"Recent posts
#21
German - Deutsch / Re: Probleme mit PPPoE Verbind...
Last post by chemlud - Today at 12:59:25 PM...steht doch alles haarklein auf der FW-Seite von Draytek, hängt immer davon ab, WAS da auf der anderen Seite das PPPoE in die Leitung tutet...
Kann man aber auch vorher beim Provider erfahren und dann gleich die richtige FW aufspielen. Ist nicht sooooo schwer.
Kann man aber auch vorher beim Provider erfahren und dann gleich die richtige FW aufspielen. Ist nicht sooooo schwer.
#22
25.7, 25.10 Series / Re: FRR loads with wrong metri...
Last post by alfrisch - Today at 12:58:21 PMI agree, thanks a lot!
#23
General Discussion / Question about setting up OPNs...
Last post by diyordie - Today at 12:32:09 PMHello opnsense users,
I'm quite new in the topic networking and I want to get into self hosting so I red up a few articles about it. As I want to expose open ports to the internet (primary static website, mail-server, and VPN to access my network from outside) as well as securing the rest of the network when practicing pen testing with vulnhubs for example, I decided to buy a NUC for a dedicated firewall and after hearing about the pfsense drama I decided to go for opnsense.
The issue is I'm living in a houseshare with 4 other people and we share the same internet so basically I don't want a huge downtime while setting up the needed hardware and I want to provide them easy wifi access (at the moment guest wifi for their devices) so I am considering taking the double NAT route.
Considering the trouble with can come up I have a few questions, for a visual current network mapping please see the image provided below.
At the moment the network behaves like this:
(192.168.2.x)
ISP -> ComboRouter (from ISP with DHCP) -> Guest Wifi (for their devices and smartphones)
/ \
UnmanagedSwitch My laptop
/ | \
MyPC 2+Ports git/backupserver (with wake on lan)
My primary idea is to place the NUC in between the combo router and my switch and enable port forwarding for the services mentioned above, rest of the stack (i.E. git server/cloud whatever) I want to access after logging into the VPN (if this is achievable with this setup).
So the questions are:
If you want I can provide more info about the ISP or NIC I am considering to buy (I'm not sure if this is flagged as advertisement and breaks the rules).
I'm happy to hear your considerations about this and hope I find a suiting solution with you as I didn't find much of information about double NAT and VPN access.
I say thank you in advance and happy coding!
p.s.
If formatting of the thread is wrong please let me know I'm not really used to post on forums ^^
I'm quite new in the topic networking and I want to get into self hosting so I red up a few articles about it. As I want to expose open ports to the internet (primary static website, mail-server, and VPN to access my network from outside) as well as securing the rest of the network when practicing pen testing with vulnhubs for example, I decided to buy a NUC for a dedicated firewall and after hearing about the pfsense drama I decided to go for opnsense.
The issue is I'm living in a houseshare with 4 other people and we share the same internet so basically I don't want a huge downtime while setting up the needed hardware and I want to provide them easy wifi access (at the moment guest wifi for their devices) so I am considering taking the double NAT route.
Considering the trouble with can come up I have a few questions, for a visual current network mapping please see the image provided below.
At the moment the network behaves like this:
(192.168.2.x)
ISP -> ComboRouter (from ISP with DHCP) -> Guest Wifi (for their devices and smartphones)
/ \
UnmanagedSwitch My laptop
/ | \
MyPC 2+Ports git/backupserver (with wake on lan)
My primary idea is to place the NUC in between the combo router and my switch and enable port forwarding for the services mentioned above, rest of the stack (i.E. git server/cloud whatever) I want to access after logging into the VPN (if this is achievable with this setup).
So the questions are:
- Will I be able to set up a VPN gate with double NAT? I am considering buying a domain but I am also open to the Cloudflare tunnel option.
- Am I okay with double NAT if I map the subnet from opnsense / behind opnsense with 192.168.0( or 1).X
- As i don't want to spend money for another WAP for my laptop connection I would login from the guest wifi into the VPN to access the rest of the network. (rsync/cloud, remote development grabbing compiled packages etc.) or is there any other way around.
- Are there any other "noob traps" to watch out for installing this setup?
If you want I can provide more info about the ISP or NIC I am considering to buy (I'm not sure if this is flagged as advertisement and breaks the rules).
I'm happy to hear your considerations about this and hope I find a suiting solution with you as I didn't find much of information about double NAT and VPN access.
I say thank you in advance and happy coding!
p.s.
If formatting of the thread is wrong please let me know I'm not really used to post on forums ^^
#24
German - Deutsch / Re: Probleme mit PPPoE Verbind...
Last post by s.meier68 - Today at 12:31:20 PMQuote from: Patrick M. Hausen on Today at 12:24:59 PMQuote from: s.meier68 on Today at 12:13:21 PMEgal mit welchem Modem (so lange die entsprechende DSL Technik unterstützt wird) und auch egal mit welcher Firmware ....
Da hab ich z.B. mit dem Vigor 167 andere Erfahrungen. Neu geliefert, keine Verbindung. Aktuelle Firmware rein ohne irgendeine Änderung der Konfiguration - läuft.
Spannend! Ich habe mit dem 165 andere Erfahrungen gemacht. Die Konfiguration war in den alten Firmwareversionen für den Arsch,gerade der Bridgemodus. Aber es ging
#25
Hardware and Performance / Re: Starting homelab network -...
Last post by Patrick M. Hausen - Today at 12:30:47 PMMikrotik CSR326 is a heck of a capable switch for 200 €/$. I run it with Router OS. Good thing is you are free to choose. It does not support PoE, though.
Keep in mind that active PoE in a switch means
- way more expensive than without
- most units are deep 19" devices
- passive cooling is very rare
Depending on how "home" your home lab is going to be (do you have an extra room for a rack?) a switch like the mentioned CSR326, available in either rack or desktop format and passive cooling might be preferable to a loud rack mount only unit intended for data centres.
P.S. The CSR326 does not support 2.5 G Ethernet.
Keep in mind that active PoE in a switch means
- way more expensive than without
- most units are deep 19" devices
- passive cooling is very rare
Depending on how "home" your home lab is going to be (do you have an extra room for a rack?) a switch like the mentioned CSR326, available in either rack or desktop format and passive cooling might be preferable to a loud rack mount only unit intended for data centres.
P.S. The CSR326 does not support 2.5 G Ethernet.
#26
German - Deutsch / Re: Probleme mit PPPoE Verbind...
Last post by Patrick M. Hausen - Today at 12:24:59 PMQuote from: s.meier68 on Today at 12:13:21 PMEgal mit welchem Modem (so lange die entsprechende DSL Technik unterstützt wird) und auch egal mit welcher Firmware ....
Da hab ich z.B. mit dem Vigor 167 andere Erfahrungen. Neu geliefert, keine Verbindung. Aktuelle Firmware rein ohne irgendeine Änderung der Konfiguration - läuft.
#27
German - Deutsch / Re: Probleme mit PPPoE Verbind...
Last post by s.meier68 - Today at 12:21:55 PMKann gelöscht werden
#28
Hardware and Performance / Re: Starting homelab network -...
Last post by bimbar - Today at 12:20:05 PMI would suggest some cheap N100 box with 2 network ports.
For switches, TP-Link or Mikrotik (but with swos).
For switches, TP-Link or Mikrotik (but with swos).
#29
German - Deutsch / Re: Probleme mit PPPoE Verbind...
Last post by s.meier68 - Today at 12:13:21 PMQuote from: cunfused_kiwi on Today at 10:31:48 AMIch habe mein Modem selber gekauft, es sollte die normale Firmware haben. Ich probiere VLAN 7 mal aus und sage dann hier bescheid.
Bitte, wenn es nicht funktioniert mit genauer Bezeichnung des Modems und der genauen Konfig der Opnsense...
Eigentlich geht es mit den beiden Seiten opnsense pppoe isp Settings und der von Dir verlinkten Telekom Hilfeseite zu PPPoE promblemlos. Egal mit welchem Modem (so lange die entsprechende DSL Technik unterstützt wird) und auch egal mit welcher Firmware ....
Ps: der wan Port? Wenn die Opnsense richtig konfiguriert ist, läuft die Verbindung über den PPPoE Port, der als übergeordneten Port entweder direkt den WAN Port oder das Vlan Interface verwendet. Der wan Port ansich ist egal... ich würde dir empfehlen, die Zuordnung des wan Ports zu löschen und dann Vlan und PPPoE Interface zu erstellen. Den Port brauchst Du ausschließlich wenn Du auf das Webinterface des Modems möchtest
#30
General Discussion / FRR monitoring
Last post by pcaetano - Today at 11:41:18 AMHi all,
I'm testing opnsense to set up a ipsec vti tunnel + bgp peering to a cloud provider and the solution works cleanly, but I'd like to set up route monitoring to verify tunnel status and what prefixes are being announced vs prefixes being filtered.
How are you monitoring FRR advertised/received prefixes on your OPNsense firewalls?
It looks like net-snmp plugin does not populate the relevant OIDs to export the prefixes.
I'm currently fetching that information via API calls, but it seems a bit cumbersome.
Thanks in advance,
Pedro
I'm testing opnsense to set up a ipsec vti tunnel + bgp peering to a cloud provider and the solution works cleanly, but I'd like to set up route monitoring to verify tunnel status and what prefixes are being announced vs prefixes being filtered.
How are you monitoring FRR advertised/received prefixes on your OPNsense firewalls?
It looks like net-snmp plugin does not populate the relevant OIDs to export the prefixes.
I'm currently fetching that information via API calls, but it seems a bit cumbersome.
Thanks in advance,
Pedro
