more complex setup

Started by mahescho, September 26, 2018, 04:11:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 26, 2018, 04:11:07 PM
Hi,

i plan a a bit more complex setup. See attachment. I've tree VDSL connections. All with static public IPv4 and IPv6. On with an IPv4 subnet and a /48 v6 prefix. The other two get single v4 addresses and a /56 v6 prefix. Internally I plan to have VLANs only and depending on the VLAN different outgoing NAT setups an IPv6 nets. Communication between the VLANs has to work too.

Is this doable with OPNsense?

TIA
Matthias
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
September 26, 2018, 07:47:10 PM #1
I have never used it but OPNsense should be multi-wan capable.
September 27, 2018, 04:56:07 AM #2
@mahescho   your network config should be achievable with OpnSense.
[Firewall - OPNsense 19.7-amd64, FreeBSD 11.2 RELEASE-p11-HBSD]
[Hardware - Dell R210 Xeon E31260L@2.40GHz x8core, 16G RAM 200GB SSD, Dual 1G & Dual 10G NIC, GS728TP Poe+ Switch]
[ISP - D940Mbps / U880Mbps]
September 27, 2018, 09:10:13 AM #3
@opnsrcfw Thanks, I thought so, as I did some thing similar with FreeBSD using FIBS. My concern was if this could be done via the GUI.
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
September 27, 2018, 12:54:38 PM #4
Caveat: Multi-WAN with multiple DHCPv6 WANs does not currently work, but if you're using all static you shall be fine. :)


Cheers,
Franco
September 27, 2018, 09:52:46 PM #5
@franco: I only use static public IPs  :)

My major headaches at the moment are this: https://forum.opnsense.org/index.php?topic=9786.0 and that: https://forum.opnsense.org/index.php?topic=9804.0
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
September 27, 2018, 10:07:15 PM #6
Let me answer here. :)

I hope 18.7.4 fixed the first one:

https://github.com/opnsense/changelog/blob/master/doc/18.7/18.7.4#L18

The second question's answer is: Firewall: Virtual IPs. Yes, it also works for IPv6 but the subnet mask may not switch immediately. Try saving anyway.

There *may* be a combination of issue 1 and 2 happening now for you for Virtual IPs on top of PPPoE so we need to go back and fix that as well. PPPoE is an ongoing adventure for us...

As far as binding goes for the services you mentioned... we don't support exclusive binding setups in the plugins so it's more of a primary interface address or all of the set addresses (including virtual IPs). Worst case you will have to install the FreeBSD packages and skip the plugins.


Cheers,
Franco
September 28, 2018, 12:42:04 PM #7
Thanks.

Binding: Too bad, my hope was that "basics" are covered her. I''ve tried several commercial Linux based firewall and they all failed too when it came to binding and most important being able to create separate configurations for different IPs and ports. At least with OPNsense a complete manual setup of services is possible, as you mentioned.

IPv6 on PPPoE: The latest update fixed the problem. Thanks.

Now I will experiment with "virtual IPs" ...

BTW: My IPv6 issue on static connection persists! https://forum.opnsense.org/index.php?topic=9639.0 I've to use the "pfctl" workaround ...
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
Print
Go Up Pages1
User actions