New to OPNSense - no connection to OPNsense after changing LAN IP

Started by tkhobbes, August 04, 2024, 02:52:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 04, 2024, 02:52:09 PM
OK so I managed to get OPNsense up and running on a dedicated box. It has 4 Ethernet interfaces, of which I configured one as WAN and one as LAN (the other two are not in use for now).

In order not to disturb my current home network (broadband modem 192.168.0.1 with DHCP range 192.168.0.100-200, pihole DNS 192.168.0.3, some NAS with static IP), I have given the LAN an address of 192.168.10.1 and a DHCP range of 192.168.10.100-200.
Works fine when simply connecting the WAN port of the OPNsense box to any switch and then any computer directly to the LAN port (have also tried with a wireless AP, worked fine).

Now I want to get the OPNsense firewall into production, which means that the modem will be set to bridge, plugged into the OPNsense WAN port, and the LAN port goes into the switch where the modem was plugged in earlier.
However for soft transitioning in, I thought of switching the LAN IP address to 192.168.0.60 and to switch off DHCP (after that, I will switch of DHCP on my modem and turn on DHCP on OPNsense LAN - I will do so with a temp static IP in order not to loose connection).

So I switched the OPNsense LAN IP to 192.168.0.60, switched to manual IP on my client, gave it a .61 IP address and entered .60 as gateway and 0.3 as DNS server.
But after that, nothing works: I can't ping the gateway (.60), I can't access it via webGUI, I have no connection to the internet.
Logging in via console and reset the LAN IP to 10.1 (and then my client to eg 10.100) restores everything back to working.

What am I overlooking?
August 04, 2024, 05:35:06 PM #1
What are the subnet masks aka prefix lengths on your OPNsense and your PC, respectively? With the change to 192.168.0.60/61 in place.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 04, 2024, 06:04:59 PM #2
I left them at 255.255.255.0 (/24)
August 04, 2024, 06:22:52 PM #3
If you have OPNsense at 192.168.0.60/24 and your PC at 192.168.0.61/24 you should be able to ping OPNsense. If both masks are correct, something else is wrong. Confused WAN and LAN interface, possibly?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 04, 2024, 09:02:00 PM #4
Ok it's good to know that there is nothing obvious that I overlooked. I will keep digging then and retest that subnet mask suggestion of yours.
Thanks.
August 18, 2024, 02:09:48 PM #5
OK so I played around some more and I don't really get what is going on.

I configured the LAN port on my OPNSense device to 192.168.0.60, and instead of giving a manual IP to my local Mac client, I configured a DHCP server to give IP addresses from 192.168.0.70 to 192.168.0.80.

I plugged in the Mac Client and - I got an IP address 192.168.0.70! Now I can ping it, but I can't ping anything else. I can't ping 192.168.0.60 (set as gateway in the DHCP server's settings), nor the Raspi DNS server at 192.168.0.3 even though it is entered in the DHCP configuration (and I can see it properly set in the TCPIP settings on my mac.

Any ideas?
August 18, 2024, 02:55:55 PM #6 Last Edit: August 18, 2024, 03:04:11 PM by doktornotor
Dunno, the entire idea of "soft switch" seems to be causing absolutely pointless trouble here. You cannot do it anyway, you'll have to plug the modem into WAN, and it cannot have the subnet as LAN. Will cause WAN to go down anyway.

Got completely lost in what's temporarily connected to where but have strong suspicion that your OPNsense WAN now has an IP from 192.168.0.0/24, then you have LAN behind it with the same 192.168.0.0/24, and you have another LAN in front of OPNsense WAN (the modem one) yet again with 192.168.0.0/24. No surprise nothing works, this just is a completely broken setup.
August 18, 2024, 03:17:47 PM #7
OK so let me try to explain what I did:

MODEM plugged to WAN port.
- Modem set to 192.168.0.1 and acts as DHCP with pool 192.168.0.100 - 192.168.0.200
Raspbi acts as DNS server at 192.168.0.3
Setup works without OPNSense obviously.

- LAN1 port configured as 192.168.10.1
--> When I plug my Mac in here with a fix IP of 192.168.10.100 (and set gateway to 192.168.10.1 and DNS to 192.168.0.3) everything works as expected.

- LAN2 port configured as 192.168.0.60 with DHCP pool 192.168.0.70 to 192.168.0.80
--> When I plug my Mac in here, it gets an IP of 192.168.0.70 and the gateway and DNS servers are properly set.
However I cannot ping anything else than 192.168.0.70

I get what you are saying about things being mixed up.... but I thought that at least PINGING 192.168.0.60 (the gateway) should work?
August 18, 2024, 03:23:36 PM #8
Quote from: tkhobbes on August 18, 2024, 03:17:47 PM
- LAN2 port configured as 192.168.0.60 with DHCP pool 192.168.0.70 to 192.168.0.80
--> When I plug my Mac in here, it gets an IP of 192.168.0.70 and the gateway and DNS servers are properly set.
However I cannot ping anything else than 192.168.0.70
OPNsense comes preconfigured with a firewall rule for the single LAN port. If you add more interfaces you need to add matching firewall rules for these yourself.

Look into Firewall > Rules > LAN1, then possibly duplicate the single "allow all" rule you will find and change it to match LAN2.

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions