16
General Discussion / Re: home network with two opnsense firewalls, and split- DNS
« on: February 06, 2020, 05:02:50 pm »
Hi,
my home network looks even more complicated, and your questions seem to be like someones who is not completely familiar with private ranges... (no harm meant, but I think, it still looks like a hobbyists exercise)
https://en.wikipedia.org/wiki/Private_network
don't use 192.0.x.x, just 192.168.x.x or see the link for 10.x.x.x etc.
So you could just have one interface configured as LAN with 10.1.1.1/24 and one as WAN initially.
Then after you can access the GUI over the LAN Interface, you add new interfaces Like MGT with 10.1.2.1/24, and so on.
Then you make sure to configure rules so that a PC behind MGT can reach the Opnsense GUI and if verified, you just change your ruleset so that LAN can't access the GUI any more.
You set up NAT rules to get into the internet.
I don't know why do you want to use VPN to communicate between your local subnets, but do yourself a favor, don't do it...
Try to read the Opnsense docs and https://homenetworkguy.com/how-to/configure-opnsense-firewall-rules/
I don't have the time to go into more detail, but I hope I could help a bit.
Petrus
my home network looks even more complicated, and your questions seem to be like someones who is not completely familiar with private ranges... (no harm meant, but I think, it still looks like a hobbyists exercise)
https://en.wikipedia.org/wiki/Private_network
don't use 192.0.x.x, just 192.168.x.x or see the link for 10.x.x.x etc.
So you could just have one interface configured as LAN with 10.1.1.1/24 and one as WAN initially.
Then after you can access the GUI over the LAN Interface, you add new interfaces Like MGT with 10.1.2.1/24, and so on.
Then you make sure to configure rules so that a PC behind MGT can reach the Opnsense GUI and if verified, you just change your ruleset so that LAN can't access the GUI any more.
You set up NAT rules to get into the internet.
I don't know why do you want to use VPN to communicate between your local subnets, but do yourself a favor, don't do it...
Try to read the Opnsense docs and https://homenetworkguy.com/how-to/configure-opnsense-firewall-rules/
I don't have the time to go into more detail, but I hope I could help a bit.
Petrus