Show Posts
1
Virtual private networks / Re: opnsense as a router on a stick
« on: October 26, 2023, 08:32:03 am »
Thank you ilya_rt for the response.
What is your current Opnsense router configuration?
My Opnsense router has two interface: WAN and LAN.
=> The WAN interface is connected to a Broadband modem with static a IP and gateway to the ISP
=> The LAN interface is connected to a cisco managed switch with 3 VLANs
I set the IP for my LAN to 172.31.255.254/29 and on the cisco switch (port 1/0/1) to 172.31.255.249/29.
The VLANs on the cisco managed switch are as follows:
* VLAN 300 ip address: 10.0.30.254/24
* VLAN 16 ip address: 172.16.16.254/24
* VLAN 1 ip address: 172.17.16.254/24
I create routes on Opnsense to the VLANs on the cisico managed switch with 172.31.255.249 being the
Gateway for each route.
So, diagrammatically:
ISP <=> (wan) OPNSENSE (lan) <=> SWITCH00 <=> CISCO MANAGED SW (VLANs)
I have connected my Laptop to SWITCH00 to be able to access Opnsense and the CISCO VLANs and my internal network. My LAptop IP address is 172.31.255.250/29.
From my laptop I can reach the internet through the Opnsense router. I can ping the VLAN from my Laptop also.
However, none of the VMs and devices on my VLANs can reach the internet. The default route on the CISCO managed switch is: ip route 0.0.0.0 0.0.0.0 172.31.255.254
I can ping the Opnsense LAN ip (172.31.255.254) and WAN ip (199.x.x.x) from the hosts on the VLANs, but I cannot ping anything on the internet.
I created Aliases on Opnsense for my VLAN networks as follows:
dc_vlan01: 172.17.16.0/24
dc_vlan16: 172.16.16.0/24
dc_vlan300: 10.0.30.0/24
I have a floating rule on Opnsense firewall to allow traffic from dc_vlan01, dc_vlan16, dc_vlan300 through LAN net to any . This I am expecting will allow for the VLAN hosts to get internet, but that is not working.
What should I do to change this?
What is your current Opnsense router configuration?
My Opnsense router has two interface: WAN and LAN.
=> The WAN interface is connected to a Broadband modem with static a IP and gateway to the ISP
=> The LAN interface is connected to a cisco managed switch with 3 VLANs
I set the IP for my LAN to 172.31.255.254/29 and on the cisco switch (port 1/0/1) to 172.31.255.249/29.
The VLANs on the cisco managed switch are as follows:
* VLAN 300 ip address: 10.0.30.254/24
* VLAN 16 ip address: 172.16.16.254/24
* VLAN 1 ip address: 172.17.16.254/24
I create routes on Opnsense to the VLANs on the cisico managed switch with 172.31.255.249 being the
Gateway for each route.
So, diagrammatically:
ISP <=> (wan) OPNSENSE (lan) <=> SWITCH00 <=> CISCO MANAGED SW (VLANs)
I have connected my Laptop to SWITCH00 to be able to access Opnsense and the CISCO VLANs and my internal network. My LAptop IP address is 172.31.255.250/29.
From my laptop I can reach the internet through the Opnsense router. I can ping the VLAN from my Laptop also.
However, none of the VMs and devices on my VLANs can reach the internet. The default route on the CISCO managed switch is: ip route 0.0.0.0 0.0.0.0 172.31.255.254
I can ping the Opnsense LAN ip (172.31.255.254) and WAN ip (199.x.x.x) from the hosts on the VLANs, but I cannot ping anything on the internet.
I created Aliases on Opnsense for my VLAN networks as follows:
dc_vlan01: 172.17.16.0/24
dc_vlan16: 172.16.16.0/24
dc_vlan300: 10.0.30.0/24
I have a floating rule on Opnsense firewall to allow traffic from dc_vlan01, dc_vlan16, dc_vlan300 through LAN net to any . This I am expecting will allow for the VLAN hosts to get internet, but that is not working.
What should I do to change this?