Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
A one-legged OPNsense dilemma...
« previous
next »
Print
Pages: [
1
]
Author
Topic: A one-legged OPNsense dilemma... (Read 2101 times)
benyamin
Full Member
Posts: 224
Karma: 13
A one-legged OPNsense dilemma...
«
on:
November 07, 2021, 01:50:25 pm »
Was wondering if anyone had setup OPNsense with a single leg on LAN only. If so, any gotchas...?
I was thinking it might become necessary to spin up FreeRADIUS as a temporary PoC to get some answers for this
topic
.
Just wanted to know if it was possible...
TIA,
Ben
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: A one-legged OPNsense dilemma...
«
Reply #1 on:
November 07, 2021, 02:40:05 pm »
Perfectly possible. What is the supposed dilemma here? I am running that as a VPN server.
Bootstrap a fresh installation
Remove the WAN interface keeping the "allow all" rule on LAN
Disable the "anti lockout" NAT rule - Firewall > Settings > Advanced
Add the default gateway unless you set the LAN interface to DHCP
Probably disable Unbound and set the nameserver in System > Settings > General
Probably disable the DHCP server on LAN
Optionally disable the firewall entirely in Firewall > Settings > Advanced
Now you have an open host with a single connection.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
benyamin
Full Member
Posts: 224
Karma: 13
Re: A one-legged OPNsense dilemma...
«
Reply #2 on:
November 07, 2021, 02:45:56 pm »
Thank you @pmhausen. That's a very helpful list.
The only dilemma is whether I should spend my time on it...
Some questions are better left unanswered - or answered by others...
Logged
bimbar
Sr. Member
Posts: 435
Karma: 25
Re: A one-legged OPNsense dilemma...
«
Reply #3 on:
November 07, 2021, 09:07:26 pm »
I have a dev opnsense running with one leg. Not a problem.
Possibly also useful as mail gateway or reverse proxy or VPN concentrator or any number of things.
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: A one-legged OPNsense dilemma...
«
Reply #4 on:
November 08, 2021, 08:50:56 am »
Typically that is a WAN-only setup since that automatically uses DHCP to get an address and sets anti-lockout rules correctly.
It's a neat type of setup for special services to provide (mostly via VM using a plugin or some core feature) and you have a firewall for the service as well...
Cheers,
Franco
«
Last Edit: November 08, 2021, 08:54:51 am by franco
»
Logged
benyamin
Full Member
Posts: 224
Karma: 13
Re: A one-legged OPNsense dilemma...
«
Reply #5 on:
November 08, 2021, 10:04:52 am »
Quote from: franco on November 08, 2021, 08:50:56 am
Typically that is a WAN-only setup...
Good points, Franco. Thanks for that.
So pmhausen's list becomes:
Bootstrap a fresh installation
Add the default gateway unless your WAN interface gets one via DHCP (default)
Disable Unbound and set the nameserver in System > Settings > General OR accept DHCP nameservers
Optionally disable the firewall entirely in Firewall > Settings > Advanced
Anything else to add...? Did I drop too much / too little...?
Thank you all.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
A one-legged OPNsense dilemma...
