Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Replace ISP router DCHP with OPNSense DCHP with no relay option
« previous
next »
Print
Pages: [
1
]
Author
Topic: Replace ISP router DCHP with OPNSense DCHP with no relay option (Read 1353 times)
patrick010
Newbie
Posts: 12
Karma: 0
Replace ISP router DCHP with OPNSense DCHP with no relay option
«
on:
August 07, 2023, 07:33:29 pm »
Hi everybody, I have a seemingly impossible situation for which I'd like to ask your help.
The situation is as follows.
I have a wireless internet router from my provider, which also serves as a DHCP.
What I'd like to do is, disable the router's DHCP and use the OPNSense one's.
The router has no DHCP relay option, so I can't forward the requests to OPNSense. But, the router being on the WAN side of the OPNSense I don't see how I can serve IP's to the IoT devices that connect to the wireless router.
The IoT devices need to connect to the Home Assistant server on the LAN side of OPNSense, which has a different subnet than the ISP router.
Is there a way to achieve this?
I've tried to make sense of my situation in this drawing
Logged
newsense
Hero Member
Posts: 1036
Karma: 77
Re: Replace ISP router DCHP with OPNSense DCHP with no relay option
«
Reply #1 on:
August 07, 2023, 07:44:20 pm »
Sounds like you need a managed AP, either Unifi/Ruckus/Engenius or DDWRT/OpenWRT
Iff you have that then simply recreate the IoT WLAN on the device, isolated on its own vlan, and with proper FW rules you can both access HA and have a secure IoT network behind OPNsense.
Once everything is set up disable WiFi on the ISP side and the devices will connect to your AP instead
Logged
patrick010
Newbie
Posts: 12
Karma: 0
Re: Replace ISP router DCHP with OPNSense DCHP with no relay option
«
Reply #2 on:
August 07, 2023, 08:13:28 pm »
Yes, that would solve it. However, it's a fiber router of which the settings page is shielded from the end user, so replacing it with something else is next to impossible. The router is also in a remote location, 2000km away from me, so going there and fiddle with it is also undoable. Asking the provider is also a mission impossible, because its a Spanish ISP. Don't know if you've ever had to do with anything Spanish, but let's say customer support is still in its infancy there
The main reason for replacing the DHCP isnt so much for security, but for the horrendous DNS server on it. It doesnt register hostnames, so resolving a local domain isnt possible. OPNSense would solve all my problems, if only.
Maybe there's another way of doing this? Like putting OPNSense in the same subnet as the router? But then I have to configure OPNSense as a router and I havent found any clear info on how to do that.
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Replace ISP router DCHP with OPNSense DCHP with no relay option
«
Reply #3 on:
August 07, 2023, 08:31:50 pm »
So you only want to use OPNsense as a DHCPv4 and DNS server, nothing else (routing, firewall, ...)? Then you won't need the WAN interface at all. Instead, configure the LAN interface with a static IP address in 192.168.1.0/24 and connect it to the fiber router's LAN. In the OPNsense DHCPv4 server, set the gateway to the IP address of the fiber router.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
patrick010
Newbie
Posts: 12
Karma: 0
Re: Replace ISP router DCHP with OPNSense DCHP with no relay option
«
Reply #4 on:
August 07, 2023, 09:10:13 pm »
That would be an idea, yes. I'd prefer having HA firewalled, but as it relies on mDNS discovery I forsee all kind of problems putting it in a different VLAN. I think I'll go for your suggestion, Maurice.
Thanks
Logged
newsense
Hero Member
Posts: 1036
Karma: 77
Re: Replace ISP router DCHP with OPNSense DCHP with no relay option
«
Reply #5 on:
August 07, 2023, 09:11:50 pm »
The OPNsense centric solution I proposed will secure the environment and reduce the ISP reliance on poorly managed HW. Additionally changing ISPs would only require a minimal - if at all - WAN settings adjustment.
Otherwise Maurice' solution could work, however you'd get just as much from a raspberry pi managed remotely via tailscale and providing DHCP and secure DNS via pi-hole or adguardhome running in docker.
Logged
patrick010
Newbie
Posts: 12
Karma: 0
Re: Replace ISP router DCHP with OPNSense DCHP with no relay option
«
Reply #6 on:
August 07, 2023, 09:48:29 pm »
I know, my home office is set up like that. But this particular situation is logistically difficult, so for the time being I have to settle with a little less desirable config. Whenever I get the chance I will most certainly replace the router with a managed AP.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Replace ISP router DCHP with OPNSense DCHP with no relay option