Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Unifi and Opnsense don`t want to work together
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unifi and Opnsense don`t want to work together (Read 1507 times)
sainar
Newbie
Posts: 8
Karma: 0
Unifi and Opnsense don`t want to work together
«
on:
March 11, 2024, 09:00:05 am »
Colleagues, please need your help to put OPNsense (HBSD based) behind USG-pro.
my office toplogy is like this:
1. ISP router
2. Unifi (USG-pro4) - static ip 192.168.1.1
3. Unifi Edge switch
So, what is the problem, i need to put an OPNsense behind USG-pro, the problem is that our head admin make a config like this
LAN on USG is 192.168.1.1 => Unifi Edge switch 192.168.1.3
! as i understood to connect my OPNsense i need to have a config like this:
LAN on USG is 192.168.1.1 => WAN on OPN 192.168.1.2 => LAN OPNSense 192.168.1.3 Unifi Edge switch 192.168.1.4
Or i miss something?
Logged
Patrick M. Hausen
Hero Member
Posts: 6862
Karma: 576
Re: Unifi and Opnsense don`t want to work together
«
Reply #1 on:
March 11, 2024, 10:08:57 am »
You cannot have the same network on both WAN and LAN. If the USG must be used as is you need to change LAN to e.g. 192.168.2.0/24 for both OPNsense and the Unifi switch.
What are you trying to achieve with OPNsense in this setup? You already have a firewall (USG).
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
sainar
Newbie
Posts: 8
Karma: 0
Re: Unifi and Opnsense don`t want to work together
«
Reply #2 on:
March 11, 2024, 03:08:27 pm »
the command from my authority was like this:
1. this USG is too old and have a lot of problems
2. they don`t want to change it they want something like this:
ISP => USG => OPNsense => switch
USG and Switch is on a same subnet, as i understood to achieve what they is to change the IP of switch right?
Logged
Patrick M. Hausen
Hero Member
Posts: 6862
Karma: 576
Re: Unifi and Opnsense don`t want to work together
«
Reply #3 on:
March 11, 2024, 03:31:37 pm »
The LAN IP of OPNsense and the IP of the switch. As I wrote. But if the USG is "too old" and "has a lot of problems", wouldn't it be way better to replace it? You won't solve the problems by introducing another component. Whatever those problems are.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
meyergru
Hero Member
Posts: 1729
Karma: 170
IT Aficionado
Re: Unifi and Opnsense don`t want to work together
«
Reply #4 on:
March 11, 2024, 07:48:32 pm »
You could possibly mask those purported problems by hiding them
behind
an OpnSense, i.e. switch out OpnSense and your USG in your topology.
That way, you could also solve the problem that could come up if the USG also runs a network controller for the infractructure (like the switch or potentially, access points) - you would have to make the configuration traffic pass the OpnSense otherwise.
Also: If there are problems (and I do not say there are none: I am a strong opponent of using Unifi gear for security purposes, as much as I like them for switching and WLAN) on your USG and you do not use it for anything else (e.g. VPN, which would be difficult to set up behind an OpnSense), it is simply superfluous.
If you plan to still use the USG for anything else, then by definition, it would be unsafe to expose it to the internet.
So, either way, your planned setup seems somewhat strange.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
sainar
Newbie
Posts: 8
Karma: 0
Re: Unifi and Opnsense don`t want to work together
«
Reply #5 on:
March 27, 2024, 08:25:33 am »
Thanks for reapply people. this conversation is closed.
now it unify is off and works standalone
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Unifi and Opnsense don`t want to work together