Messages

---> About the switch, I found it for a good price on Aliexpress, but I assumed that the VLAN network isolation would occur exclusively in the OPNSense settings so that there would be a way for the networks to communicate through the switch after isolation through the software. So, I'm wrong about VLAN isolation, right?

Unfortunately that is the case, you can NOT use VLANS with router software only.
What you could perhaps do is see if you can install DD-WRT or OpenWRT on one of your other routers (that were designated to be used as APs) and then they _could_ then be your managed switch albeit with much much fewer ports.

So you come calling a bug a misconfiguration based on not knowing how the product works; starting the thread without sings of courtesy (not even a Hello), not thanking anyone but finding a way to have a side dig at someone who took time out to try to help you (one of the most knowledgeable networking gurus out there).
Nice.

[model rtl8125bg]

> NIC on the motherboard + 2.5G NIC on the M.2 Wifi slot (model rtl8125bg - OPNSense LAN) + NIC on USB 3.0 (model RTL8153 - Home Assistant LAN)
Not good at all choices for freeBSD-based networking. Realtek is very poor supporting freeBSD. With USB as well, you can forget about stability and reliability.

Different geographies, different hardware availability, I get that. Just keep that in mind.
And yes, VLANs require a managed switch where they can be set. Unmanged switches put all ports in the same "network" ie. each port can talk to each other. That's the point of them.

We never got to verify the settings, so don't be surprised if the issues re-occur. Problems that just vanish are just likely to come back.
Thanks for confirming though. At least now you can more easily visualise/describe the layout.
I'm moving on now.

Most likely the page is calling other URIs, which aren't also whitelisted. You could use Ctrl+Shift+I on various web browsers to see it in the networking tab of that tool.

Interesting that you could not get one port to work but I can make nothing of that as yet.

I reckon foxint expects the box with OPN on it to behave as a consumer router, where ports are bridged by default. I think since there are switches available we leave that for now to keep it simpler. For now.

My interpretation of the landscape is attached. @foxint can you confirm or correct it. Make it easy for us, corrections make them graphic for now.
You cannot view this attachment.

Update. It seems to be working correctly and serving both bans and captchas.
One last thing to diagnose is a loop I get on the captcha or more specifically the bot-catching "captcha" aka turnstile. Almost there I think.
I've asked crowdsec in various places now just awaiting input.


Did you get it to work?

Yes I did and made a small How-To here https://forum.opnsense.org/index.php?topic=44839.0

And you are correct and my suspicion also was, the same thinking. There is no use in giving the HA logs to Crowdsec for that very reason. It is not aware how to process them. With my how-to, we make it it aware.

Hi Cookiemonster

Thank you.

I have tried to keep it simple all Windows 10 Pro OS on all PC's.

192.168.1.1   OPNsense Box HP Elite Desk i5            OPN Box
192.168.1.115   HP i5                     Movies
192.168.1.105   GA-X99-SLI-CF i7–5829K       Self-built   Back up
192.168.1.118   GA-X299-UD4 Pro-CF i9-7900X   Self-built   Main Back up
192.168.1.124   GA-X79-UP4 i7 3820         Self-built   Tax
192.168.1.144   GA-X299-UD4 Pro-CF i9-7900X   Self-built   Main
Future                           Back up II

Dynamic
192.168.1.151   NetCom Wireless
(old modem/router modem part not working)            Wireless Hub for Phone
192.168.1.152   Samsung                   Phone

NBN Box
TP-Link 2.5Gbit Switch 8 port.
TP-Link 1.0 Gbit Switch 8 port.
Netgear 1.0 Gbit Switch 24 port.


Outside world – NBN Box – TP-Link 2.5Gb Switch
NBN box – OPNsesnse box – TP-Link 2.5Gb Switch
Main – TP-Link 2.5Gb Switch
Main Back up – TP-Link 2.5Gb Switch
TP-Link 2.5Gb Switch – TP-Link 1.0Gb Switch
Movies – Netgear 1.0Gb Switch
Back up – Netgear 1.0Gb Switch
Netgear 1.0Gb Switch – TP-Link 1.0Gb Switch.

I could possibly remove the TP-Link 1.0Gb Switch and rout this all through the Netgear.

Hope this helps.

Dan

It helps a lot. Now please draw a logical (not physical) map of these connecting to each other. No need to go all fancy, draw with pen and paper and upload a picture. Please.

@foxint . What about a suggestion: let's get you on a stable setup first and then we look if the problems go away?
If you are agreeable, can you list your requirements, and your complete setup. That is mostly to get a lay of the land (your IT land). We can propose a decent setup.
- I'd like to know the list of equipment and the ip addresses you have set on them, specify where they are set. Their operating systems where known.
The main part I'm puzzled about is you said you have set static IPs on the machines' OS, so they're unknown to your router possibly. I would suggest to set them as static leases instead (this would be explained in time).
Then you could continue doing your transfers as you know how so far.
- Can you draw a picture of the setup, lines to boxes with names is all that is necessary. Take a photo with a phone and attach it to a post. Are you able to do that?
- What sort of machine you have setup OPN on, what are the NICs? The thinking is if you have realtek NICs they can be really unstable and drop your connections. Saying that, it is expected and said before that the traffic between devices through a switch will be unaffected by this. We need to know how these transfers are happening and why they might be apparently unstable.
What do you say?

Diagnosing more than that it seems.
- "Internet goes down". Symptoms could indicate actual ISP failure, modem failure, etc.
- "I cannot access any of my PCs on the LAN" . This is the one that will take time to unwrap.
And with MS Windows, that I am not good at. I might have to reduce my participation. Will help where I can.

[instead]

No worries.
You need now to change the clients from static IP on them to DHCP. Then you assign them on OPN instead. There is a dance to do but is a one off. Do you know how?
Unless you have no requirement to have the same ip always and then they'll just get the next available from the pool if they reboot and there is contention for it.

thanks for helping passeri. Good spot with the static leases.
@foxint - all good now?
As passeri says once you have re-allocated static leases to your clients on OPN OUTSIDE the dynamic range, which you seem to have done now, those clients will get reallocated when their leases expire UNLESS you have set them on the client themselves.
Explaination: say you have allocated your windows laptop an ip of 192.168.1.150 on the Windows Operating System, then it will not change to the one you allocated on OPN Sense.
Leases normally default to 2 hrs I think on DHCP(ISC) not KEA.

That is pretty useful for Mikrotik reference. I'll save this one.
Thanks for sharing!

Can you please show the settings on Interfaces | LAN. We're going to have to focus on device to device connectivity.

I could only get to "setting" – not sure where Services/Unbound/General is? But on my screen in General enabled is NOT ticked – should be it be ticked?

It's the one called "Unbound DNS". Sorry, I should have been clearer. What's there? You are spot on, is it ticked.