Question for second network

[dbots]

Hi all,
I am trying to find a solution to the following but without results so please allow me to post the problem:
I have a LAN 192.168.1.0/24 with GW:192.168.1.254 working fine.
There is an Asterisk PBX (192.168.1.200) in that LAN (LAN1) with about 30 phone devices. For phone devices we use Android smartphones running VoIP software (without SIM card). We use smartphones because they are cheap and don't require a static position in the area of the company.
We decided to move the phones from LAN1 in another network in order to free IP addresses.
So, we somehow added a second LAN (LAN2) but without any serious assignment.
I mean we simply added an alias second IP address (192.168.20.200) on the NIC of Asterisk system and on all phones we added static IP from 192.168.20.21 to 192.168.20.50 using IP 192.168.20.200 to find the Aasterisk server.
Everything works fine regarding calls, but now smartphones don't have access to internet.
I tried to create an alias IP on OPNsense (192.168.20.254) but don't know how and if it's possible to use it as gateway so that I set it as gateway on the phones.
I tried to set 192.168.20.0/24 as a VLAN but then we had a problem on the smartphones because the VLAN must be tagged on OPNsense but smartphones do not have such option.
Please reply with any suggestions.
Thank you.

[bartjsmit]

I tried to set 192.168.20.0/24 as a VLAN but then we had a problem on the smartphones because the VLAN must be tagged on OPNsense but smartphones do not have such option.

Assuming you're using WiFi for the phones and not OTG Ethernet, you set the VLAN on the AP's. Either by using multi-SSID or plugging them into a switch port with an untagged VLAN.

Generally though, you should create NAT and access rules for your second subnet to connect to the internet if that's what you want. Unlike LAN, there are no default policies for additional networks.

Bart...

[CJ]

What do you mean you added a second LAN without any serious assignment?

What does the full phone network config show?

Do you have different filtering requirements for the phones, PBX, and other computers?

[dbots]

What do you mean you added a second LAN without any serious assignment?
What does the full phone network config show?
Do you have different filtering requirements for the phones, PBX, and other computers?

I mean that I did not make any settings on OPNsense and did not create any network. I simply set devices using a subnet (192.168.20.0/24) and since the Asterisk PBX had also an alias in that subnet, it works.
But there is no gateway defined.
Is there a way to use the IP alias set on the OPNsense system (192.168.20.254) as a gateway for LAN2 ?
It's not in interface list so could not choose it.

[CJ]

You didn't answer all of my questions.

[dbots]

Assuming you're using WiFi for the phones and not OTG Ethernet, you set the VLAN on the AP's. Either by using multi-SSID or plugging them into a switch port with an untagged VLAN.
Generally though, you should create NAT and access rules for your second subnet to connect to the internet if that's what you want. Unlike LAN, there are no default policies for additional networks.
Bart...

Thank you for replying, from what I understand, if I use VLAN the problem is (since it would be tagged due to OPNsense) there is no way to set the tag on my mobile devices (smartphones).
That's why I would like something simpler, for example just to use the first solution I described with the IP alias but to be able to set it as gateway so that smartphones get online.

[dbots]

You didn't answer all of my questions.

What does the full phone network config show?

IP:192.168.20.30, subnet:255.255.255.0, gateway: 192.168.20.254 (but not working)

Do you have different filtering requirements for the phones, PBX, and other computers?

No

[CJ]

Set the phone GW to 192.168.1.254

Another solution would be for you to change the subnet for your LAN to something larger than /24 if all you need is more IPs.

[dbots]

Set the phone GW to 192.168.1.254

I tried it on my Windows laptop - not working. There is a warning about different subnets.
I also tried to set (on OPNsense) the gateway of IP alias 192.168.20.254 to 192.168.1.254. Still not working.

Another solution would be for you to change the subnet for your LAN to something larger than /24 if all you need is more IPs.

We don't want this - Need to have different subnet.

Thank you

[CJ]

It seems like you're a bit out of your depth network wise and that this is for a business?  I would recommend you either hire a Network Admin consultant or pick up an OPNSense support contract to help you get this set up.

Thanks.

[dbots]

It seems like you're a bit out of your depth network wise and that this is for a business?  I would recommend you either hire a Network Admin consultant or pick up an OPNSense support contract to help you get this set up.
Thanks.

OK, but I cannot understand how you make this conclusion. Before a while, you suggested to use as gateway an IP address that does not belong in the subnet of the IP address of a terminal.
I am not an expert but on the other hand I don't expect that to be such a difficult problem that would need a network admin to be hired. I think that it's some setting that I cannot find.

Anyway, if someone else has any solution or suggestion, please send.