OPNSense Transparent bridge PPPoE between ISP and router

Started by St0nE, October 12, 2024, 02:34:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 12, 2024, 02:34:40 PM
I'm trying to make an OPNsense connection diagram based on the attached image.
When creating a transparent bridge, there is a PPPoE connection to the ISP and
the Internet works on OPNsense, but I can't configure the section between Opnsense and the router.
The goal is to filter traffic between ISP and router.
Please tell me what settings need to be made between OPNsense and router.
What settings do I need to make in the firewall rules on OPNsense Transparent Bridge and router?
And is this scheme working?
Thank you for your answers.
October 12, 2024, 02:49:08 PM #1
It's not clear (to me) what you're trying to accomplish. What is the purpose of the router?
October 12, 2024, 02:57:05 PM #2
Basically, router authorizes Active Directory users and regulates internet access based on user name, not IP.  Unfortunately, OPNsense does not know how to do this yet.
October 12, 2024, 03:06:12 PM #3
And I want to install OPNsense to filter IDS/IPS traffic to router, since router does not know how to do this.
October 12, 2024, 03:13:32 PM #4
OK, so.... if OPNsense is doing PPPoE, it has to be acting as a router, not a transparent bridge. If PPPoE is on the router behind OPNsense, OPNsense could be a bridge, but it wouldn't "see" the traffic that you want to inspect/filter - it would only see PPPoE encapsulated traffic.

If you want to use OPNsense as a transparent bridge, I think it would have to be on the LAN side of the router, and the router would do PPPoE.

Alternatively you could do the double-NAT thing........
October 12, 2024, 04:50:37 PM #5
Thanks for the answer! It's just that the Transparent bridge setup has a choice of IP, DHCP and PPPoE, so I thought it was possible to implement a similar scheme.
Apparently it really won't work. Thanks again for the reply.
October 12, 2024, 08:06:47 PM #6
I just setup a transparent filtering bridge.
It's my introduction to OPNsense so beware...

I didn't even give an IP configuration to my bridge.
As I understand it, it just shoves packets received on one side to the other, apart from the ones that it filters.
A nice consequence of all this is that adding/removing it is just about moving couple cables around.

Anyway, even in the absence of PPPoE, inserting the bridge on the WAN side of your router also means it only sees NAT traffic. It makes it painful (at best) to find where the traffic is coming from on your LAN.

Personally, per various guides, I inserted mine between my router and my main switch.
All internet traffic goes through, as does inter-VLAN, and a few other things handled by the router (e.g. DHCP).
I ended up moving my inter-VLAN controls to OPNsense, mostly because my router's rule enforcement subsystem provides no logging whatsoever.

HTH
Print
Go Up Pages1
User actions