How can I widen the LAN subnet from /24 to /20?

[ipartola]

I am using opnsense as my firewall and router for my house. Due to a large number of IOT devices I am starting to run into the limits of a /24 subnet for my LAN. While I have IPv6, not many devices support it and not all control apps do.

I know the correct solution here is to set up a separate VLAN and subnet for IOT devices but when I tried that it presented a couple of problems, such as apps on my family’s devices not being able to connect to their IOT stuff.

Is there a seamless way to transition my current /24 to something like a /20 without too much downtime? If so, what would the process look like?

[Koloa]

For what it is worth, I did something like this whereby I increased my LAN from a /24 to a /23, and it was as simple as modifying the DHCP lease settings for DHCP clients (not yet played with Kea), including the netmask, and ensuring that the static IPv4 interface for the OPNSense box itself also had the /23 subnet selected from the dropdown.  I rebooted the box, then, rebooted my DHCP clients.

In my case, the only things that required anything more were a handful of devices where I wasn't using DHCP and had chosen to specify static settings which needed the new netmask.  Changed that, rebooted those devices just to be sure (but wasn't really necessary), and It Just Worked.

I don't think there was anything more to it in my case, but it was a year or so back, so I may be forgetting a step (that someone is bound to correct in this thread shortly).

[Labber53]

I can help with that. How seamless it is comes down to what your LAN subnet is today .

192.168.0.0 addresses were designed to be /24 or smaller (Class C)
172.16.0.0-172.31.255.55 can be down to /12
10.0.0.0 addresses can be down to /8

But good news! OPNsense lets you use "supernets", that is, use smaller masks for 192.168.0.0 addresses

https://mxtoolbox.com/subnetcalculator.aspx

192.168.0.0/20 = 192.168.0.0 - 192.168.15.255 = 4096 IPs in range = subnet mask 255.255.240.0
192.168.16.0/20 = 192.168.16.0 - 192.168.31.255 = 4096 IPs in range = subnet mask 255.255.240.0
192.168.32.0/20 = 192.168.32.0 - 192.168.47.255 = 4096 IPs in range = subnet mask 255.255.240.0
192.168.48.0/20 = 192.168.48.0 - 192.168.63.255 = 4096 IPs in range = subnet mask 255.255.240.0
192.168.64.0/20 = 192.168.64.0 - 192.168.79.255 = 4096 IPs in range = subnet mask 255.255.240.0
192.168.80.0/20 = 192.168.80.0 - 192.168.95.255 = 4096 IPs in range = subnet mask 255.255.240.0
192.168.96.0/20 = 192.168.96.0 - 192.168.111.255 = 4096 IPs in range = subnet mask 255.255.240.0
192.168.112.0/20 = 192.168.112.0 - 192.168.127.255 = 4096 IPs in range = subnet mask 255.255.240.0
[and so on]

If you are using 192.168.0.0/24 today and OPNsense is 192.168.0.1 with DHCP (using leases for any fixed IPs) then its almost seamless.
1. change the mask
2. update DHCP range/scopes to take advantage of the additional space
3. reboot everything

If you are using static IPs on your devices instead of DHCP, it's not seamless. Static IP devices need the updated subnet mask and a reboot.

@Koloa is spot on. When is set up a firewall as a site, I choose my subnets so I can increase the size (/24 to /23 to /22) without impacting the other subnets. Subnets have a "shape" and once you master that, it get easier.

[ipartola]

Thank you both. Thankfully I was smart enough to use 172.20 as my starting point so I won't be limited to the /24 limit of 192.168.

I'll give this a try when there are fewer people online at my house and fingers crossed, that'll do it. Don't have too many devices on static IPs active (well, not IPv4 at least, but IPv6 has plenty of space).

[Labber53]

You got this!

Tip: you can't turn 172.20.1.0/24 into a 172.20.1.0/20
Instead you turn it into 172.20.0.0/20
172.20.0.0/20 = 172.20.0.0 - 172.20.15.255 = 4096 IP addresses subnet mask 255.255.240.0