"
I should add: what I think fixed it was to completely isolate the WAN traffic on the switch. When it wasn't working, I suspect the VLAN configurations on my switch were leaking WAN traffic to other ports.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
25.7, 25.10 Series / Re: Switch in front of WAN
October 26, 2025, 06:28:14 AM
Thanks for the tips. I rechecked all the settings and tried it again, and it's now working with both modems connected to the switch, which is connected to the router. @maurice, I'll look at that DHCP client setting if I see this problem again in the future.
#3
25.7, 25.10 Series / Switch in front of WAN
October 26, 2025, 01:45:28 AM
I would like to put a network switch in front of the WAN gateway, so that:
Modem --> Switch --> Opnsense
I have a dual WAN configuration: WAN1 is cable (using DHCP) and WAN2 is DSL (using PPPoE).
To keep things simple, let's say the switch looks like the follows:
Switch port 1: native VLAN 101, connected to cable modem
Switch port 2: native VLAN 102, connected to DSL modem
Switch port 3: VLAN 101 and 102 are tagged, connected to OPNsense
On OPNsense, I configure WAN1 and WAN2 to use VLAN 101 and VLAN 102, respectively. (To be specific, I configure WAN1 to use VLAN 101 directly, while I configure PPPoE to use VLAN 102).
This works perfectly for the WAN2 on the DSL modem. However, for the cable modem on WAN1, the OPNsense gateway initially gets the private IP address for the cable modem (192.168.100.1), but then it is unable to get the DHCP address for the internet and it marks the gateway as unavailable. Note that WAN1 works correctly if I connect the cable modem directly to OPNsense on a physical port.
Any advice would be appreciated.
Modem --> Switch --> Opnsense
I have a dual WAN configuration: WAN1 is cable (using DHCP) and WAN2 is DSL (using PPPoE).
To keep things simple, let's say the switch looks like the follows:
Switch port 1: native VLAN 101, connected to cable modem
Switch port 2: native VLAN 102, connected to DSL modem
Switch port 3: VLAN 101 and 102 are tagged, connected to OPNsense
On OPNsense, I configure WAN1 and WAN2 to use VLAN 101 and VLAN 102, respectively. (To be specific, I configure WAN1 to use VLAN 101 directly, while I configure PPPoE to use VLAN 102).
This works perfectly for the WAN2 on the DSL modem. However, for the cable modem on WAN1, the OPNsense gateway initially gets the private IP address for the cable modem (192.168.100.1), but then it is unable to get the DHCP address for the internet and it marks the gateway as unavailable. Note that WAN1 works correctly if I connect the cable modem directly to OPNsense on a physical port.
Any advice would be appreciated.
#4
Hardware and Performance / Dual WAN/Dual router
May 15, 2023, 09:13:10 PM
tl;dr: How do you setup CARP where each router has its own modem, but under normal operation the modems are setup for load balancing.
Background: At my work data center, I configured CARP with two routers sharing a fixed /29 WAN block. It works great.
At home, I currently have a single router with dual WAN. My residential WAN providers use DHCP (cable) and PPPoE (DSL). Currently I use two gateway groups: one with cable in Tier 1 and DSL in Tier 2, the other gateway group with the Tiers reversed. Then I have firewall rules that pick the gateway group based on the traffic type, so that I can prioritize traffic on the different gateways.
Now I want to add a second opnsense router for high availability at home. Unless I'm missing something, I see no good way for me to setup CARP VIP for the WAN. What I'd like to do is connect each modem to a single router and setup a CARP VIP only for the LAN. And to handle the load balancing and WAN failover, I would setup opnsense2 as a second gateway for opnsense1, and vice versa, perhaps using a dedicated interface/LAN. Any further suggestions would be appreciated.
Background: At my work data center, I configured CARP with two routers sharing a fixed /29 WAN block. It works great.
At home, I currently have a single router with dual WAN. My residential WAN providers use DHCP (cable) and PPPoE (DSL). Currently I use two gateway groups: one with cable in Tier 1 and DSL in Tier 2, the other gateway group with the Tiers reversed. Then I have firewall rules that pick the gateway group based on the traffic type, so that I can prioritize traffic on the different gateways.
Now I want to add a second opnsense router for high availability at home. Unless I'm missing something, I see no good way for me to setup CARP VIP for the WAN. What I'd like to do is connect each modem to a single router and setup a CARP VIP only for the LAN. And to handle the load balancing and WAN failover, I would setup opnsense2 as a second gateway for opnsense1, and vice versa, perhaps using a dedicated interface/LAN. Any further suggestions would be appreciated.
#5
23.1 Legacy Series / Re: Name resolution on opnsense device
January 27, 2023, 12:53:55 AM
Nevermind. Side-effect of an unrelated change on my LAN. Everything is fine now.
#6
23.1 Legacy Series / Name resolution on opnsense device
January 27, 2023, 12:29:58 AM
I have some firewall aliases that depend on LAN name resolution, ex: "servers" could be a firewall host alias pointing to server1.mydomain.com and server2.mydomain.com. unbound is resolving these correctly: on a LAN computer, the command
host server1.mydomain.com
returns something like: "server1.mydomain.com has address 192.168.16.250".
Unfortunately, if I ssh onto the opnsense device itself, it's unable to resolve this: host server1.mydomain.com and dig server1.mydomain.com both hang. However, dig @localhost server1.mydomain.com returns the correct values on the opnsense device. So it looks like a DNS config issue on opnsense.
This is a regression in 23.1: this configuration worked fine in 22.7 and earlier. Any advice is appreciated.
host server1.mydomain.com
returns something like: "server1.mydomain.com has address 192.168.16.250".
Unfortunately, if I ssh onto the opnsense device itself, it's unable to resolve this: host server1.mydomain.com and dig server1.mydomain.com both hang. However, dig @localhost server1.mydomain.com returns the correct values on the opnsense device. So it looks like a DNS config issue on opnsense.
This is a regression in 23.1: this configuration worked fine in 22.7 and earlier. Any advice is appreciated.
Pages1
