How do I - - -

[ajoeiam]

Greetings

Looking at setting up my system at 172.16.50.62 .

So how do I access the system after I give it this address where my present network is on 192.168.1.1 ?

(Hopefully that's not a bog dumb question!!)

[bartjsmit]

You need at least one client on the same IP range as the firewall. Set your computer to 172.16.50.63 as a static IP.

All devices on your LAN need to be in the same 172 range. Adjust your DHCP service to issue addresses in the new network and then either reboot, disable/enable their networking or wait for your old DHCP lease time to run out.

What network mask did you choose?

Bart...

[ajoeiam]

Hmmmmm - - - - except that isn't the question that I asked.

I understand that when this new system goes into production - - - its actually working - - - your answer would be correct and that was the plan (I would be switching from 192.168.x.x to 172.16.50.62).

The system is going to be parked until I get to  the new ISP (fiber direct to the place).

My question is related to 'before' the system has been tasked.

Do I use something like a tunnel, maybe a bridge (that seems a little less likely) - - - - or ??

[bartjsmit]

You can add more than one IP address to your client network adapter (in your case a 172 address).

E.g. for Windows on an elevated command prompt run:

netsh int ipv4 add address name="Local Area Connection" 172.16.50.63 255.255.255.0

Or on Linux:

sudo ip a a 172.16.50.63/24 dev eth0

Change the NIC name in each case if different

Bart...

[Patrick M. Hausen]

Or

1. Set the new IP address on your OPNsense, save and apply.
2. You will lose the UI connection.
3. Configure a matching static address on your PC.
4. Reconnect to the UI using the new address.
5. Adjust the DHCP server settings of OPNsense, save an apply.
6. Change your PC back to DHCP.

Really not that difficult.

[chemlud]

Manipulations like this requiring the adjustment of multiple parameters in the GUI are the reason why you can do various changes in the GUI, which all become effective only after pressing "Apply" in the end...

[ajoeiam]

Hmm - - - - - all very useful iformation - - - but - - - - I guess my question is unclear or something.

I want to park the machine - - - - ie - - - its NOT going to be working.

(This is a temporary measure only!!!!!!!!!!)

I want to have the machine accessible so that I can work on the setup - - - any noob understands how monstrous and complex the whole of opnsense is and I want to take time setting it up (so that its ready to work when the time for switchover arrives).

Does that help?

My previous main machine had 2 RJ-45 ports so that would have been much easier  - - - - plug in a cable to the 2nd port and use a second NIC and then I could have both options (dunno how I could easily switch between the two ports though) but my present main m/c only has a single RJ-45 port so that's not an option.

This parking is to facilitate setup - - - - there are so many things I think I would like (seems like more all the time as I'm working my way through the documentation).

Is there a better address (from a 192.168.1.1 network origen) to park the machine at temporarily so that I still have access and yet its not 'working'?

TIA

[yourfriendarmando]

You have these non routable addresses to choose from

10.0.0.0/8=10.0.0.0 – 10.255.255.255
192.168.0.0/16=192.168.0.0 – 192.168.255.255
172.16.0.0/12=172.16.0.0 – 172.31.255.255

You can even pick 192.168.1.2 for this standby system

[ajoeiam]

Rephrasing to make sure I have this correct.

I can set up this system on say 192.168.2.1 and access it from a 192.168.1.1 network - -  yes?


(This is a temporary measure to allow lots of time for configuration(!!!).)

[Patrick M. Hausen]

I can set up this system on say 192.168.2.1 and access it from a 192.168.1.1 network - -  yes?

No. But you can set it to any 192.168.1.x address which is unused and not part of your currently active DHCP pool. And then use this address to access and configure the device. Only make sure to disable the DHCP and (router advertisement if applicable) services.

[chemlud]

Rephrasing to make sure I have this correct.

I can set up this system on say 192.168.2.1 and access it from a 192.168.1.1 network - -  yes?


(This is a temporary measure to allow lots of time for configuration(!!!).)

Why not? isn't that just a question of subnet mask?

[Patrick M. Hausen]

I was reading they were using the standard /24 prefix length. Their emphasis on "from the network" means there is an existing network in place and they want the new device not to interfere. Changing the network mask would need changes of the existing infrastructure.