OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: mossi2000 on February 06, 2018, 12:16:00 am
-
Hi,
I just want to share my experience with OPNsense as my future FW/router when my internet connection will be FTTH (200MBits/s down, 80MBit/s?? up).
Coming from a 1.5 MBit/s DSL line this will be cool..
I planned to use VLANs and LAGG link for the connection to the network, (Meanwhile all switches are smart/manageable) and use the Ubiquity AP's capability to have multiple SSIDs using different VLANs (Guest, Family 2.4G, Power 5G, Geo-VPN).Captive Portal for Guests.
After the initial problems with the setup on the APU2C4 I started configuring...and everytime I activated some VLAN related setting in OPNsense or on a switch I ended up locked out....
The switches are easy, just reboot, since the changes were only applied but not SAVED to the configuration, a reboot helps.
With OPNsense applying a setting, directly adds it to the config.... and the last / lockout setting wold come back after reboot.
I then understood, that switching the network to VLAN cannot be done partially...it's all or nothing.
8-port POE-Switch --- 24 port Main switch and 8-port switch in the office, 5 port switch near the TV..
I will have to thoroughly plan it...
Ok, to be ready, I decided to first start with a simple solution.
LAN , WAN and WLAN_AP networks to the APU2C4 interfaces.
OPNSense 17.7.12 on APU2C4 with Serial Console via Ethernet.
LAN, WAN is set up, AVM Fritzbox (former router and phone/VOIP master) moved to network between DSL-router OPNsense. Avoids VOIP port forwarding.... but I want it back into LAN with VOIP data passing the FW.
When the fast internet pipe is up, I will exchange the DSL-router with the Fiber-Router, adjust IP adresses and it should work again. (Fiber should already be working, but someone has left a cable with fibers unconnected in an underground cable distribution box somewhere in the village. Shall be fixed this week. I'm the first one in the village to have FTTH in the house. )
Currently the Firewall rules allow all traffic.
I have configured DHCP on OPNsense and some static entries, forward the DNS to a pi-hole (which is the default DNS for the clients) and use the OpenDNS servers.
I can see that the DNS requests are being filtered, but I can't see the host names being resolved on the pi-hole.
I was looking at the traffic graphs. Nice. Insight nice.
But I'm still asking how I could get some nice statistical graphs for a day....for top clients.
What I stumbled upon:
Currently my DSL line goes up to 1.9 MBit/s.
My PC was doing a GB+ Win10 update yesterday and today the line was saturated for more than an hour.
And the graphs for 24 hours just show a max. peak of 230 KBits/s and total in/out bytes of 160 MB...
After the last update of Firefox I'm unable to login to the OPNsense Dashboard.
Before I always had to add an exception for self-signed certificate.
Now FF 58.01 tries to perform a TLS handshake and waits...and waits....
Switched over to Chrome: No prob. Tells me https.// NOT SECURE, but works.
Ok, started to read about Let's encrypt. Hard stuff.
Did not find a good how-to for getting a certificate for a local web page.
What I found was some guy saying to get the certificate for a sub-domain of a real domain.
Using a real domain would simplify everything.
Enough for today, to be continued.
Axel
-
Thanks for sharing your experiences with OPNsense!
Don't give up, this firewall works, you just have to learn its secrets publicly available on the forum and website :)
18.1.1 still has a few stuff that needs a little more coding as no software is ever perfect in this world and time, there were many core things upgraded, but they are all being handled by the devs.
You are not alone, the team is very responsive and friendly, the community likewise.
So, welcome to OPNsense!
-
Hi,
Me too switched from 2-3 mbps DSL to 300d/100u FTTN from BELL. I had so many issues with initial setup. Also, with TLS handshake to some sites (Yahoo mail, BT update server, ...). And, couldn't get more than 60d/60u. At some point I wasn't sure if the old DSL was a better option :'( .
After a lot of research I found out that all these issues were caused by BELL router homehell3000. Once replaced, I now have 260d/110u. 260mbps could be limited by the USFF i3 computer I was testing with. VLANs works as expected. dslreports site has many helpful posts. I chose the tplink route.
I have two sites, one uses APU2C2 with built-in Wifi and the other uses APU2C4 with external AP. Both using 17.7.12_1-amd64. Converting the rest to OPNsense.
My two cents ...