Messages

It's possible that the VLAN configuration on your switch is a bit tricky!

In settings, go to VLAN - then PORT.  Make sure your port that you want to be on VLAN 4 UNTAGGED are set to PVID 4.  (It needs to match one side vs. the other. If OPNSense is conneced directly to this without an intermediate switch, the VLAN 4 thing needs tto be set to PVID 4 - Primary Vlan ID)

On my TPLink, you need to set not just You need to do the following, if you're using 'untagged" VLAN 4 on the OPNSense side

The port on the other side shgould be configured to be Untagged, and VLAN 4 - but you also need to go to the "NATIVE VLAN" setting, 

Someone please check me on this, but: you may need to disable outbound NAT for traffic originating in your OPNSense/VM LAN going to Home LAN

i.e. outbound  NAT rule:

Source: 192.168.2.0/24
Destination: 192.168.1.0/24
Check "Do Not NAT" (or similar). Please someone let me know if I'm wrong there, but, I think there's a risk of doing asymmetric NAT / routing otherwise?

I'm sorry to drag this thread back from the depths, but, to an extent, wasn't all of the IPv6 stuff here started because "I need to be able to use OpenVPN from outside my network, so I need a static IP?" I skimmed the thread, so I may have missed stuff, but, why not do what I do?

Use a VPS or other server elsewhere with a static IP, and have that proxy your VPN connection stuff. (Or use any of a number of other similar solutions.) Basically: My OPNSense box - behind starlink - drills an outbound OpenVPN tunnel to my Linode VPS. That VPS has an iptables rule that basically passes all traffic it gets (on my custom OpenVPN port) back across the VPN tunnel to my OPNSense box.

You can use certificates to avoid MITM attack risk, and the performance hit is about ~10ms for me. The hit there is small enough that it's WAY better to use that vs. the connection that goes directly to my DSL line w/o those extra hops, because of the MASSIVELY improved bandwidth on Starlink.

Just my two cents - and, maybe a good 'backup option' - if you're willing to spend ~$5 USD to get a VPS/shell account/whatever somewhere.

[Source IP:]

So, I'm coming from a "previous project" background - apologies if I get any of this wrong!

Probably you want outgoing mail to *never* go out via WAN_2 - Starlink, right?

So, you'd create a firewall rule - on LAN (or your DMZ if it's a seperate network)
The rule will look like:

• Source IP: Mail Server
• Destination IP: All
• Destination Port: 25
• Transport/Protocol: TCP
• Gateway: WAN_1GW This is the magic bit!

(Why did I post if I'm not current w/OPNSense? Well, my OWN starlink setup just arrived, so it's time to get away from my nightmare bonded DSL - 12 megabits, WOW - and I'm going to want to use a real platform; I was curious how people's experience with Starlink & its various bits were!)