes? If there are no specific reasons for this setup of yours - eliminate it , please.

#2 O.K. now:
What to do with the WiFi router afterwards? -> Take 1 (bridged) LAN port unbridge it and make it take a separate Network IP address, match the already established IP network of your WiFi plastic box, this is sometimes called a DMZ.

=>This alone would eliminate some error cases, because we would deal with pfSense configurations alone. In anotherv words it would help us help you!

Sincerely chol.

P.S.:
May I ask why you chose such a 'speaking' alias name "pigbait"?
 
Title: Re: Need help with an odd network cofiguration :)
Post by: pigbait on June 22, 2015, 03:04:08 am
The reason for the WiFi router before the opnsense box is to have a wired/wireless non-vpn network, then have the opnsense box handle VPN afterwards. I'll try like you said to setup opnsense from the modem then go back from there.

Sent from my SM-N910W8 using Tapatalk

Title: Re: Need help with an odd network cofiguration :)
Post by: lucifercipher on July 06, 2015, 11:41:38 am
You network design seems simple. What you can do is spare 1 physical port, assign it as secondary LAN interface and start DHCP on it for your local direct wired internet access on PC. IF you require, you can also have another port assigned for a dedicated Access Point. Then you can bridge the remaining ports with the firebox for your private VPN internet access.