Does it not route? (can't acces webGUI via LAN)

[oliviermyre]

Hi everyone,
I'm pretty new to this stuff and no solid background in IT except experience and general geekiness, so please bear with me.

So here's the CONTEXT:
I want to reinforce my network security against mostly IoT and guests. My network serves my house (where the IoT is mostly) and my business (where I want to offer free and easy wifi access to guests). The core network where I have my computers, business related hardware such as my point of sale etc. will be its own vlan for the purpose. Knowing that OPNsense was the way to go, I bought myself a protectli device (will now refer to it as "the DEVICE"), reassigned wan/lan properly, set up some vlans, etc. following the homenetworkguy's instructions on youtube. My plan is to setup everything, then remove my old underpowered router and replace it with my new badboy.

Here's the PROBLEM:
I cannot access my device when not connected to another router.
While doing initial setup, I had connected the device from LAN port to a port on my small managed switch (which is not configured for vlans yet). I had assigned xxx.xxx.xxx.2 to the LAN port and could access it from my computer which is wired to the same switch (which itself is wired to my router). Now, whenever I unplug the device from switch, and plug my computer directly into the LAN port, I cannot access my device at all!

Is there anything I missed? Should the device be put in another "mode" when unplugging from the already routed switch, so it becomes a "router" itself? Does it not route? I'm pretty confused as to what I'm missing here.

BTW i already put all the FW rules that were mandatory as explained by the youtuber mentioned above for LAN.

Thanks for any help!

[Saarbremer]

Hi,

is the old router still in place when you're connected via the switch? That would still hand out IPs via DHCP while nobody does it on a direct link.

Or other issue: Is LAN already mapped to a VLAN or to the plain interface in OPNsense?

[rreboto]

While playing around with OPNsense on a spare machine recently, I connected its WAN port to my local network.  I noticed that:

- if you assign the WAN and DO NOT assign a LAN, you can access the webui from the WAN interface
- as soon as you assign the LAN interface, you can NO LONGER access the webui from the WAN

I'm not sure if this is what you are noticing or not, but I figured I would share that bit that I learned the hard way.

I would check that DHCP is enabled and configured for your LAN in OPNsense.  From there, plug your machine directly into the LAN port and confirm that you get an IP address from OPNsense.  At that point, you should be able to get to the webui on the gateway IP; likely http://x.x.x.1.

Hope this helps; good luck!

[oliviermyre]

is the old router still in place when you're connected via the switch? That would still hand out IPs via DHCP while nobody does it on a direct link.

and

I would check that DHCP is enabled and configured for your LAN in OPNsense.  From there, plug your machine directly into the LAN port and confirm that you get an IP address from OPNsense.  At that point, you should be able to get to the webui on the gateway IP; likely http://x.x.x.1.

No, basically I unplug the device from the network, unplug my "main" computer (which is configured to receive an IP via DHCP without arguing), and plug only the computer to the LAN port of device. On my computer, it receives an IP, then I can see the device's IP as the gateway, but I cannot access it via web browser, I cant ping it either from console. It says something like network is down.

Or other issue: Is LAN already mapped to a VLAN or to the plain interface in OPNsense?

Plain interface, I have 4 ports, the other two ports are a LAGG where all the vlans reside.

**EDIT**: I finally went the painful route to re-do everything again, I'm not even sure what I did wrong, I sure did something to lock myself out... Now everything works out fine. Note to myself: Make more backups, especially when I feel confident.