OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: mahescho on September 26, 2018, 04:11:07 pm

Title: more complex setup
Post by: mahescho on September 26, 2018, 04:11:07 pm

Hi,

i plan a a bit more complex setup. See attachment. I've tree VDSL connections. All with static public IPv4 and IPv6. On with an IPv4 subnet and a /48 v6 prefix. The other two get single v4 addresses and a /56 v6 prefix. Internally I plan to have VLANs only and depending on the VLAN different outgoing NAT setups an IPv6 nets. Communication between the VLANs has to work too.

Is this doable with OPNsense?

TIA
Matthias

Title: Re: more complex setup
Post by: fabian on September 26, 2018, 07:47:10 pm

I have never used it but OPNsense should be multi-wan capable.

Title: Re: more complex setup
Post by: opnsrcfw on September 27, 2018, 04:56:07 am

@mahescho   your network config should be achievable with OpnSense.

Title: Re: more complex setup
Post by: mahescho on September 27, 2018, 09:10:13 am

@opnsrcfw Thanks, I thought so, as I did some thing similar with FreeBSD using FIBS. My concern was if this could be done via the GUI.

Title: Re: more complex setup
Post by: franco on September 27, 2018, 12:54:38 pm

Caveat: Multi-WAN with multiple DHCPv6 WANs does not currently work, but if you're using all static you shall be fine. :)


Cheers,
Franco

Title: Re: more complex setup
Post by: mahescho on September 27, 2018, 09:52:46 pm

@franco: I only use static public IPs  :)

My major headaches at the moment are this: https://forum.opnsense.org/index.php?topic=9786.0 and that: https://forum.opnsense.org/index.php?topic=9804.0

Title: Re: more complex setup
Post by: franco on September 27, 2018, 10:07:15 pm

Let me answer here. :)

I hope 18.7.4 fixed the first one:

https://github.com/opnsense/changelog/blob/master/doc/18.7/18.7.4#L18

The second question's answer is: Firewall: Virtual IPs. Yes, it also works for IPv6 but the subnet mask may not switch immediately. Try saving anyway.

There *may* be a combination of issue 1 and 2 happening now for you for Virtual IPs on top of PPPoE so we need to go back and fix that as well. PPPoE is an ongoing adventure for us...

As far as binding goes for the services you mentioned... we don't support exclusive binding setups in the plugins so it's more of a primary interface address or all of the set addresses (including virtual IPs). Worst case you will have to install the FreeBSD packages and skip the plugins.


Cheers,
Franco

Title: Re: more complex setup
Post by: mahescho on September 28, 2018, 12:42:04 pm

Thanks.

Binding: Too bad, my hope was that "basics" are covered her. I''ve tried several commercial Linux based firewall and they all failed too when it came to binding and most important being able to create separate configurations for different IPs and ports. At least with OPNsense a complete manual setup of services is possible, as you mentioned.

IPv6 on PPPoE: The latest update fixed the problem. Thanks.

Now I will experiment with "virtual IPs" ...

BTW: My IPv6 issue on static connection persists! https://forum.opnsense.org/index.php?topic=9639.0 I've to use the "pfctl" workaround ...