Opensense + Unifi Dream machine questions

Started by malakez, January 27, 2021, 05:54:55 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 27, 2021, 05:54:55 AM Last Edit: January 27, 2021, 06:07:41 AM by urpokarhu
Hello,

What i'm missing here? I'm using shuttle ds77u as Opnsense box and Unifi Dream machine + USW Mini switch.

Topology: VDSL-modem in bridged mode -> Opnsense -> UDM -> Unifi USW Flex mini -> desktop

Networks on Opnsense and UDM

  • LAN 192.168.3.0/24
  • WAN
  • VLAN10 10.10.10.0/24
IP addresses

  • VDSL-bridge 192.168.1.1
  • Shuttle/Opnsense box IP 192.168.3.1 (set by opnsense LAN settings)
  • UDM IP 192.168.3.2 (set by UDM in its LAN settings)
  • USW flex mini IP 192.168.3.10 (given by ?? maybe UDM DHCP since when I set it to static lease on opnsense it says offline)
UDM doesn't show up at all in in DHCP leases on Opnsense, USW flex mini does on the LAN interface.


  • When I connect my desktop to USW flex mini "all/trunk" port meaning network 192.168.3.0/24 I can access 192.168.3.1 and UDM controller on 192.168.3.2 just fine but I don't have any internet connectivity.
  • When I connect my desktop to USW flex mini port configured as "vlan10" meaning network 10.10.10.0/24 I can access 192.168.3.1 but not 192.168.3.2 but I have internet connection.
Questions:
A) Why cannot I access 192.168.3.2 from the 10.10.10.0/24 VLAN network?
B) Why I don't have internet access on 192.168.3.0/24 LAN network?
C) Why doesn't Opnsense give IP to UDM?
January 27, 2021, 09:08:15 AM #1
Code Select
Shuttle/Opnsense box IP 192.168.3.1 (set by opnsense LAN settings)
UDM IP 192.168.3.2 (set by UDM in its LAN settings)

That will not work, at least not in this setup:
Code Select
> Opnsense -> UDM ->
You need to plug in the UDM WAN interface into the OPNsense LAN. And change either the OPNsense LAN network to a different /24, or re-IP your LAN network to something different. You cannot use the same network for LAN & WAN.
January 27, 2021, 12:38:06 PM #2 Last Edit: January 27, 2021, 03:39:27 PM by urpokarhu
Not quite what I was looking for for that does double NAT
January 27, 2021, 01:03:42 PM #3 Last Edit: January 27, 2021, 01:06:22 PM by urpokarhu
Hello,

I switched unifi LAN to 192.168.2.1 and Opnsense box to 192.168.6.1. Now I have Double-NAT situation which I don't want

Tracing route to google.com [172.217.21.142]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  unifi.localdomain [192.168.2.1]
  2    <1 ms    <1 ms    <1 ms  192.168.6.1
  3    12 ms    12 ms    11 ms  dsl-nnnnn []

Is this because I have now connected Opnsense box to WAN port of UDM? Should I just switch to LAN port then so Opnsense could do firewall stuff?
January 27, 2021, 03:27:47 PM #4 Last Edit: January 27, 2021, 03:40:14 PM by urpokarhu
Hello,

My idea is to use UDM as a managed switch/unifi controller/wireless access point and firewall/dhcp and everything else would be managed on Shuttle Opnsense. Is this even possible or do I need "plain" unifi managed switch + unifi network controller on a raspberry pi etc.
January 27, 2021, 03:50:27 PM #5
It kind of expects to be the router, so you could plug it into LAN (with it's LAN interfaces) and if your OPNsense box had a spare NIC, you could give that a new IP network and plug UDM WAN in there, for the UDM to "think" it has WAN, too.
If you have a managed switch, you can also do this with VLANs.

For a more clean way, maybe get a UniFi switch / nanoHD/FlexHD (or a new U6 LR / Lite) and install the controller locally or get a CloudKey G2.
Print
Go Up Pages1
User actions