OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: Davesworld on May 05, 2018, 08:26:22 pm

Title: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: Davesworld on May 05, 2018, 08:26:22 pm
At current I am running OPNSense 18.7_1 with dual wans and the gateway group set up as balanced (yes streaming movies and other downloads DOES aggregate the speed to double in balanced mode) with two DSL modems each running in bridge mode.

First, you need to find out what the modem's fixed IP for maintenance is. I deliberately set my second modem's permanent LAN ip to a different subnet, eg my first modem uses 192.168.2.1 and my second I set at 192.168.1.1. Now keep track of which modem is on which wan and create a virtual IP for each wan in the same subnet as THAT wan port's modem, I used 192.168.2.2 on wan1 and 192.168.1.2 on wan2 as virtual IP addresses. I set two firewall rules in Floating Rules that allow lan net (I don't want wlan to access the modem) to go to 192.168.2.1/32 and a second rule to 192.168.1.1/32. The subnet only allows access through the wans to that IP only irrespective of the actual wan ip to access the internet.

Then I set my NAT outbound to hybrid and added two rules, one for each wan that sets the destination address to single host using the network rather than a specific ip eg 192.168.2.0/30 and 192.168.1.0/30 for the second rule. In the Translation Target you will see the virtual WAN IP you created for that WAN in the dropdown menu for that wan. Select it, save them and you're done!

I should note that with a single wan, I was able to access the modem with only a virtual IP and through the proxy. The proxy is useless in a multiwan balanced gateway group and I really have no need otherwise.
Title: Re: Bridged Modem Access with Balanced Multi-Wan
Post by: Davesworld on May 05, 2018, 08:27:44 pm
Screenshot
Title: Re: Bridged Modem Access with Balanced Multi-Wan.
Post by: Davesworld on May 05, 2018, 08:29:16 pm
Screenshot
Title: Re: Bridged Modem Access with Balanced Multi-Wan.
Post by: Davesworld on May 05, 2018, 08:39:17 pm
Now in the why not department, a few shots of the modems main pages.
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: frauhottelmann on January 06, 2021, 08:33:49 pm
Thank you. I have been trying to do this all day :D
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: NewGuyLOLs on May 04, 2022, 06:03:12 am
I'd like to chime in, as this should be in the official documentation in getting modem access - it took several hours of trying other guides and resetting configs until I found this guide. One qualm now is just that the Virtual IP configuration has been moved from Firewall -> Interfaces.

The original poster's tutorial still works for 22.1(.6) on an apu2e4 connected to a fiber modem/ONU. However, your subnet for the Virtual IP may need to be changed to /24, as it did for me.

Thank you, OP.
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: flash99 on February 24, 2023, 03:18:48 am
I was trying to follow this tutorial, but the problem is that I don't see the virtual IP I defined as a drop down option under "Translation / target"  when I try to define Firewall: NAT: Outbound
Any idea what I did wrong ?
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: cookiemonster on February 24, 2023, 11:07:43 am
yep, you seem to have missed the most important part. You need to create it first.
...
At current I am running OPNSense 18.7_1 with dual wans and the gateway group set up as balanced (yes streaming movies and other downloads DOES aggregate the speed to double in balanced mode) with two DSL modems each running in bridge mode.

First, you need to find out what the modem's fixed IP for maintenance is. I deliberately set my second modem's permanent LAN ip to a different subnet, eg my first modem uses 192.168.2.1 and my second I set at 192.168.1.1. Now keep track of which modem is on which wan and create a virtual IP for each wan in the same subnet as THAT wan port's modem, I used 192.168.2.2 on wan1 and 192.168.1.2 on wan2 as virtual IP addresses. I set two firewall rules in Floating Rules that allow lan net (I don't want wlan to access the modem) to go to 192.168.2.1/32 and a second rule to 192.168.1.1/32. The subnet only allows access through the wans to that IP only irrespective of the actual wan ip to access the internet.

Then I set my NAT outbound to hybrid and added two rules, one for each wan that sets the destination address to single host using the network rather than a specific ip eg 192.168.2.0/30 and 192.168.1.0/30 for the second rule. In the Translation Target you will see the virtual WAN IP you created for that WAN in the dropdown menu for that wan. Select it, save them and you're done!

I should note that with a single wan, I was able to access the modem with only a virtual IP and through the proxy. The proxy is useless in a multiwan balanced gateway group and I really have no need otherwise.
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: flash99 on February 24, 2023, 12:45:22 pm
I’m not a huge Opnsense expert, but I still know how to follow instructions.

Of course I created it and I made sure it’s there
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: cookiemonster on February 24, 2023, 12:54:37 pm
Ok then.
I have a virtual IP for something else. It does show for me in the drop down. Sorry, no idea what could be wrong for you then. Did you check is a /32 ip? Mine is as that is what I need.
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: flash99 on February 24, 2023, 01:34:08 pm
Here are the Virtual IP settings and the Translation / target dropdown
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: cookiemonster on February 24, 2023, 02:23:55 pm
Do you really need it to be /30 ? If not, change it to /32 and see if that does it for you.
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: flash99 on February 24, 2023, 02:38:14 pm
Yes I don't really need /30
I originally made it /32 , but then when I saw its not showing up I tried to change it to /30 just to make it the same as in the original post to see maybe it will help
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: flash99 on February 24, 2023, 02:52:16 pm
I think its related to this https://forum.opnsense.org/index.php?topic=32587.0
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: cookiemonster on February 24, 2023, 03:01:23 pm
It seems indeed, good spot! I'm glad I'm still on 22.7
Title: Re: [Tutorial] Bridged Modem Access with Balanced Multi-Wan.
Post by: flash99 on March 08, 2023, 11:35:38 pm
I was trying to follow this tutorial, but the problem is that I don't see the virtual IP I defined as a drop down option under "Translation / target"  when I try to define Firewall: NAT: Outbound
Any idea what I did wrong ?

After upgrade to 23.1.2 I can see the Virtual IP I defined earlier. However still can't access my modem.