Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense setup questions
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense setup questions (Read 389 times)
guest47207
Guest
OPNsense setup questions
«
on:
August 07, 2024, 10:01:08 pm »
I’m looking to set up an OPNsense firewall between my current router and modem. Please refer to the attached mockup for a visual.
Current topology:
Cable modem connected via LAG (LACP 2x 1 GbE) to a router. A discrete Raspberry Pi running Pi-Hole with Unbound acts as my DNS.
Desired topology:
OPNsense running in a mini PC-based Proxmox host dropped right in between the current modem and the router. LAG (LACP) connections to both the modem (WAN) and the router (LAN) for the sake of reliability and throughput.
The router will still retain LAN DHCP capabilities.
Ultimately, if it makes sense to do so, I’d like to ditch the Pi and run a Pi-Hole VM in ProxMox alongside OPNsense. But that's maybe for another day.
Problem:
I’ve watched and read about a dozen OPNsense setup tutorials, but I’ve hit a wall conceptually and therefore in implementation. Although I’m not new to home networking, this is at the limits of my current knowledge.
Sticking points:
If I position the Proxmox/OPNsense firewall between my modem and my router, how do I maintain LAN access to both the Proxmox VE GUI (192.168.1.x) and the OPNsense firewall GUI (192.168.1.y)? NB: My mini PC has 6x 2.5 GbE ports, so I have plenty of physical ports to assign to LAN connections.
Does OPNsense need to have DHCP enabled to assign the router an IP, or can it invisibly bridge the connection between the modem and the router?
How do I access the modem’s GUI (192.168.100.1) once the Proxmox/OPNsense comes between the modem and the router?
Will I still be able to use the Pi-Hole as my DNS, or is that redundant when using OPNsense?
Once OPNsense is in front of the router, will I still be able to use my router’s built-in OpenVPN/Wireguard VPN functionality for remote LAN access?
Thanks in advance for any pointers, answers and advice.
Logged
meyergru
Hero Member
Posts: 1701
Karma: 167
IT Aficionado
Re: OPNsense setup questions
«
Reply #1 on:
August 07, 2024, 10:15:02 pm »
First question: Why?
What you need for internet access is a media converter (in this case a cable modem) and a router, which usually also does DHCP and DNS. If you replace your router with OpnSense, the router essentially gets useless, modulo the WLAN access point functionality.
Even less than useless, probably, because many integrated routers that also have WLAN cannot be switched to act as an AP only. They still want to do routing, DHCP and so on which will complicate things to a point where you will wish to have bought a dedicated AP in the first place.
With only the OpnSense as a central instance for controlling your network, the answers to your questions are much simpler, e.g. how to access your Proxmox VE or your modem GUI from your devices, because you do not need intermediate routed networks.
Also: Why LAGG?
a. LAGG does not double your speed for any one specific 1:1 connection, it only can double the throughput if many parties are involved. It
can
act as a failover, again: by adding complexity. In a home setup, you most probably will not have to worry about broken cables...
b. Even if you have the need for more speed - is your internet speed above 1 GBps? Even if it is, I would rather use 2.5 GBps ports instead (many OpnSense boxes and switches have that these days, including PCs).
«
Last Edit: August 07, 2024, 10:18:04 pm by meyergru
»
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense setup questions