changing IP address of OPNsense

Started by zyghom, April 07, 2024, 04:00:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 07, 2024, 04:00:37 PM
Hi there,

As probably lots of OPNsense users I set up the IP to be 192.168.1.1/24
Consecutively all VLANs I set to be 192.168.VLAN.1/24 (so 10,30,100, etc)
As of now I don't have any device in subnet 192.168.1.0/24 except the OPNsense itself - not sure if this is good or bad but that is how it is.

Now, the issue: lots of network devices come with default IP being 192.168.1.1
That means I cannot attach them to my network - I need to first reconfigure them offline and only once I gave them proper address I can attach them to my network.

So I am thinking loudly: let me change IP of OPNsense to i.e. 192.168.1.254/24 or even less obvious address: 192.168.1.199/24

Now, questions:
1- where do I have to change the IP:
- System/Settings/General/DNS (from GUI)  or
- Set Interface IP address from CLI
2- once this is done, OPNsense will be accessible for routing with new IP - I understand that all machines that are connected to this OPNsense (actually my entire network) have to have new DNS IP (I am using Unbound on OPNsense) and that would be all - all use the default gateway as per their segment so i.e. 192.168.VLAN.1

Is my thinking correct?
Is the sequence correct?
Am I missing anything?

thx


April 07, 2024, 04:22:00 PM #1
What devices come with a preconfigured static address of 192.168.1.1?
Other than a consumer router I've never experienced this.
Just curious.
April 08, 2024, 06:04:39 PM #2
I would agree with JonM that most consumer grade devices don't come with a static IP address of 192.168.1.1 outside of consumer routers.  If for some reason you are setting up one of these devices, you should really connect to those directly and change the appropriate settings (like turning off DHCP services) before you attempt to connect it to your regular network (perhaps as a WiFi AP point for example). 

Most consumer devices are generally going to be set up to get a DHCP assigned IP address which means they should automatically get a valid address assigned when they connect to the network the first time.  Depending on which VLAN they are connected to will dictate what IP address range they are assigned to.

If you find yourself using a device that has a factory assigned static IP address in the 192.168.1.1/24 range, you can simply connect it to your main network (no VLAN) and you should be able to connect to it that way.  Since the OPNsense firewall is the only device on the 192.168.1.1/24 subnet, there shouldn't be any issue with duplicate addresses.

If you find yourself working with a lot of devices that are factory assigned static IP addresses outside of the 192.168.1.1/24 subnet that your network is already using, you can always create a VLAN specific for that use.  For example, 192.168.0.1/24 seems to be another popular consumer grade subnet, so you could always create a new VLAN using the subnet to connect these devices to initially to change their settings to whatever you want to use long term.  Then unplug them from this "setup" VLAN and connect them to the VLAN they will be associated with long term.   

Personally I'll generally connect directly with a new device using my laptop however and just manually set the device up to function like I want (IP address or otherwise) prior to connecting it to  my home network.  This way I know there aren't going to be any issues.
Just a hobbyist trying to figure all this out.
April 09, 2024, 10:34:34 AM #3
ok, thank you, I hear you both
when I mentioned "many" I meant: openwrt and dd-wrt default settings of their firmware
but also of the ISP routers
I have few r7800 and other WAPs that I repurposed to be only dumb wireless access points
but whenever I play with them and as consequence I need to... reset them to the default (as of course playing is playing) I need to disconnect them from the switch, bring close to my laptop, login, change IP to the proper one and reconnect again

but we moved to the less important part of my post - why to change the IP
my main question was: is my procedure mentioned in my post proper to change the OPNsense IP or anything missing there?

thank you both
April 09, 2024, 11:51:53 AM #4
changing the router default range is going to be a mess...  but you can do it from the setup wizard from i believe the setup menu
April 09, 2024, 03:18:50 PM #5
You can log into the router from a different port, even a USB adapter would be good enough for this (if supported), then change everything with the LAN that you need to change.
April 09, 2024, 11:44:35 PM #6
I have done this for an internal Opnsense router, assigning its management LAN port 10.a.b.1 rather than 192.168.1.1. I found the least error path was to plan the assignments then do it in initial setup.
Deciso DEC697
+crowdsec +wireguard
April 10, 2024, 04:44:25 PM #7
Quote from: passeri on April 09, 2024, 11:44:35 PM
I have done this for an internal Opnsense router, assigning its management LAN port 10.a.b.1 rather than 192.168.1.1. I found the least error path was to plan the assignments then do it in initial setup.

Me too. In theory you can also edit the backed up config file with the changes needed, then load this from VGA or SSH.
April 11, 2024, 08:50:18 AM #8
Quote from: passeri on April 09, 2024, 11:44:35 PM
I have done this for an internal Opnsense router, assigning its management LAN port 10.a.b.1 rather than 192.168.1.1. I found the least error path was to plan the assignments then do it in initial setup.

that is obviously true - if you start properly then the rest is easier

Quote from: Greg_E on April 10, 2024, 04:44:25 PM
Me too. In theory you can also edit the backed up config file with the changes needed, then load this from VGA or SSH.

I have checked where in config is the current IP of the router
Code Select
grep 192.168.1.1 opnsense-config-20240411_011301.xml  and it seems the only places are:
1- LAN settings (obviously) for VLAN 1:
Code Select
    <lan>
      <if>igc1</if>
      <descr>Servers_1</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
      <ipaddr>192.168.1.1</ipaddr>
      <subnet>24</subnet>
    </lan>

2- DNS settings for all interfaces:
Code Select
    <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>

3- some rules allowing to connect to DNS for all VLANs:
Code Select
            <content>192.168.1.1</content>
            <content>192.168.1.1</content>


So, in theory, if I just edited this backup file - changing the IP fro current to new -  load it and pray a bit, I should have it restarted with new IP address of the router and all interfaces (DNS) and rules also updated.
Then, on each host that is NOT using DHCP I shall change the DNS only - default gateway for every host is its interface IP so for VLAN 10 it is 192.168.10.1 etc.

I might give a try this way ;-)
April 11, 2024, 03:17:02 PM #9
This was a lot easier on pfsense, only the LAN/WAN/OPT had an IP assigned, everything else was assigned by the name. I'll have to dig into the config file a little deeper before I suggest this again.

But in theory, if you do a find/replace on all of the IP address, you should be working.
April 11, 2024, 04:37:24 PM #10
Why not use the UI for it? Interfaces > LAN > Static IPv4 configuration ?
Or from the shell on the main menu ?
April 12, 2024, 03:07:29 PM #11
ultimatelly I changed the IP
since I have plenty of VMs and physical hosts that are dependent on OPNsense I did it in few steps:
1- created virtual IP: 192.168.1.254/24 pointing to interface, where my initial 192.168.1.1 was
2- changed on every host (with manual IP settings) IP of DNS from hardcoded 192.168.1.1 to hardcoded: 192.168.VLAN.1 - this way hosts that are on VLAN 10 don't use directly IP of DNS on the 1.x interface but according to their VLAN so i.e.:
192.168.10.1 for vlan 10
192.168.30.1 for vlan 30
etc
and:
192.168.1.254 for hosts that have no vlan - also for these hosts I had to change default gw from 192.168.1.1 to 192.168.1.254
3- in the Services/DHCP I removed IP of DNS so every interface announces its own IP ad DNS IP
4- rebooted everything all was working, changed the IP of interface from 1.1 to 1.254 and removed virtual IP.

So far no issues.
But truth be told it was not 1 minute job. Maybe because my configuration was like that or maybe because I am not an expert.
Anyway, thanks all for encouragement.
April 12, 2024, 03:34:49 PM #12
Few things are 1 minute jobs anymore, lucky to get most down to 1 hour in my work day.

Off topic example: Wanted to set up Kasm server on Debian 12. I have a few Debian 12 VMs running on my system and it should be easy for me now (not strong in linux). it took me 4 hours with interruptions just to get the basic Debian set up with UFW, XRDP and a few other configuration items.

Using Kasm I set up a FOG server from home to test. Took 20 minutes to have Debian set up, took another hour and a half to get back to basic Debian install after messing it up many times. And now I have Kasm and FOG to learn (prepping for Windows 11).
Print
Go Up Pages1
User actions