Messages

Hello nikbru,
I'll try to help you, but I need some clarification. Is your question about configuring a ISP router in bridge mode so is it used as a simple modem?
Is your question about how to open ports on opnsense so those services are available outside your network?

Pues mi intención era esa, tener ambas funcionando e ir cambiando para probar. Como el router 4G me lo han prestado, pensé que era la mejor opción hasta tener el mío propio.
Pero no he sido capaz. Al final he tenido que crear una nueva máquina virtual con opnsense y desde cero, configurar esta nueva WAN. Así la ha cogido, y he estado migrando la configuración básica manualmente, a base de comparar exportaciones de configuración, traspasando cambios y reimportando.
A parte de lo que viene por defecto, he traspasado las redes virtuales, reglas de fw de estas, y he dejado de lado IPS y TSLDNS. Pero no he podido tener ambas coexistiendo.

Muchas gracias.

Originalmente estuve usando unbound con la solución para tsl así que tenía 127.0.0.1 pero también probé usar las de Google sin resultado.

Enviado desde mi MI 5s Plus mediante Tapatalk

Hola. He abierto un hilo sobre este mismo tema en el foro inglés, pero como parece más muerto que los dinosaurios, pido ayuda en Español.

Alguien me puede ayudar a configurar una wan en paralelo, para una nueva línea 4G donde ya existe una ADSL?
Advierto que aunque sea 4G, va con el router de la compañía, que ya he comprobado que no se puede poner en modo bridge. Simplemente le he anulado el firewall, wifi y he definido una DMZ a la ip (fija) del opnsense en el nuevo interfaz. Pero no consigo que me resuelva nombres, a pesar de que aparentemente dice que está "online"

Agradeceré toda ayuda que podáis prestarme.

The wan connection for my homelab is a plain DSL connection. Now I've accepted the offer of another operator that proposes a LTE internet connection. For that purpose they gave me the LTE router they offer for testing purposes.

As for now, I have a DSL router, in bridge, connected to the main switch and reaches the opnsense machine in my vmware server through a dedicated VLAN.
So I thought, Just bring up another VLAN and port in the switch for the new LTE router. As the router does not accept bridging, deactivate wifi, fw, dhcp, set static ip to 10.0.0.1 and set a DMZ to 10.0.0.2.

In the vmw server I gave another adapter to the opnsense machine tagged for this VLAN, and in opns, I created a new interface to it (call it WAN4G) with static ip 10.0.0.2 and a gateway with ipv4 for 10.0.0.1. I also activated monitoring, that in fact says me that the connection is alive.
But I could not make my router to get internet from this new GW.

Then I went to the failover/balancing documentation and done anything it said about gw groups and fw. So I disconnected my dsl cable and it seemed to switch to the LTE but there was no internet.
PPPOE gw dissapeared anywhere so I can't restablish connection without pulling cables.

If I leave both connected, I can see traffic on the graph for LTE interface but I dont have inet from it (only pppoe) as it "jumps" to lte I loose connectivity. I have to pull the cable of the new router.
Also some strange things occur, like I can't get into the mgmnt web if I'm not in a trunk port. In fact it seems that routing is not working as I can't get into any machine by its dns name or get into the ones that are on different VLAN (I have rules to allow some traffic)
And I can't even ping the own VLAN gateway address.

Can someone tell me how to do this? (to create a new wan connection)

Edit: Solved. Thx for nothing.

I'm trying to setup openvpn, but the fact is that I can't get it to work. I followed the guide but I found it so different, outdated I suppose, and the interface asks me for so many parameters that I don't know what to fill with. My problems are at the second half of parameters, server and client. The ones that doesn't have directions icon nor inline value suggestion.

I'm on 18.7 and I'm trying to setup a simple one client remote connection to my network for when I'll be out.
Thank you for any help you can give me!

I'm still trying to completely understand how the firewall configuration interface works. I thought that I had it already but happened something that I didn't expect. So if you're kind, I would like to ask two questions to better understand the base of it.

My network is composed of the three typical vlans plus wan interface. I'm using getty+stubby for tsl dns and content filtering through unbound. I've attached images of my defined basic rules for the trusted lan and the untrusted iot interfaces.

So my first question would be: Being at the TLAN interface, for example, the rules defined here are OUTPUT, or INPUT firewall rules (for the interface)? (And where they go?) I'm asking this because lately I've found myself writing more of output rules than input ones, that is the inverse I've done before.

The second question is: Taking into account the services I use, and looking at the image of the iot rules, the 3th rule should not be equal to the 4th+5th rules? If so, why I loose internet in the interface when I swap ones for the other? (like the image works)

Again, thanks.

Thanks for your help. I could not repair this system by myself so I decided to put online the opns VM I was working on.

The baremetal was using a fresh laptop platter as the system drive. I don't know what happened, but this system saw its last configuration change two weeks ago, and been left in its own since then.
I'm concerned about this low life expectancy.

@bringha I used what I had in hand that still had internet after all the network went down.

Enviado desde mi MI 5s Plus mediante Tapatalk

This configuration screen I was referring as lacking "safestack" option. I first made the package with all options included, and all seemed to work right.
Then I thought that you where referring to those two last options so I remade and reinstalled the package without them. But if I do it, I don't get QNAME minimisation.
So I rebuilt with those on again but I can't get minimisation back. Can you please give me a hand on that? By telling exactly what has to be disabled/modified and what not?
Thanks.

Edit: A managed to get minimisation back by rebuilding the configuration file, but still don't get what has to be disabled and where.

Today I left for a couple of hours and when a came back there was no network. I connected a screen to the router and it was showing something like the attached image. It was slightly different as the only thing shown was detecting the hard disk, then the memory cards reader, and nothing more.
I rebooted and changed the data cable port and the image is what I get now.

Is this normal?
Is also normal not counting at least with the ip leases for accessing the switch?

Enviado desde mi MI 5s Plus mediante Tapatalk

That was just what I was thinking on. Thank you very much Bart.

Enviado desde mi MI 5s Plus mediante Tapatalk

Thanks again Bart.
Unfortunately making any change in vlans rendered my network useless. Due to the configuration of the l3 switch. So I finally made something like your last approach, but instead of removing the vlans, I edited the configuration XML and created a custom one for the transition deactivating the secondary interfaces and changing nic assignments for the main ones. Now I have an accessable GUI and I have to adapt the rest of the interfaces. [emoji106]

Would also be possible to set up the physical one as an ha backup?

Enviado desde mi MI 5s Plus mediante Tapatalk

Thanks Bart for your help. You say remove vlans previously in the bare metal as means of leaving only the basic wan/lan interfaces and thus converting it into tagged groups in esxi, right?

But during the implementation I leave the bare metal online?
And I create first only two vnics?

Enviado desde mi MI 5s Plus mediante Tapatalk

I've been using opnsense in a dedicated box with two nics and multiple interface for vlans.
Now I'm trying to migrate to my esxi box. I created the VM with two nics for the moment, in the wan tagged group and in the management one. I installed it, updated, and after restoring the backup from the phys, it messes the esxi network. Not only the internal but even the machine ipmi. The rest of the network is ok.

So the question is, when doing such migration, how do you raise the opns VM services for the first time? and do you configure it the same as the physical one (ops, DHCP...)?
If I want to leave the physical as service backup, would leave it as an exact copy? Wouldn't then collide?
Thanks for your help.

Thank for your reply. By now your providers are working way better than anything in my country.

Seems that my installation was using a fixed opns repo and that messed my first compilation attempt.

About that last comment... Is something that I didn't understand. When I first reached the "configuration screen" I never saw that safestack option. Only two apart from docs.
When I changed repos, the screen also changed but again no safestack.

Enviado desde mi MI 5s Plus mediante Tapatalk