Show Posts
1
General Discussion / Issues with migration to OPNsense setup
« on: December 12, 2023, 06:57:48 pm »
Hi all.
My existing setup: 1 x Tp-link ER605 with 1 WAN connection (1Gb PPPoE) on WAN port; 1 x UniFi USW-Lite-8-PoE on one LAN port; 1 x UniFi USW-Flex-Mini on another LAN port and 1 x AP Unifi U6 Pro on another LAN port. Setup also include 1 x UCK G2 Plus connected in one port from UniFi USW-Lite-8-PoE.
Existing vlans: MGMT (with all router, switches, AP and cloud key MGMT IP addresses), admin vlan 10 with trusted devices, IoT vlan20 with IoT devices, DMZ vlan 40 with some servers, guest vlan ... all distributed among this unifi devices (wireless and wired).
Because of security reasons (IDS/IPS firewall etc) I want to migrate existing Tp-link ER605 -> to one OPNsense box. For this purpose I aquire one Hunsn RJ38 box with 16Gb ddr5 and 250 Gb NV2 storage.
So far so good - my fault was that I did not read enough before - in order to prepare for this migration.
In my mind I never though that my biggest problem would be the fact that: this minipc's are not switches !
So my initial ideea, to connect existing switches + AP to one of each 2.5Gb intel ports from Hunsn RJ38 box goes very wrong from the begining.
I found out that the ideea of trunking some vlans on each LAN interface from this box its not so easy because basicaly each of this physical interface its basicaly a layer 3 interface with his own IP subnet behind.
After reading more today I found out a posible solution with concept of LAN bridge but also this solution its not recomended (even by OPNsense - https://docs.opnsense.org/manual/how-tos/lan_bridge.html).
So please if you have any ideea - how can I replicate my existing setup in a way simmilar on this OPNsense box - please give me some ideeas.
Thanks
My existing setup: 1 x Tp-link ER605 with 1 WAN connection (1Gb PPPoE) on WAN port; 1 x UniFi USW-Lite-8-PoE on one LAN port; 1 x UniFi USW-Flex-Mini on another LAN port and 1 x AP Unifi U6 Pro on another LAN port. Setup also include 1 x UCK G2 Plus connected in one port from UniFi USW-Lite-8-PoE.
Existing vlans: MGMT (with all router, switches, AP and cloud key MGMT IP addresses), admin vlan 10 with trusted devices, IoT vlan20 with IoT devices, DMZ vlan 40 with some servers, guest vlan ... all distributed among this unifi devices (wireless and wired).
Because of security reasons (IDS/IPS firewall etc) I want to migrate existing Tp-link ER605 -> to one OPNsense box. For this purpose I aquire one Hunsn RJ38 box with 16Gb ddr5 and 250 Gb NV2 storage.
So far so good - my fault was that I did not read enough before - in order to prepare for this migration.
In my mind I never though that my biggest problem would be the fact that: this minipc's are not switches !
So my initial ideea, to connect existing switches + AP to one of each 2.5Gb intel ports from Hunsn RJ38 box goes very wrong from the begining.
I found out that the ideea of trunking some vlans on each LAN interface from this box its not so easy because basicaly each of this physical interface its basicaly a layer 3 interface with his own IP subnet behind.
After reading more today I found out a posible solution with concept of LAN bridge but also this solution its not recomended (even by OPNsense - https://docs.opnsense.org/manual/how-tos/lan_bridge.html).
So please if you have any ideea - how can I replicate my existing setup in a way simmilar on this OPNsense box - please give me some ideeas.
Thanks