OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Shihatsu »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Shihatsu

Pages: [1]
1
German - Deutsch / Netzwerk neu aufsetzen - MultiWAN, Failover, VPN, Telefon, weiteres...
« on: May 08, 2022, 02:21:32 pm »
Moin!
Ich möchte mein Netzwerk neu aufbauen, was die Konnektivität nach außen angeht.
Im Moment habe ich VDSL von der Telekom an einer Fritzbox, an der Fritzbox hängen meine Telefone, hinter der Fritzbox hängt meine OPNSense. Nicht als exposed host oder PPOE passthrough, sie bietet nur einfach ein Netz an, das die OPNSense als WAN benutzt. WLAN, DHCP oder sonstiges von der Fritzbox wird nicht genutzt, nur WAN und Telefon.
Über die OPNSense mache ich DHCP und DNS, außerdem sind dort meine VLANs definiert. Dieses Setup läuft soweit.
Was ich auch schon hatte, aber im Moment nicht, aber da möchte ich wieder hin, sind 2 OPNSenses im CARP-Failover.
Was ich ebenfalls schon hatte, allerdings nicht funktionell zusammen mit CARP, war DUAL-WAN (DSL+LTE).
Bis hier hin soweit alles klar, aber jetzt kommen ein paar neue Anforderungen:
Ich möchte ein paar Mobilgeräte dauerhaft in meinem Netz haben, damit ich einerseits mit diesen Mobilgeräte Ressourcen in meinem Netz verwenden kann, und anderseits den Netzverkehr dieser Geräte kontrollieren kann (Adblock, Webfilter für Kinder, ...). Also erste neue Anforderung: VPN.
Außerdem würde ich gerne Failover UND Multiwan zusammen nutzen. Meine bisherigen Versuche in diese Richtung waren aber eher weniger geil. Also zweite neue Anforderung: Multiwan + CARP.
Und natürlich - das ist die dritte - aber nicht neue - Anforderung würde ich gerne meine Fritz-Telefone weiterhin nutzen.
Meine beiden OPNSenses laufen auf DELL 210ern, meine Fritzbox ist eine 7530, mein LTE-Zugang stellt ein Mikrotik wAP AC LTE 6 her und als Switch dahinter nutze ich einen Mikrotik CRS 328.
Wie würdet ihr meine Anforderungen umsetzen? Ich kann auch notfalls andere / neue Hardware anschaffen (z.B. ein anderes Modem oder so...), aber was nicht muss muss ja nicht...

2
21.7 Legacy Series / VLANs, HA/Carp, Unbound and now MultiWAN - the latter not working with VLANs
« on: December 08, 2021, 10:03:52 am »
So my Setup was basically this:
Fritzbox with DSL.
Two OPNsense connectect to the Fritzbox, both in CARP HA setup - working fine:
https://www.thomas-krenn.com/en/wiki/OPNsense_HA_Cluster_configuration
A Mikrotik Switch connected to the OPNsenses and everything else, including WiFi-AP.
The OPNsense had 12 networks with the repective interfaces: LAN, WAN, CARP, VLAN10,20,...90.
I have Unbound DNS running for my naming solution.
Until here everything is working fine.

Now I added a seceond WAN port on OPNsense 1, which stands for a second Gateway - MultiWAN setup to get additional Redundancy - have a mayor incidence with my DSL provider. I used the following guide mostly:
https://docs.opnsense.org/manual/how-tos/multiwan.html
It is working fine for my LAN, but all my VLANs are not working. I have done the following:
  • Add the second gateway and make it work - when I did this I did not check the VLAN functionality. I assume it is not working. But LAN is working fine, so the gateway is doing its job (It is a Fritzbox 6820LTE, but will be replaced soon). In the same step I added monitoring IPs (DNS of quad9) and unchecked "Disable Gateway Monitoring" and "Mark Gateway as Down".
  • Creating a gateway group, adding trigger, priority and tiers
  • Changing the "Default Access to all rule" of LAN and a first VLAN to Gateway group from *
  • I did not change DNS under System ‣ Settings ‣ General because I use Unbound (tried this ofc, does not fix my error)
  • I allready had a DNS allow rule, because I also have a "disallow external DNS" (to avoid devices use not Unbound)
So, after I ahve done all of this I can access the Internet and everything in Lan, but nothing in VLAN. What do I miss, where to look? I can ping the VLANs from the respective OPNsense (Interface Diagnosis). I cannot access the respective "other" Fritzbox, only the active one which is connected to my current Gateway.

3
21.7 Legacy Series / Howto use printer in one vlan from a different vlan
« on: November 22, 2021, 10:04:25 am »
Heya!
I have some issues with my VLAN-setup.
My Setup be the following:
2 Dell PowerEdge R210 with OPNsense 21.7.5-amd64 behind a Fritzbox, Failover with Carp, LAN, WAN, CARP, several VLANs
As Switch a Mikrotik CRS328 is used, as well as a TPlink EAP 660 HD WiFi Accesspoint
A Canon printer works for paperwork and is attached to the network via WiFi.
I have several VLANs, in which I segment groups of devices, for example mobile devices, devices of the kids and so on. Some of these VLANs are also available as different WLANs via the AP.
Until recently I did not yet move my printer into one of the VLANs, it was still in my LAN, and it was accessible from every VLAN that had access via Firewall rules to LAN. Now i moved my printer to a VLAN which has access to the internal VLANS and LAN, but not to the Internet. I cannot access the printer anymore in menas of "printing services", but I can access the web ui of the printer.
I googled a bit and found the MDNS repeater plugin, installed and configured it on both OPNsense instances for all respective networks (LAN and two VLANs, one with the printer in it, the other for mobile devices),  and added the needed firewall rules in the two VLANs (LAN has "access all" default rule:
Pass    IPv4 TCP/UDP    VLANx    5353    224.0.0.251/24
Pass    IPv6 TCP/UDP    VLANx    5353    ff02::fb/64
But I cannout find the printer in any printer dialog from any other network. What should I do for troubleshooting?

4
German - Deutsch / Moin, CARP und VLANS - wie umsetzen?
« on: June 09, 2021, 10:43:40 am »
Heya, ich betreibe 2 OPNsense Installationen und habe diese via CARP zum HA-Failover-Cluster verbunden, dabei folgte ich diesen Anleitungen:
https://www.thomas-krenn.com/de/wiki/OPNsense_HA_Cluster_einrichten
https://docs.opnsense.org/manual/how-tos/carp.html
Bevor ich HA umgesetzut habe, hatte ich schon eine einzelne OPNsense Installation inklusive VLANs - die VLANs würde ich gerne in meinen HA-Cluster integrieren. Leider finde ich dazu keinen vernünftigen Guide oder Beispiele. Kann hier jemand unterstützen?

5
21.1 Legacy Series / New to OPNSense - VLAN / Gateway / Network question
« on: May 25, 2021, 04:02:53 pm »
Heya, I am quite new to OPNSense. I will use the Firewall as router in my network. It will take the control, while I use a Mikrotik Switch as my backbone. For added security in my Homelab I intend to use VLANs, and currently I am doing the first steps.
Basic VLAN-Setup on the Mikrotik is done, and I have my VLANs added on the OPNSense. Here comes my problem: I have added the VLAN, assigned it to the LAN-port, set up the IP-range and acivated DHCP on the VLAN. I then tagged a port on the Mikrotik accordingly and connected a test client to this port. The client then performs a DHCP discovery succesfully and gets an IP within the correct range of the newly created VLAN. But here is the thing: The client cannot get any network connection. I f I ping the .1 address of the segment from the client I get timeouts, if I nmap the network it is only answered by the client itself. If I ping the same addresses from the default VLAN or the firewall itself I get positive responses. Whats the issue here?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2