Messages

1

23.1 Production Series / Can I use one less managed switch with opnsense

« on: March 02, 2023, 08:46:38 pm »

I have opnsense router running two wan failover with one lan.  The hardware have 4 nics, while I use only three.
My isp is hkt and hkbn.  HKT is also providing iptv service to me.  For the moment, I connect two cables, one to the wan1 of the opnsense and the other to a netgear managed switch.
Apart from the cable for iptv, there are one cable from lan port of opnsense, one cable that connects to the wireless ap, one that connects to a raspberry pi running pi-hole, and the last one that connects to a second managed switch which is in a room 10 meters away. 

I set up managed switches so that I can surf the internet, and watch iptv, all with the one cable between the two managed switches.

Please see the attachment for a current set up diagram.

I am looking for a way to use only one m-switch, by setting up opnsense's iptv passthrough functions, if it exists.


Please advise if this is doable and how to do it.
Thanks.

2

General Discussion / Is it a good idea to schedule the opnsense firewall to shutdown for x hours

« on: January 29, 2023, 05:30:16 pm »

My hardware is a cheap N5105 celeron, 8gb ram, 128gb ssd, which I bought at aliexpress for usd 158.
I set up opnsense on it and am wondering if it is a good idea to schedule periodic shutdown from 2:00am to 6:00am to let the sdd rest?  I may set up a crom job to shutdown the firewall, and a power socket with timer function to restart it.


The question is is it need the efforts?  Does it benefit the ssd by letting it stay idle for 4 hours?

Thanks.

3

Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script

« on: January 26, 2023, 01:26:24 am »

I wonder if this script will work if i have an existing wireguard server set up in my opnsense?
Also, does it work in a dual wan environment?

Thank you.

4

Virtual private networks / [solved] wireguard remote access for dual wan setup

« on: January 25, 2023, 09:16:04 am »

I finally got wireguard working on my opnsense with dual wan after a lot of trial and error and I thought I would share my setup here for others who encounter issues with wireguard on a dual wan opnsense.  I would also like to ask if port forward is needed for your configuration as it is needed for me.

I have dual ftth connections both with dhcp public ip at home.  I would like to access the gui of opnsense firewall with wireguard when I am outside of my home.  I set up two gateway groups named failover 1 and failover 2 with one of the ftth served as a backup for the other.  I have one LAN interface 192.168.86.0/24 with dhcp server enabled.  The wireguard server is set up with internal ip 10.10.10.0/24.  I created an interface for wireguard named mywireguard.  Wan2 is my active (default) gateway as shown in the system->gateways->single.

Here is the server and client setup for my opnserver:

[server]
local tab:
listen port 51820
tunnel address 10.10.10.0/24
peers: myiphone, mymacbook, mypc

endpoints:
myiphone:
allowed ips 10.10.10.3/32
mymacbook:
allowed ips: 10.10.10.2/32
mypc:
allowed ips: 10.10.10.4/32

[client]  I take my iphone as an example
[Interface]
PrivateKey = x
ListenPort = 51820
Address = 10.10.10.3/32
DNS = 1.1.1.1

[Peer]
PublicKey = x
AllowedIPs = 192.168.86.0/24, 10.10.10.1/32
Endpoint = mywan2_ip:51820



[port forward rule]
interface : wan2
tcp/ip version : ip4
protocol : udp
destination : wan2 address
destination port range : 51820 to 51820
redirect target ip : 192.168.86.0
redirect traget port : 51820



[nat outbound rule]
interface : wan2
tcp/ip version: ip4
protocol : udp
source address:  mywireguard net
source port : any
destination address : wan2 address
destination port : any
translation target : interface address

[firewall rule wan2]
automatically created when I created port forward rule

[firewall rule mywireguard]
action : pass
quick : checked
interface : mywireguard
direction : in
tcp/ip version : ip4
protocol : any
source: mywireguard net
destination : any
destinatiny port range: any to any


Please note that the endpoint that I set up in my client app on my iphone is my wan2 ip.  This is because wan2 is my default gateway for some reason and I read somewhere that wireguard only work with the default gateway in a dual wan setup.  I see it in system->gateways->single as wan2 is marked with active.  I would appreciate if someone can tell me how it decides which gateway is active. 


Also, I needed to set up a port forward rule for wireguard to work.  This is not the case as I checked on the online documents on opnsense web site.  That article is titled set up wireguard road warrior.  Let me know if you have to set up a port forwarding rule for it to work.


Thanks.

5

22.7 Legacy Series / Re: [solved] dual wan and pi-hole on opnsense

« on: January 22, 2023, 03:48:56 am »

Never thought it was as easy as that!
Thanks.

6

22.7 Legacy Series / [solved] dual wan and pi-hole on opnsense

« on: January 21, 2023, 01:11:04 pm »

Hi, I am new to opnsense and software router as a whole.  I just received the intel celeron N5105 hardware with 4 network ports a few days ago with pfsense installed.  For some reason, pfsense wouldn't work well for my xbox series x giving me a double nat error.  I decided to switch to opnsense. 

Now, here is my setup:  N5105 cpu with 4 netowrk ports, dual ftth from different isps with the same speed, pi-hole with unbound on rasphberry pi, one lan with ip addresses 192.168.86.1/24 

I followed this and set up my opnsense with dual wan and set the dns servers to google and cloudflare respectively.  I didn't set the dns to my pi-hole becuase if I set it up in system->settings->general by filling up my pi-hole ip and specifying the gateways and saved it, it will give me an error saying "You can not assign a gateway to DNS server "192.168.86.150" which is on a directly connected network." 

My goal is to be able to set up pi-hole as dns server for the network for blocking youtube from my kids.  I don't mind if I cannot use unbound for dns resolver.  If I can, that is even better.  How can I set it up with the opnsense limiting me from setting up dns with an ip in the lan subnet.  Thanks.