Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

[Patrick M. Hausen]

Just configure the LAN bridge by the official documentation and get everything working. Creating a separate (V)LAN for a different client can be postponed for later. Regardless of the FUD the FreeBSD bridge works fine since a complete rewrite some years ago. I't definitely not a switch so don't expect wire speed from client to client at 2.5 Gbit/s. Nonetheless it does work quite well.

Get your main network up and running with a LAN bridge, then measure if there are any performance bottlenecks you find unacceptable - only then consider a redesign with a proper switch.

Then think about VLANs and certain clients etc.

HTH,
Patrick

[haze]

Hey, i got the same appliance but my setup is a bit different but maybe you can still help me out ?
I've installed proxmox on the appliance and virtualized OPNSense , using PCI passthrough gave to OPNSense VM a WAN and a LAN interface. Everything is working .

I have a managed switch on lan and everytime i connect a device a get an ip address so everything seems to be working.
Now i would like to do something different.
Right now proxmox is plugged to the switch using a cable and i would like to use a bridge to get rid of cable using a virtual brige .


I've created a Virtual bridge on proxmox and given it to OPNSense, using the official guide i then created a brige between the vnet0 and lan but proxmox does not receive any ip address

[Greg_E]

Eventually I have a feeling you will end up buying a 2.5gbps switch, looks like you can get a 5 port that includes a 10gbps uplink for around $44usd. No idea if these cheap switches will really perform, but https://www.servethehome.com/ has a bunch of reviews on some "cheap" 2.5 and 10gbps switches that might be worth looking at.

Summary is that I think you are going to get tired of fooling around trying to bridge those ports and get full speed out of them. Maybe it works, maybe it doesn't, but a switch is going to be a lot easier down the road.

[Yewtink]

So far I have been working the bugs out of other hardware on my network and my ISP finally confirmed that I was behind a double nat.

Is there and idiot proof way to understand error log (see attach photo)?  I figured it was about the double nat, hoping there is a plugin or gui that would take me to the error.  The rid was clickable but it did nothing when I clicked on it.

Another question I have if I decide to drop the bridge.  I understand that I will have to add lan eth2-eth5, but do they require their own IP address?  Think it would be obvious they would have to be static address, so if I am working down stream on eth3 do I still access the OPNsense with the current eth1 IP or would it be a seperate IP for each?

I know that if I wanted to I could put each one on their own subnet and link or route together.  I did read that but I was hoping to keep things simple for now.  As I get a better understanding I will probably separate the office network, home wifi, gaming network and have a public printer share and streaming into their own each independent LANs.

thanks!

[Patrick M. Hausen]

To keep things simple - if you want to use more than one port of your device for LAN clients - you should definitely build a LAN bridge following the OPNsense documentation. Anything else would require to create multiple interfaces, multiple DHCP pools, firewall rules for everything, dealing with multicast ... not quite fun.

What part of the LAN bridge documentation is not working for you?

[Yewtink]

What part of the LAN bridge documentation is not working for you?

I am not sure that there is a problem.  My access points was breaking (just stop working) I've had them a few months and the router and 2.5g switch was new.  So I wasted days looking for problems in the wrong area.  Then computer problems (windows update reset/broke office network), then something else, and something else.  But I was wanting to have all areas getting 2.5g then dropping to 1g at each of the (3) switches.  Currently everything is connected with @ 2.5g except 1 AP that is connected to 1g switch (only device) that I am using like a bridge to connect to a 2nd mesh AP that takes the signal into the office to a 16 port 1g smart switch.  I have been having frequent network issues and spending many days and weekends resetting the old routers.  (TP-Links)  IMO once a very good affordable product, now with the trend of everyone wanting to move to a mobile cloud system they are pure garbage.  Some how the cloud sync would override my latest configuration and would reset to an older state that was no longer appropriate.  The reason I decide to go with OPNsense router so I had 100% control and not 5% control.

I still haven't created the network topology map that I have been planning for 2 weeks now. But because of the previous comments I have reran 2 new cat6 cables so everything is linked by wire. (router > switch > devices).  Except the branch that goes to the office, router > 1g switch > Mesh AP <<wifi 6 about 200 ft away>> Mesh AP > Switch > Devices.

Trying to figure out how I can (ahem) should plan on linking lan to lan next door about 260 ft.  My sister has young kids that is into Minecraft and I plan on hosting LAN game servers at home so the whole family can game together without the signal going out over the WAN connection.  Because we live out in middle of nowhere our internet service is really to slow for online gaming.  So one of my trains of thought is to remove 1 NIC from the bridge (or maybe 2) IDK still reading up on VLANs.  So the point of the post earlier was IF I remove 1 NIC how to I set that up.  IDK if setting up a VLAN to run to the office through the APs would cause issues with my mesh system (2) nodes off ETH2 and (1) off ETH4.  Again still really new to VLAN I know that I can tag devices and the Smart Switch in the office can work as a VLAN client, OPNsense VLAN server.  Not fully understanding how that would affect or if it would affect the AP.

• On the Bridge I assigned a static IP, do I need to define the mac as well? Or if that is left blank it will auto assign the MAC address on eth1?
  
  
  
• Oh I did remember one issue I had, the cable plugged into ETH1 wasn't connecting to the switch.  Glanced over the settings and nothing jumped out to me as to why.  So I moved the cable to ETH3 and it started working.

[Yewtink]

I haven't made any changes in my network in about a week.  Last night my wifi started going offline randomly.  When I logged in on the router checking for updates (still current)  I found 2,500,481 errors on the bridge.  How do I access the log to figure out what is going on?

[Yewtink]

 :-\

I believe the errors are related to the DNS on my Xbox's.

[Yewtink]

Here is my simple network topology.



Still looking for help.




My ISP doesn't use IPv6 wondering if enabling this would improve the network for my Xbox at least on the LAN side?

[bimbar]

Here is my simple network topology.



Still looking for help.




My ISP doesn't use IPv6 wondering if enabling this would improve the network for my Xbox at least on the LAN side?

Almost certainly not.

[Yewtink]

To keep things simple - if you want to use more than one port of your device for LAN clients - you should definitely build a LAN bridge following the OPNsense documentation. Anything else would require to create multiple interfaces, multiple DHCP pools, firewall rules for everything, dealing with multicast ... not quite fun.

What part of the LAN bridge documentation is not working for you?

My bridge has 2,930,088 errors.  Still haven't found troubleshooting documentation or anything that can help.  I figure it will be something stupid simple as checking the wrong box or missing a config step.  But I don't have a clue where to start looking for a fix other then rereading the setup documentation.

I did find out when I reloaded an old configuration, that eth1 wasn't included in the bridge in that saved version that is why I was not getting network a connection.

I have been asking about the MAC address assignment for the bridge.  I do not know why the log keeps showing MAC changes for eth1-eth5.  I assumed it would see it as a single port and be given the same mac to all ports, unless it was internal way of identifying a specific port.  I have no clue how the programing side of things work.

I am still having issues with my TP-Link x55 AP and X50-outdoor AP.  I really don't think it has anything to do with Opnsense because they was a problem before I moved to Opnsense.  That is why I moved to separate devices I thought separating the jobs it would reduce the load on them and they would work.  The mini pc I am using the highest usage I have seen will be a 20% load for less then a few seconds then it goes right back to less than 1% load.

But I have gained 4Mbps in down and 2Mbps up by ditching the x55 router function for just AP.

[Patrick M. Hausen]

If you have unconnected ports in that bridge you will have output errors. This is not a problem.

[Yewtink]

If you have unconnected ports in that bridge you will have output errors. This is not a problem.

What about the Mac addresses changing?  Seems like it should be static to match IP.

All ports are being used now.

[Yewtink]

Eventually I have a feeling you will end up buying a 2.5gbps switch, looks like you can get a 5 port that includes a 10gbps uplink for around $44usd. No idea if these cheap switches will really perform, but https://www.servethehome.com/ has a bunch of reviews on some "cheap" 2.5 and 10gbps switches that might be worth looking at.

Summary is that I think you are going to get tired of fooling around trying to bridge those ports and get full speed out of them. Maybe it works, maybe it doesn't, but a switch is going to be a lot easier down the road.

I wore myself out redoing the setup and always getting the same results on the Xboxes.

After exhausting my patience I bought a cheap 8 port 2.5g manage switch, to replace the 2.5g dumb switch I bought a month ago.

Set the static IP address for it and saved the Xboxes mac addresses to the assigned ports and rebooted everything..

I no longer have UPNP errors and have Open NAT   ;D

https://a.co/d/c1D2u7N

Still having issues with my wifi flaking out.  I did run a dedicated lan cables from a bridged ports directly to the TP-Link X55 & X50-Outdoor I am using in AP mode.

[Yewtink]

Well my issues have return and doing some more digging it seems it was an DNS issue.

I had to go in and whitelist.

2.dl.delivery.mp.microsoft.com
7.assets1.xboxlive.com
accounts.xboxlive.com
achievements.xboxlive.com
assets.xboxlive.com
assets1.xboxlive.com
attestation.xboxlive.com
avty.xboxlive.com
cert.mgt.xboxlive.com
chatfd.xboxlive.com
client-s.gateway.messenger.live.com
client-strings.xboxlive.com
clubhub.xboxlive.com
comments.xboxlive.com
compass.xboxlive.com
def-vef.xboxlive.com
device.auth.xboxlive.com
dl.delivery.mp.microsoft.com
dlassets.xboxlive.com
editorial.xboxlive.com
eds.xboxlive.com
epix.xbox.com
epix.xbox.com
eplists.xboxlive.com
fdp-xboxone-ope-game.fromsoftware-game.net
fdp-xboxone-ope-game.fromsoftware-game.net
fdp-xboxone-ope-login.fromsoftware-game.net
fdp-xboxone-ope-login.fromsoftware-game.net
fe3.delivery.dsp.mp.microsoft.com.nsatc.net
fe3.delivery.mp.microsoft.com
g.live.com
gameserverds.xboxlive.com
help.ui.xboxlive.com
images-eds.xboxlive.com
images-eds-ssl.xboxlive.com
inference.location.live.net
instance.mgt.xboxlive.com
leaderboards.xboxlive.com
licensing.xboxlive.com
login.live.com
mediahub.xboxlive.com
networktest.xboxlive.com
nexus.officeapps.live.com
nexusrules.officeapps.live.com
notify.xboxlive.com
peoplehub.xboxlive.com
privacy.xboxlive.com
profile.xboxlive.com
rta.xboxlive.com
s.gateway.messenger.live.com
sessiondirectory.gtm.xboxlive.com
sessiondirectory.xboxlive.com
settings.xboxlive.com
settings-ssl.xboxlive.com
skypexbox.skype.com
social.xboxlive.com
title.auth.xboxlive.com
title.mgt.xboxlive.com
titlehub.xboxlive.com
titlestorage.xboxlive.com
tournamentshub.xboxlive.com
update.xboxlive.com
update.xboxlive.com.akadns.net
update-cdn.xboxlive.com
user.auth.xboxlive.com
userpresence.xboxlive.com
userstats.xboxlive.com
vodcontent-2003.xboxlive.com
vodcontent-3001.xboxlive.com
vodcontent-3004.xboxlive.com
www.xboxlive.com
x1ds.xboxlive.com
xbox.ipv6.microsoft.com
xbox.ipv6.microsoft.com
xboxexperiencesprod.experimentation.xboxlive.com
xbox-mbr.xboxlive.com
xflight.xboxlive.com
xflight.xboxlive.com
xkms.xboxlive.com
xncsi.xboxlive.com
xnotify.xboxlive.com
xsts.auth.xboxlive.com

So far this has fixed the Open NAT and UPNP failures to connect.