Messages

1

24.1 Legacy Series / Re: No Internet Access - OPNsense on VMware

« on: May 22, 2024, 08:07:34 pm »

OPNsense works perfectly with VMware, KVM, Proxmox or whatever HyperVisor you have. But when using virtualization you need to configure the virtual networks / underlay (bridges. sdn etc.) correctly. Roughly 99% of "OPNsense Problems" with virtualization posted here are about wrongly configured virtual networks, so focus on this part, OPNsense will work out of the box...

Makes sense. I'm pretty new to this.
Thank you for your support.

Can you kindly share any guides I could use for VMware setup to be ready for OPNsense?

2

24.1 Legacy Series / Re: No Internet Access - OPNsense on VMware

« on: May 22, 2024, 02:02:35 pm »

Thank you for your time 

So you have a device with 10.29.251.10 connected to OPNsense, what about that device itself, can it ping 8.8.8.8 through OPNsense ?

No, the device on 10.29.251.10 cannot ping/reach 8.8.8.8

If you try to ping _from_ OPNsense _to_ 8.8.8.8 with a source address set, you need to set the address to an OPNsense assigned interface address (something like 10.29.251.1 or 10.29.251.254, depending on your config). You can't ping "on behalf of" some other device no mather if it's connected or not.

OPNsense LAN port is assigned 10.29.251.203
You're saying I can only ping from 10.29.251.203 as a source address, and not any IP in the range of that OPNsense DHCP server?

I appreciate the information. I have an L3 switch which I use to ping using any source that is directly connected to it. I expected OPNsense to be the same; that's on me.

10.29.251.10 isnt bound to any interface on opnsense, thus why would that work.
assuming 10.29.251.1 is bound to the LAN interface you can use that

10.29.251.10 is a device on the LAN of OPNsense (OPNsense is the DHCP server providing this IP address)
I could try to ping 8.8.8.8 with the source being the LAN bound address (In this case, it is 10.29.251.203)


Update:
I reached a level where I assumed the problem lies in VMware.
I changed the interfaces to passthrough directly to OPNsense.
I faced a another issue with VMware not allowing this to occur, and bypassed that by disabling ACS checks.
I continued to face the same issues with OPNsense, more or less, with no internet reaching LAN.

Finally, I replaced the entire hardware with an old i5 desktop, moved the 10g ethernet boards there, and installed OPNsense on baremetal, and it just worked out of the box. (I'm actually replying using this connection)
Unfortunately, I can't have 4 WANs + 1 LAN on this device, for my load balancing schemes...

I'm still not sure where the problem was, but it seems to me that OPNsense and VMware are not as compatible out of the box. (I tried pfSense as well, which gave me pretty much the same results on VMware)
If you guys, or anyone, can suggest other ideas, I would very much appreciate it. 

3

24.1 Legacy Series / No Internet Access - OPNsense on VMware

« on: May 21, 2024, 07:22:41 pm »

TL;DR
Problem: Device(s) on LAN have no access to Internet

• OPNsense 24.1.7_4 installed on VMware ESXi 7.0.3
• 2 ethernet ports confirgured, for LAN & WAN
• Topology: Router (DHCP) > OPNsense (DHCP Server, 10.29.251.0/24) > One Single User Device (Currently)
• OPNsense can ping 8.8.8.8
• OPNsense can ping user device on 10.29.251.10
• OPNsense CANNOT ping 8.8.8.8 with source set to 10.29.251.10

I tried default settings, reset to factory settings and just used those, tried playing with the gateway, interfaces (Including unblocking private networks), firewall rules, and endless online videos, reinstalled OPNsense, installed os-vmware plugin, increased virtual machine resources...
Only thing I have not done is install OPNsense on baremetal.

Virtual Machine Specs:
CPU: 4 Cores, 2.70 Ghz (XEON Processor)
RAM: 8GB RAM
Storage: 120 GB
Network Adapter: 2 Adapters, set to VMXnet3

Also tried increasing resources to 8 cores, 12 GB RAM, as well as changing VMXnet3 to e1000.

Everything tells me "It should just work", but it's not, and I can't figure out why.
I honestly don't understand the concept of gateway or firewall rules very well, and keep blaming them.
Any help would be greatly appreciated.

P.S.
My end goal is to connect 4 different WAN Routers, setup Load Balancing on OPNsense, and connect to my switch, serving my entire establishment.