Show Posts
1
Tutorials and FAQs / Re: Total beginner: How to setup 2 segment Network with VPN for only 1?
« on: January 06, 2023, 04:48:37 pm »
Firstly, thanks for the quick reply, (please excuse typos of last post, i had worked all night)
Actually thanks for multiple things:
-
A) Thanks for pointing me to CISCO CCNA networking course:
-
I am super excited to see all the information i wanted at one place! I always wanted to learn all this, i was the only 8th grade kid in my school using dual boot system with Linux Red hat as primary system, (those days p2p sharing was evolving, kazza to limewire, later torrents etc), but school or family never supported, and then later in life, pressing priorities drifted me away.. Although professionally i work in 3d architecture designing, but i want to get back to networking interest, and since my country is rapidly becoming like North Korea and china, now i am ditching windows, back to linux, i plan to use windows in virtual box for 3d designing and adobe suite.
-
A part of me almost feels i should talk to you after i do the course, but then it is a 120-hr training, and 1-year certification, and maybe after course i won’t need to bug you, lol. But i need to get started.. with basic hardware, then i will keep studying that course, and exploring my own OPNsese router with it, step by step. I found Udemy courses also with same syllabus (and few local institutes to physically go and study also), although i dont plan on becoming Network engineer, but i will definitely do online version of this (maybe side hustle use? but it’s really a hobby). For anyone else like me, here is a link of cisco basic CCNA program:
-
https://learningnetwork.cisco.com/s/ccna-exam-topics?ccid=ccna&dtid=website&oid=cdc-ccna-exam-step1
-
-
B) Thanks for the rfc-editor link, : My ISP case, is Tighter! MANY like me are stuck ***
-
Ok, i am trying keep privacy but still should reveal, i am from North India, and here we basically have Duo-poly of two ISP : "Airtel Vs Jio" (almost 45-45 market share), the other ISPs constitute maybe 10-20%, and our ISP put us in a strict "CG-NAT", majority of us don’t have unique or static IP (we need to pay extra per month to get lease of Static ip4 address), so most people cannot have remote access (unless they figure a VPN workaround), so trust me, there are MILLIONS like me who are trying to accomplish what i am trying to do here! And yes, by Millions, i literally mean MILLIONS! In India there is no shortage of population, lol. Imagine every other kid here trying to download torrent but his ports wont forward due to CG-NAT. (the only way around is VPN that allows torrents)
-- But on flip side, our ISP are very controlling and misleading,
For example:
The routers+modem they offer as “free” are actually the only ones that work (they don’t let us install own modems, they make their router’s MAC id connected to our account.. for security?), plus their routers have firmware access pages locked, even PPOE locked, so you cannot set bridge mode yourself (unless you hack firmware). And when you call customer care, and ask for enabling "Bridge Mode", they mislead by saying Bridge Mode is possible only if your buy a Static IP, upselling their own stuff. So majority people have un-encrypted data going everywhere, and ISP make double money: a) with internet services and b) more by selling your private data, their real bread and butter*.
- (And oh, their router has TR-069 management locked, they reboot from their end, change things from their end, and even when they do enable Bridge mode for some people who fight for it, its strange they enable bridge on only 3rd or 4th LAN port, and may users report that makes situation worse… weird controls…)
-- Anyways, I will deal with this, I have had to win many fights with them before, I just need to have my plan set first, but again, I am writing this because there are MANY like me, and I hope this forum helps those millions, there is no YT video of people using OPN-sense router with Indian ISP, if you made such video, you will get hundred of thousands of views! (but ofcourse, I am no expert nor planning cheap publicity, but I will link this post to Indian Broadband forums* I have liked OPNsese community more than pfsense for some reason, mostly that fake website history, any-who)
-
Question 1: For my Segmented Network+VPN project, Having ISP modem in Bridge mode will suffice? Or do I actually need to have static IP? (I am not planning remote access anytime soon though* I have 300mbps plan)
-
Question 2: Please confirm the hardware aspect, the flow chart picture that I attached, do you think it will work? Or do I need to buy separate switch also?
Also, I noticed pictures are visible only to people who have account here, so step wise flow chart in words:
-
----> 1) ISP Modem at Home (in bridge mode, wire from its LAN to WAN of MiniPC)
----> 2) “OPNsense on MiniPC with dual NIC, 1st onboard, 2nd in PCIe slot
(configure PPPoE, define network segments (subnets), firewall rules for each subnet, define VPN access for different subnets OPT1, aceess for non trusted clients without VPN on OPT2)
----> 3) AP-1 = Tp-Link WiFi 6 dual-band router (in AP mode, wired to OPT1 serving subnet with VPN, for family, trusted clients)
----> 4) AP-2 = D-Link ADSL router 300Mbps (in AP Mode, wired to OPT2 serving subnet without VPN access, for guests/non trusted clients)
-
Will this hardware be enough?
--- (need to ask dhcp n ssid stuff later*)
-
I see, most popular YT videos like network chuck, tom from Lawrence etc, they indicate setup:
1) ISP-Modem ---> 2) OPNsenseMini-Pc ----> 3) Switch -----> 4) WirelessAccessPoint
-
(In this case, I will have to buy switch… and still have 2 separate access points? Or single WAP can serve two different subnets With VPN and Non VPN? Do you prefer this setup?)
-
Practically speaking, all this will have to be physically placed and powered in one area (in a new open cabinet, in centre of house, next to TV), so I am really trying to keep it as concise as possible, at present I have only 1 ISP modem doing everything, (so adding 4 more devices, I will really have to softly pace my family for this! Lol)
-
Please help me clarify my initial hardware setup, I will definitely keep updating my progress, so this post may move little slow as I arrange hardware etc, but it should definitely reach a SOLVED handsomely status in the end! (I WILL link this to Indian broadband forums, hopefully more people join here). So let’s try and make this post useful for everyone.
-
Thanks and Regards.
Actually thanks for multiple things:
-
A) Thanks for pointing me to CISCO CCNA networking course:
-
I am super excited to see all the information i wanted at one place! I always wanted to learn all this, i was the only 8th grade kid in my school using dual boot system with Linux Red hat as primary system, (those days p2p sharing was evolving, kazza to limewire, later torrents etc), but school or family never supported, and then later in life, pressing priorities drifted me away.. Although professionally i work in 3d architecture designing, but i want to get back to networking interest, and since my country is rapidly becoming like North Korea and china, now i am ditching windows, back to linux, i plan to use windows in virtual box for 3d designing and adobe suite.
-
A part of me almost feels i should talk to you after i do the course, but then it is a 120-hr training, and 1-year certification, and maybe after course i won’t need to bug you, lol. But i need to get started.. with basic hardware, then i will keep studying that course, and exploring my own OPNsese router with it, step by step. I found Udemy courses also with same syllabus (and few local institutes to physically go and study also), although i dont plan on becoming Network engineer, but i will definitely do online version of this (maybe side hustle use? but it’s really a hobby). For anyone else like me, here is a link of cisco basic CCNA program:
-
https://learningnetwork.cisco.com/s/ccna-exam-topics?ccid=ccna&dtid=website&oid=cdc-ccna-exam-step1
-
-
B) Thanks for the rfc-editor link, : My ISP case, is Tighter! MANY like me are stuck ***
-
Ok, i am trying keep privacy but still should reveal, i am from North India, and here we basically have Duo-poly of two ISP : "Airtel Vs Jio" (almost 45-45 market share), the other ISPs constitute maybe 10-20%, and our ISP put us in a strict "CG-NAT", majority of us don’t have unique or static IP (we need to pay extra per month to get lease of Static ip4 address), so most people cannot have remote access (unless they figure a VPN workaround), so trust me, there are MILLIONS like me who are trying to accomplish what i am trying to do here! And yes, by Millions, i literally mean MILLIONS! In India there is no shortage of population, lol. Imagine every other kid here trying to download torrent but his ports wont forward due to CG-NAT. (the only way around is VPN that allows torrents)
-- But on flip side, our ISP are very controlling and misleading,
For example:
The routers+modem they offer as “free” are actually the only ones that work (they don’t let us install own modems, they make their router’s MAC id connected to our account.. for security?), plus their routers have firmware access pages locked, even PPOE locked, so you cannot set bridge mode yourself (unless you hack firmware). And when you call customer care, and ask for enabling "Bridge Mode", they mislead by saying Bridge Mode is possible only if your buy a Static IP, upselling their own stuff. So majority people have un-encrypted data going everywhere, and ISP make double money: a) with internet services and b) more by selling your private data, their real bread and butter*.
- (And oh, their router has TR-069 management locked, they reboot from their end, change things from their end, and even when they do enable Bridge mode for some people who fight for it, its strange they enable bridge on only 3rd or 4th LAN port, and may users report that makes situation worse… weird controls…)
-- Anyways, I will deal with this, I have had to win many fights with them before, I just need to have my plan set first, but again, I am writing this because there are MANY like me, and I hope this forum helps those millions, there is no YT video of people using OPN-sense router with Indian ISP, if you made such video, you will get hundred of thousands of views! (but ofcourse, I am no expert nor planning cheap publicity, but I will link this post to Indian Broadband forums* I have liked OPNsese community more than pfsense for some reason, mostly that fake website history, any-who)
-
Question 1: For my Segmented Network+VPN project, Having ISP modem in Bridge mode will suffice? Or do I actually need to have static IP? (I am not planning remote access anytime soon though* I have 300mbps plan)
-
Question 2: Please confirm the hardware aspect, the flow chart picture that I attached, do you think it will work? Or do I need to buy separate switch also?
Also, I noticed pictures are visible only to people who have account here, so step wise flow chart in words:
-
----> 1) ISP Modem at Home (in bridge mode, wire from its LAN to WAN of MiniPC)
----> 2) “OPNsense on MiniPC with dual NIC, 1st onboard, 2nd in PCIe slot
(configure PPPoE, define network segments (subnets), firewall rules for each subnet, define VPN access for different subnets OPT1, aceess for non trusted clients without VPN on OPT2)
----> 3) AP-1 = Tp-Link WiFi 6 dual-band router (in AP mode, wired to OPT1 serving subnet with VPN, for family, trusted clients)
----> 4) AP-2 = D-Link ADSL router 300Mbps (in AP Mode, wired to OPT2 serving subnet without VPN access, for guests/non trusted clients)
-
Will this hardware be enough?
--- (need to ask dhcp n ssid stuff later*)
-
I see, most popular YT videos like network chuck, tom from Lawrence etc, they indicate setup:
1) ISP-Modem ---> 2) OPNsenseMini-Pc ----> 3) Switch -----> 4) WirelessAccessPoint
-
(In this case, I will have to buy switch… and still have 2 separate access points? Or single WAP can serve two different subnets With VPN and Non VPN? Do you prefer this setup?)
-
Practically speaking, all this will have to be physically placed and powered in one area (in a new open cabinet, in centre of house, next to TV), so I am really trying to keep it as concise as possible, at present I have only 1 ISP modem doing everything, (so adding 4 more devices, I will really have to softly pace my family for this! Lol)
-
Please help me clarify my initial hardware setup, I will definitely keep updating my progress, so this post may move little slow as I arrange hardware etc, but it should definitely reach a SOLVED handsomely status in the end! (I WILL link this to Indian broadband forums, hopefully more people join here). So let’s try and make this post useful for everyone.
-
Thanks and Regards.