"Recent posts
#21
General Discussion / Re: Need some guidance in how ...
Last post by neomorpheus - December 12, 2025, 09:41:50 PMQuote from: coffeecup25 on December 12, 2025, 09:13:50 PM4) Best wishes. You need to think this through again.
Wait, did I upset or disrespected or offended you somehow?
I'm only looking for a simple solution to an issue which would help me remove extra hardware from the network and perhaps learn how to secure my network a bit more.
#22
General Discussion / Re: Need some guidance in how ...
Last post by coffeecup25 - December 12, 2025, 09:13:50 PMQuote from: neomorpheus on December 12, 2025, 08:34:58 PMSomething just occurred to me, the applications that need to talk to these IoTs should be able to continue working via web access.
But to keep this simple, lets forget the VLAN and Iot, how about replacing the switch by using the ports that already exist in my Router?
As mentioned, I only really need 2 ports, the NAS and the AP, the rest can use my wifi network.
How do I set those two ports?
1) If the NAS is on a different subnet, then no other subnet can talk to it, defeating the purpose of a NAS
2) If the AP is on an isolated subnet, then LAN and NAS can not use it
3) If you do some workaround to fix that, you end up where you began
4) Best wishes. You need to think this through again.
5) I'm out of ideas. Perhaps someone else has a better idea outside my range of experience.
#23
Virtual private networks / Re: WireGuard Exporter Tool
Last post by JMini - December 12, 2025, 09:00:20 PMGotcha. Without understanding the presence of the keys, I thought the export was more important. I guess it isn't
Thanks for the information, guys
Thanks for the information, guys
#24
25.7, 25.10 Series / Re: Time based Shaper?
Last post by Seimus - December 12, 2025, 08:41:47 PMDo you see anything being classified under the Rules that should match/catch Wireguard networks? (check the rule counters)
This "WireguardGroup" this is a created interface for Wireguard or the default group?
Regards,
S.
This "WireguardGroup" this is a created interface for Wireguard or the default group?
Regards,
S.
#25
General Discussion / Re: Need some guidance in how ...
Last post by neomorpheus - December 12, 2025, 08:34:58 PMSomething just occurred to me, the applications that need to talk to these IoTs should be able to continue working via web access.
But to keep this simple, lets forget the VLAN and Iot, how about replacing the switch by using the ports that already exist in my Router?
As mentioned, I only really need 2 ports, the NAS and the AP, the rest can use my wifi network.
How do I set those two ports?
But to keep this simple, lets forget the VLAN and Iot, how about replacing the switch by using the ports that already exist in my Router?
As mentioned, I only really need 2 ports, the NAS and the AP, the rest can use my wifi network.
How do I set those two ports?
#26
25.7, 25.10 Series / Re: Help Troubleshooting OPNse...
Last post by LisaMT - December 12, 2025, 08:30:09 PMI switched my ISP router to transparent bridging mode. Then let opnsense do everything.
#27
25.7, 25.10 Series / Firewall Rule using ports fail...
Last post by LisaMT - December 12, 2025, 08:14:42 PMI have a early general firewall rule that allows LAN traffic to ports in an alias 'safe ports' (80 443)
The last firewall rule deny traffic to anywhere. "Block LAN Traffic"
Lan is subnet 192.168.10.0/24
In the logs I'm seeing the following getting blocked on the last rule like this:
LAN In 2025-12-12T12:00:39-07:00 TCP 192.168.10.63:40982 34.160.212.185:443 block Block LAN Traffic
The earlier rule should have passed this.
Not sure why?
The last firewall rule deny traffic to anywhere. "Block LAN Traffic"
Lan is subnet 192.168.10.0/24
In the logs I'm seeing the following getting blocked on the last rule like this:
LAN In 2025-12-12T12:00:39-07:00 TCP 192.168.10.63:40982 34.160.212.185:443 block Block LAN Traffic
The earlier rule should have passed this.
Not sure why?
#28
General Discussion / Re: Need some guidance in how ...
Last post by coffeecup25 - December 12, 2025, 08:00:41 PMQuote from: neomorpheus on December 12, 2025, 07:55:18 PMI believe that I can create multiple SSIDs on this AP.
What I really dont know how to do is attach the AP physically to my Qotom, configure it in a way that it handles both subnets and allow my mobile devices to those IoT for monitoring.
Access points are in the same broadcast zone. It won't work. Even some routers in router mode are iffy with 'guest networks'. I will wave my hand in the air and think good thoughts but that's the best anyone can do for you. There may be an access point somewhere that can automagically do a vlan on an access point, but I doubt it.
If the access point idea worked, then you would not need OPNsense to assist.
#29
General Discussion / Re: Need some guidance in how ...
Last post by neomorpheus - December 12, 2025, 07:55:18 PMI believe that I can create multiple SSIDs on this AP.
What I really dont know how to do is attach the AP physically to my Qotom, configure it in a way that it handles both subnets and allow my mobile devices to those IoT for monitoring.
What I really dont know how to do is attach the AP physically to my Qotom, configure it in a way that it handles both subnets and allow my mobile devices to those IoT for monitoring.
#30
General Discussion / Re: Need some guidance in how ...
Last post by coffeecup25 - December 12, 2025, 07:45:57 PMQuote from: neomorpheus on December 12, 2025, 07:34:38 PMThank you, that provides some guidance.
Remember that I only have one AP and both the IoT and regular devices are using it.
So sadly, I'm not sure how to proceed with your steps 2 and 3.
What you want to do is not possible with 1 access point if each subnet needs wireless. You need a different ssid for each network. This is true even if you want to use a switch controlled VLAN.
Routers are cheap. Tapo doorbells and whatnot do not need the latest and greatest. Best wishes.
