Messages

Hello @Patrick Hausen

I deeply apologies for the delay in thank you you for your reply

Sorry i was not clear.

I should have said firewall rules Yes i plan to set my IOT on a seperate vlan this is the easy part.

to be specific all my servers will need to access the internet if only to get updates. this is not often
my pcs and htpcs will have daily access to the www. However all my iot  devices do not need to access the www. all ota updates for these devices will come from HA which is installed on the same box as opnsense. In this case HA will download the update and i will perform the device update ota via HA.

In my simple understanding i created VLANs for servers 192.168.10.xxx one for IOT 192.168.20.xxx one for my HTPc's and Receivers 192.168.1.30.xxx and one for all other devices 192.168.1.xxx

All pc's can talk to one another  and to my servers.

Besides the  the access to the www for the reasons mentioned here. I currently use tailscale (in the near future wireguard) to remote access  my environment (mostly by phone or one of my laptops)

I plan to give remote access to family members and 2 friends. This is what i want to control and ensure they only access certain media.

As a matter of fact my live deployment of  has been delayed

Now a different developmen thas arised

I need to change my Radio based ISP (because of issued when storms occur) to the new FWA solution which operates at a lower frequency and apparently will not be affected by storms because it operates at a lower frequency (way beyond my level of understanding)
.


I will open a new thread for this learning

once again thank you
 
     

Hello all

I am in the throws of deploying opnsense (after 2 years) and i have the following project to be deployed next week.

1) go live with opnsense

2) re-assign ip4 addresses in a more logical sequence. I currently have dhcp assignments from 192.168.1.50 to 192.168.1.99. I also have about 20 IOT devices that i would want to reassign

3) start deployment of security system. Ther cameras, video doorbell and keypad will be installed on wednesday of next week

I do not use any cloud service for any devices or solutions. I am using a proxmox server as my main server and on this server i am running truenas scale, opensense and home assistant as VM and Tailscale qan pihole as LXC. In addition I have a backup bare metal truenas scale. I have 6 pcs around the house.

The truenas servers hold very personal documents and generic media

My server only connect to the internet to receive updates and to allow me (and a few individuals) remote access to everything (me) and only to certain datasets the other individuals 
I kind understand the need and i kind of know how to set up virtual networks.

My thinking would be to to setup a vn for all my servers one for my iot one for my pcs and one for guest (mainly individuals coming to my home and connecting their phone). I would like to build certain automation (emergencies) in home assistant to notify authorities. In addition HA will need to push notifications (including pictures and or videos from my security solution to my phone.

Can someone please direct me to documentation on where to learn and find best practices to set firewalls? In addition do I need to set up firewalls?

Thank you all in advance for the assistance provided

       

Thank You for your reply

therefore. if i understand you correctly,

Once I change the NIC on the dell to accommodate 2.5 and 10gb connections and build my VLANs on OPNsense

I would then connect my servers to a 10gb lan port  each and this would be VLAN10 for servers
Connect to a 2.5gb port my access points (2) and call this VLAN20
Connect my Managed switch to a secondary 2.5gb port of the OPNsense server this will be Vlan30   

i will need to change my GS724T  to a similar managed switch because it does not have 2.5gb capability and connect Vlan20 and vlan30 assign ports from this switch and via cable connect to regular dumb switches (with 2.5gb) in each room. Then all my devices in this room will connect  to the dumb switch in that room.


My IOT devices and friends will connect to the guest point on my access points   

From a  high level view does this work and  makes sense?

Thank you

Replicate the VLANs on this switch and connect my HTPCs 

Then connect each room   

Hello all

I have been tinkering with OPNsense on or off for the last year.


I have OPNsense running (in a vanilla configuration) as a Proxmox VM on a dell r720 and for learning ant trying it out it runs perfectly.

The R720 is then connected to a managed switch (netgear GS724t) and I will my use 2 older ausus routers as wifi access points. These access points all have guest network access control> simple

I have:
2 servers running truenas
2 PCs
2 HTPC
and 2 tablets (running  Home assistant dashboards)
100mbps service from my IP provider 

No Vlans or anything else for that matter (i'm now learning on how to configure vlans and firewalls rules)

Now is the time that i will deploy it on my network.

This will mean moving the rack to my loft.


The HTPCs the TV, AMP and the PCs to a new local 2.5 gb switch In 3 rooms)  all swithwes will be connected with 6E directly from the OPNsense environment  (the HTPCs will have new NIC installed)

Since the time i started to learn and tinker with OPNsense technology has advanced to the point that I will take this opportunity to upgrade and improve my LAN environment.

My 2 objectives are:

   
• increase my lan from 1gb to 2.5 gb for my PCs
• Connect my server with a 10gb connection between them and have a 2.5gb access for the PCS
• Allow remote access to my music (Jellyfin) and document environment (considering Tailscale) for myself and a few others

To achieve this, i will need to add/replace my NIC on the r720, the HTPC and some PCs to allow 2.5 and 10gb lan


My question


If i construct VLANs on OPNsense, do i need to connect OPNsense to a smart switch?


or Can i just connect the r720 to simple switches and then connect all my devices to the local switch




Thank you so much for your patience, guidace and help in this matter

Hello all

I'm new to OpNsense.

I will use this solution as mu main router and firewall for my home environment

I installed in Proxmox on a dell r720. At the moment OPNsense is not operational because i'm still learning.  i plan to make it my main router and firewall solution by end of August.

In addition to OPNsense the Proxmox on the dell R720 will have as VMs Home Assistant and Tuenas

I need to have wifi functionality for Home Assistant to connect some devices

I currently run an Asus RT 87U as my main router and a DSL AC68U  as a wifi access point

I would also like to turn the RT87U in to an access point in september when i will go live with OPNsense

These 2 access points are connected via wireline to each other at the moment and at a later date to proxmox

My questions:

When i will make OPNsense my main router in September, will i need to add to the proxmox server a USB dongle with a wifi capability?

Or will OPNsense and all other VMs on the same proxmox server will serve wifi access point for for the server?

Or will i need to passthrough the wifi USB to Home Assistant 

Many thank for your patience and help in this matter.

Be all well

Hello all


I have currently installed OPNsens 2.7 1.11 as a VM on Proxmox  on a DELL R710 for home use

I have been learning OPNsense and I added it as a VM on proxmox 7 late last year. As far as i can tell all is working well with no issues. I later added Home Assistant OS as a vm

Now the time has come to make OPNsense my main router for my house.

I would like to add a wifi 6 USB and wifi powerline repeaters to this mix.

1) would this be possible/make sense or work?

3) would i need to pass it through from proxmox to OPNsense and Home assistant

2) i see that a version 23.1 is available. however when i go to updates i do not see it available. How do i upgrade to this version ?  I can not see this upgrade ?

Hi

@pmhausen

thank you for your prompt reply. I will re-install opnsense as you directed

Hence my understanding
add a virtual disck to the VM
add the iso to that disk
Install

Once installed
stop the vm
edit the vm by
remove the virtual disck from the vm... save
power on the vm

brilliant

BTW i will move to this opnsense solution in november. the ml350 has only 2 rj45 connections.

in your opinion:
should i buiuld my vlans in opnsense * i would need too buy a 4 port nic
or
should i use the 2nd rj45 and connect it to the gs724t that i use as a switch and build the vlan on the switch?

once again thank you

Hello all

I'm new to opnsense and i'm not an it guy

My Current setup
Router: asus rt ac87u with ip 192.168.1.1

I was gifted an HP ml 350 g6 with vmware 6.7 installed.... great (btw i know nothing about vmware and i'm learning as i go)

I set up opnsense according to youtube video i saw.

opnsense will boot up and give me an ip 192.168.1.1 great

I login as root and opnsense selec 2 to change the ip to 192.168.1.5

I go to the GUI at that address and configure OPNsense in a vanilla configuration great.
( i do not want opnsense to be my main router for the moment or anything else until i know what i'm doing.

Once this is achieved i will make opnsense my main router and my asus  as an access point)

my issue;

When i login to opnsense via a web page and i configure it, I then go to the dashboard. I see a message thast i'm running on a installation media and i should reboot. Fine

in the vm it does reboot

when it finishes it presents to me ther original ip address 192.168.1.1  why?

I changed the lan ip in the configuration in the gui and in the shell in option 2
what am i missing?
thank you in advance for your help

Hello all

I'm new to opnsense and i'm not an it guy

My Current setup
Router: asus rt ac87u with ip 192.168.1.1
I was gifted an HP ml 350 g6 with vmware 6.7 installed.... great (btw i know nothing about vmware and i'm learning as i go)

I set up opnsense according to youtube video.

opnsense will boot up and give me an ip 192.168.1.1 great

I login as root and opnsense selec 2 to change the ip to 192.168.1.5
I go to the GUI at that address and configure OPNsense great.
( i do not want opnsense to be my router or anything else until i know what i'm doing. Once this is achieved i will make opnsense my main router and my asus  as an access point)

my issue
When i login to opnsensean i configure it and then go to the dashboard. I see a message thast i'm running on a installation media and i should reboot. Fine

in the vm it does reboot

when it finishes it presents to me ther original ip address 192.168.1.1  why?
I canged the lan ip in the configuration and in the shell wehat am i missing
thank you in advance for your help

no worries solved

hello all

hello all

I am a newbie at opnesens. I managed to install it on a dell r710.

This is a vanilla installation. No vlans no firewall.

opnsense lan is connected (192.168.1.2) to a dumb switch and i do see the other attached devices

from my pc which is in an other room i can access the opnsense server

my wan is set to ppoe with username and password from eolo (ISP) mtu 1500

the dashboard gives me messages than wan is up and displaying ip addresses from the isp
lan 192.168.1.2
wan 100.119.92.52  (i think this is an ipv6 address) how do i change it?
wan-gw 81.74.xx.xx.

the DNS i tried with 8.8.8.8 and with the DNS server address supplied by the ISP to no avail

I can ping www.yahoo.com and googlw .com with success

Yet i cannot access the internet from other devices

this solution is still in development phase. i still need to purchase the necessary smart switches and more powerlines


what am i missing?

Thank you

hello all

i spent the last week fixing the server that arrived damaged. Now its up and running and i installed opnsense on it.

I spent a lot of time designing on paper what my lan. After reading  documents and youtube videos I would look like to know if my version 8 i  which i wanted to upload my drawing to this message (because a picture equals 1000 words) to no avail because its too large. I also posted on forums for tp link d link and netgear but no response from them.

to recap

i would have
my main lan 192.168.1.x To Connect all my computers and servers
Vlan 20        192.168.2.x  to connect my 2 APs
Vlan 30        192.168.3.x  to connect my IOT

I will assign vlan 20 vlan 30 and main lan to a port in opnsens connect this port to the loft main smart switch

In the Loft main smart switch I build the same vlans.
to on trunk on the switch i assign vlan 20 vlan 30 and main lan to this trunk i will connect the powerline
to an other port on the managed switch I assign Vlan 20 and valn 30 (to connect the AP) which will have Home and guest networks and i will also assign to the guest network to the wireless projector. Here i still have my doubts.
to an other port on the managed switch i assign vlan 30 *to connect my home automation solution)
to an other port on the managed switch (this will be untagged) i will connect my servers (192.168.1.x) via a switch

now to the powerline connected to the loft smart switch i connect
1 pc via powerline in the office (192.168.1.x)
1 pc via powerline in the bedroom (192.168.1.x)
1 pc via powerline in the barn (192.168.1.x)

Living Room
1 powerline connected to local managed switch which has vlan 20 assigned to a port  to which i connect an additional AP,  vlan 30 assigned to a port to which i connect the tv and to an un-tagged port i connect the local HTPC

Home Theater
1 powerline connected to local managed switch which has vlan 30 assigned to a port  to which i connect  connect the Denon  and to an un-tagged port i connect the local HTPC

I hope this is clear enough to allow you to please provide me with your opinion or recommendation on this design.

I thank you all in advance for all the help you are providing me

hello all

I am a neophyte at opensense.

after a weekend spent to build and configure a dell r710 and after spending time to properly have the usb port read my usb, i finally got to install opnsene 20.1 on a 1tb hd.

Now I have the server boot and go straight to the opnsense script

I know nothing about opnsense and i am learning from the installation guide and the videos on youtube.

I did not assign lan or wan during the scipt.  The server is connected to one port of the NIC.

I do not want to use this server as a router for the moment therefore i did not assign a lan address.. if i add a lan ip from the console menu I assign an on the console level i assign a  it as dhcp

issues

1) why during the boot phase of opnsense do i always get ask for credentials before displaying the console menu?

2) how do i stop this?

Thank you for your patience and response

yes i agree with you however i read that if i put on the main switch a powerline on a untagged port and a second powerline on a trunk hosting the vlans the powerline effectively will consider this having 2 seperate networks

I wrote to d-link forum to ascertain that if i have my local laptops connected to their local powerline with their IP belonging to my private lan.

the main switch should be, once it receives the communication (regardless of the receiving powerline), to identify the sending IP and the sending mac address. from the packet and route it to the right destination based upon the rules for that ip address (or mac address)

The alternative is to put all vlans on one trunk connect to that trunk the powerline  and the the end of any powerline install a small manged switch. I would really prefer to avoid this because one of the laptops is in my room and the other in what was a barn that i converted into a summer kitchen and outdoor dining. This laptop only serves to play music when we are eating or drinking outside (like tonight)