Topics

Hi there

I need to setup an additional site and I have the following requirements:

• The IP address range will be routed through a static IP address that will be assigned to the router with MAC reservation.
• Behind this static IP address, the subnet for the IP range is implemented by the customer (5 public IP addresses are available in this subnet).

I get a static range /29, (i.e. 55.66.77.88) whereas:

• .88 => the first address will be the network address
• .89 => the second address is the local gateway
• .90-94 => the 3rd to 7th address can be used as desired
• .95 => the last address is for broadcast

How do I need to setup opnSense to use this subnet with a private LAN subnet and NAT routing?
I guess the WAN is simply DHCP.
Do I need to add Virtual IPs fot the static subnet?

Thanks for your hints!

Hi there,

I'm looking for information on how to define vendor class settings to be set for DHCP server on LAN.

It looks like it is not possible using the web Interface.
Any manual modifications to dhcpd.conf seeem to be overwritten automatically...

Maybe adding the possibility in the web interface to define an include file for dhcpd.conf?

Code Select Expand

include "/mypath/myfile.conf";

Hallo zusammen

Ich möchte irgendwo im Filesystem meiner opnSense ein PHP Skript für Cron speichern, das bei einem künftigen Upgrade nicht gelöscht/überschrieben wird.
Ist das möglich? Falls ja, wo im Filesystem/Pfad?

Vielen Dank für die Antworten!

Hi there

Where in my local path can I store custom files (php) on a full OPNsense install and keep them safe even after an upgrade of the system?

Thanks for clarification.

Hi there

I have worked on the Cloudflare plugin:
Now it supports setting of TTL (seems to be broken in current plugin, since Cloudflare has set this to mandatory, see issue #1668) and it supports the use of an API token.

I don't have a GitHub account. Maybe someone can check my work and merge it?

See attached file

Thanks!

Hallo zusammen

Keine Ahnung, ob ich das hier posten darf. Leider gibt es keine geeignete Kategorie.

Ich habe 3x Watchguard XTM5 Firewalls mit opnSense zu verkaufen.

• 19" Rackeinbau
• 8GB RAM
• Intel Xeon CPU L5420 @ 2.50GHz (4 cores)
• 8GB SSD
• 6x Gigabit LAN

Versand in EU oder CH.

Bitte bei Interesse PN mit Preisvorschlag.

Hi there

This is not directly related to opnSense.
I'm stuck on setting up VLAN's on my switches to support a separate guest VLAN for my Unifi access points.
I have my internal Network to not use a VLAN, and my guest network will use VLAN 100 on the unifi AP's. (The AP's will add the VLAN tag!)

Code Select Expand



                         (eth1, no VLAN)
     (eth0) |¯¯¯¯¯¯¯¯¯¯|-------------------|¯¯¯¯¯¯¯¯|        |¯¯¯¯¯¯¯|        |¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯|
WAN --------| OPNSENSE |                   | D-Link |--------| CISCO |--------| some devices (PC's) |
            |__________|-------------------|________|        |_______|        |_____________________|
                         (eth2, no VLAN)       |                |
                                               |                |
                                        |¯¯¯¯¯¯¯¯¯¯¯¯|    |¯¯¯¯¯¯¯¯¯¯¯¯|
                                        | unifi AP 1 |    | unifi AP 2 |
                                        |____________|    |____________|



I want to use two ports of my opnSense firewall for this: eth1 should be default internal network, eth2 should be separated guest network.
opnSense must not set VLAN tags. The switches must do that!
Both networks feed into my first switch, a D-Link DGS-3100, which is capable of VLAN and VLAN trunking. Port 5 goes into eth1, Port 6 into eth2.
This switch is uplinked with port 1 to my Cisco SG300 switch, which is also capable of VLAN and VLAN trunking.

How do i set up tagging, untagging and trunking on the ports?

Currently I have this: (check attaced screenshots)
D-Link:


Cisco:


Part of the D-Link config file:

Code Select Expand

! VLAN

config vlan default delete 1:6
create vlan WIFI_Guest tag 100
config vlan WIFI_Guest add untagged 1:6
config gvrp 1:6 pvid 100
enable vlan_trunk
config vlan_trunk ports 1:1 state enable

Part of the CISCO config file:

Code Select Expand


vlan database
vlan 100
exit
!
interface vlan 100
name WIFI_Guest
!
interface gigabitethernet1
switchport trunk allowed vlan add 100
!
interface gigabitethernet2
switchport trunk allowed vlan add 100
!
interface gigabitethernet3
switchport trunk allowed vlan add 100
!
interface gigabitethernet4
switchport trunk allowed vlan add 100
!
interface gigabitethernet5
switchport trunk allowed vlan add 100
!
interface gigabitethernet6
switchport trunk allowed vlan add 100
!
interface gigabitethernet7
switchport trunk allowed vlan add 100
!
interface gigabitethernet8
switchport trunk allowed vlan add 100
!
interface gigabitethernet9
switchport trunk allowed vlan add 100
!
interface gigabitethernet10
switchport trunk allowed vlan add 100
!
exit

Hi there

as there is a PPPoE problem in FreeBSD and it doesn't look like it will be solved in a reasonable timeframe I'm thinking of putting a router/bridge in front of my setup like this:

Code Select Expand


      WAN / Internet
            :
            : FTTH provider
            :
      .----+------------.
      |  PPPoE Router  |  (or Bridge, whatever)
      '-----+-----------'
            |
          WAN
            |
      .-----+------.
      |  OPNsense |
      '-----+------'
            |
          LAN


Internet is provided with PPPoE and VLAN ID.
I have fixed IP's I want to use with opnSense.

Is there any cheap router/Bridge/whatever available to just do this:
"transform" the ISP's signal to use with a regular WAN port of my opnSense router?
If necessary I can also put a fiber converter in front, too.
It may even use one of my public IP's.

Thank you for all hints!