Topics

Greetings all! I hope everything in your world is good.

I am running 26.x on a "white box" Xeon-based system with 32GB of RAM. This device also has 2 SFP ports, and several copper ports available.

I am using the SPF ports for WAN coming in and uplink to a managed switch for my LAN. This is achieved by completely removing the BGW-320 box that AT&T provides from the equation, and running a script (via 8311 on Discord) that customizes an XGS-PON stick from fs.com to "emulate" the BGW-320.

AT&T (fiber) is providing the connectivity and I have signed up for a plan that is 2Gig up/down. I also pay an additional monthly fee for a 5-pack of static IPs that I have yet to leverage, but are looking to utilize ASAP. It is my understanding that AT&T delivers the initial IP address via DHCP, but then the static IPs I have assigned to me are available to allocate as I need to. I want to isolate a home lab, as well as some other services on different IPs apart from my "production" network.

That leads me to my need for specific advice on how to actually implement one or more of these static IPs. What are best practices in this scenario for both the logical and physical configuration? Can I even configure the available copper ports on the white box? If so, how do I literally do this within the current configuration?

- OR -

Should I bring the WAN connection on the SFP module into an entirely separate smart/dumb switch and manually assign the static IPs to each of the remaining SFP ports on this new switch I would add? I'd actually prefer to use a "dumb" switch for this so that it is essentially invulnerable to being compromised as it would be wide open to the internet.

Thanks, I am just having a difficult time conceptualizing the practical and theoretical application of this configuration modification, and I would really appreciate specific configuration steps to take within OPNSense to realize this future state of use.

Would anyone be willing to assist me with a "Road Warrior" VPN setup I am trying to use in WireGuard? I have tried to follow the guide found here:
https://homenetworkguy.com/how-to/configure-wireguard-opnsense/?utm_content=cmp-true

I have captured logs and screenshots, but in short, after making the connection to the VPN using my Android phone (and the official WireGuard client for it) I cannot ping any resources on the desired LAN I have made a VPN connection to.

I am just not sure what my next step(s) would be on how to further troubleshoot this. My OPNSense firewall is connected to the internet via a business class cable modem connection, and I have a public & static IP WAN address from my provider (68.188.xxx.xxx).

Thanks in advance, I am stumped right now and I am getting frustrated...

Greetings All!

I am in need of assistance in utilizing a /29 (5 usable) pack of static IPs from ATT on my OPNSense instance (running latest public version).

My hardware topology looks like this:

ATT Fiber into the building --> FS XGSPON Transceiver ---> Generic white-box Xeon with 2 SFP & 5 Copper) ---> 48 port switch

ix0 (WAN): SFP cage 1 contains the FS Transceiver
ix1 (LAN): SFP cage 2 contains the DAC connecting to the backplane of the 48 port switch.

Normally, this circuit would use the 320 Gateway provided by ATT. I have eliminated it completely for various reasons. Their fiber goes straight into my customized XGS-PON Transceiver, which then goes into my OPNSense firewall box.

The connection in this manner is up and running well. Very fast, very stable. With the symmetrical 2gig plan I have from ATT, I also purchased a 5-pack of public/static IPs. I want to use these IPs on other devices outside of the LAN behind the OPNSense instance in a sort of DMZ, if not completely separate configuration. Ideally, I would like to assign those statics to the 5 copper ports on the OPNSense box, but I am hearing that isn't really feasible, as that would effectively invoke bridge mode, which would bring alone some overhead and performance penalties I don't want, but this is a Xeon box with 16GB of RAM, so...

In any event, if for practical or performance purposes, using the copper ports isn't advised, exactly how would I go about making use of the static IPs?

The WAN IP is a "sticky" address delivered via DHCP.

I am gathering I would use virtual IPs assigned to the various other hardware devices I want to use the static addresses with, and then they would be connected to my 48 port switch? Not my preferred approach, but if there is no other way...

If someone could please give me a tutorial on how to do this with specific configuration examples for OPNSense, I would REALLY appreciate it.

Thanks in Advance!

Greetings All!

I have AT&T Residential Fiber and I purchased a pack of static IPs and have those addresses as given to me.

I have OPNSense running on a generic white-box Xeon system that has several copper ports and 2 10gig SFP+ ports. Right now I have the incoming fiber directly connected to the OPNSense firewall through a custom SFP module from FS that can act as XGS-PON, so I no longer need the AT&T 320 gateway and it is completely disconnected and out of the loop here.

My question is how I leverage the static IPs I want to use. I have to set the OPNSense to DHCP on the WAN side to get a connection, and the IP address assigned via DHCP is NOT in the block of static IPs that I have.

Do I just create additional interfaces on the copper ports and assign the static IPs to each of them? If that is the case, does anyone have details on how to achieve this? If there is a write-up or a tutorial somewhere that addresses this, please point me to it.

Thanks!

Greetings All!

I have an issue where 24.1 itself has internet access and can download updates, new repositiories, etc. However, clients connected to this instance on the LAN interface do not have internet access. I have double and triple checked the settings on the clients, and neither DHCP nor compatible manual settings for the LAN will restore internet access for the clients. This has me thinking I need to check Firewall Rules and/or NAT settings, but I am relatively new to OPNSense and I am not quite sure where to start in diagnosing this. It was a fresh install of 24.1 and I just used the wizard to try and get up and running quicky. What and where should I be looking? I would have thought by default all LAN clients would have internet access, and I certainly have not tinkered with any settings in that regard. Any/all assistance here would really be appreciated! THANKS IN ADVANCE!

Good Day All!

I am making the switch from pfSense to Opnsense, but I am off to a rocky start with 24.1

I have a business-class cable modem connection with static IPs assigned to me. It is a /29, so I have 5 usable IPs. I know the connection between my location and the ISP is good, as I have another router assigned to one of the other static addresses in my block and it is working perfectly, as was this white box hardware (SuperMicro Xeon) when it was running pfSense. This SuperMicro board has 6 copper ports (Intel) and 2 SFP slots (ix0 and ix1).

At this moment, I can successfully reach the web interface of OpnSense on the LAN interface (ix0 with a copper transceiver). So the LAN side is configured correctly and working, allowing me to make changes, etc. The OPNSense unit itself can reach the internet for updates, etc., so I am thinking this is a NAT/Rules issue. I used the Wizard to set it up, so I thought it would automatically create the necessary configuration, but apparently it does not?

However, the WAN side is a completely different story. I have tried assigning the desired static IP address (68.188.10.xx) to both ix1 and igb1, as well as providing the correct gateway (68.188.10.xx) and cannot get out to the internet. I have physical connectivity as I see activity lights and I made sure I didn't have a bad cable, etc. This leads me to believe I obviously am missing something with my configuration. I provided valid public DNS servers to the wizard during setup, so I am fairly confident I have all my values correct.

Therefore, I can only conclude I have some sort of NAT or rule configuration I am missing or overlooking. I have installed other instances of opnsense with dynamic connections on other circuits and it worked just fine with no additional config necessary, so I have a feeling I am missing an additional setup setting for this particular setup with a static IP.

Could someone please offer some assistance as to what I might be missing or need to look further into? I'm stumped right now. THANKS IN ADVANCE!