Unifi and Opnsense don`t want to work together

Started by sainar, March 11, 2024, 09:00:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 11, 2024, 09:00:05 AM
Colleagues, please need your help to put OPNsense (HBSD based) behind USG-pro.
my office toplogy is like this:
1. ISP router
2. Unifi (USG-pro4) - static ip 192.168.1.1
3. Unifi Edge switch

So, what is the problem, i need to put an OPNsense behind USG-pro, the problem is that our head admin make a config like this LAN on USG is 192.168.1.1 => Unifi Edge switch 192.168.1.3! as i understood to connect my OPNsense i need to have a config like this:
LAN on USG is 192.168.1.1 => WAN on OPN 192.168.1.2 => LAN OPNSense 192.168.1.3 Unifi Edge switch 192.168.1.4
Or i miss something?
March 11, 2024, 10:08:57 AM #1
You cannot have the same network on both WAN and LAN. If the USG must be used as is you need to change LAN to e.g. 192.168.2.0/24 for both OPNsense and the Unifi switch.

What are you trying to achieve with OPNsense in this setup? You already have a firewall (USG).
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 11, 2024, 03:08:27 PM #2
the command from my authority was like this:
1. this USG is too old and have a lot of problems
2. they don`t want to change it they want something like this:
ISP => USG => OPNsense => switch
USG and Switch is on a same subnet, as i understood to achieve what they is to change the IP of switch right?
March 11, 2024, 03:31:37 PM #3
The LAN IP of OPNsense and the IP of the switch. As I wrote. But if the USG is "too old" and "has a lot of problems", wouldn't it be way better to replace it? You won't solve the problems by introducing another component. Whatever those problems are.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 11, 2024, 07:48:32 PM #4
You could possibly mask those purported problems by hiding them behind an OpnSense, i.e. switch out OpnSense and your USG in your topology.

That way, you could also solve the problem that could come up if the USG also runs a network controller for the infractructure (like the switch or potentially, access points) - you would have to make the configuration traffic pass the OpnSense otherwise.

Also: If there are problems (and I do not say there are none: I am a strong opponent of using Unifi gear for security purposes, as much as I like them for switching and WLAN) on your USG and you do not use it for anything else (e.g. VPN, which would be difficult to set up behind an OpnSense), it is simply superfluous.

If you plan to still use the USG for anything else, then by definition, it would be unsafe to expose it to the internet.

So, either way, your planned setup seems somewhat strange.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
March 27, 2024, 08:25:33 AM #5
Thanks for reapply people. this conversation is closed.
now it unify is off and works standalone
Print
Go Up Pages1
User actions