[newbe] Fist install: Can't reach web GUI (can't ping OPNs)

[MarieSophieSG]

Hello,
I'm so excited to finally have installed OPNsense on my box I bought 2 years ago (I first was trying to install through consol, never managed to, so I ended up buying a screen + keyboard just for it)

Install went fine, I couldn't use ZFS for I have only 1 drive, I've set all 4 RJ45 (iscg0 = Wan; icg1 = LAN1; icg2 =LAN2; icg3=LAN3)
each LAN will have their VLANs to isolate and manage groups of devices
Some VLANs will communicate with each others, some won't
LAN1 192.168.111.101 goes to a switch
LAN2 192.168.111.102 goes to my current Cisco Router/WiFi
LAN3 192.168.111.103 goes to the other switch

I've plugged my box between the modem and the network, no access to Internet, no access to OPNsense web GUI
I've plugged my box directly to my laptop1 (Linux) no access
I've plugged my box behind the router, no access (Router IP changed to 192.168.111.100/24 to match OPNsense)
I've plugged my box (WAN+LAN1) to the switch behind the router, no access to GUI
I've plugged my box (All four icg ) to the switch behind the router, I can ping LAN2 IP address but still can't access GUI

I'm sure I'm missing something simple/obvious, but just can't find what ?
Thank you

[MarieSophieSG]

PS: A new section: "Newbe" or "Get started" might be a good option on this forum ?

[meyergru]

Yes, you are missing that you cannot have different LANs with the same subnet - 192.168.111.0/24 in this case.

[cookiemonster]

A bit more background would probably help.
- When you have a device with a firewall/router operating system like OPN installed, the default will treat each interface i.e. igc2, igc3 (th ephysical ones), after setup, as indipendent networks.
-- To "join them" behaving as a switch, you need to create a bridge. There are instructions but is not the default.
-- These are not VLANs, they are LANs.
- You don't need more than one drive to use ZFS. You can reinstall and use ZFS on the single disk. You benefit from a better filesystem compared to UFS.
- To use VLANs, they go under a single interface i.e. icg2 and your switch will need to be a managed one and set the connecting port from it to OPN as a trunk port with all traffic tagged.

[MarieSophieSG]

Yes, you are missing that you cannot have different LANs with the same subnet - 192.168.111.0/24 in this case.

TY
If I understand correctly, I should have
LAN1 192.168.111.101
LAN2 192.168.112.101
LAN3 192.168.113.101
Rather than the current
LAN1 192.168.111.101
LAN2 192.168.111.102
LAN3 192.168.111.103
Yes ?

But that doesn't explain why I can't reach 192.168.111.101 while Laptop1 is plugged directly to the OPNs box ?

[Patrick M. Hausen]

If I understand correctly, I should have
LAN1 192.168.111.101
LAN2 192.168.112.101
LAN3 192.168.113.101

Yes.

Rather than the current
LAN1 192.168.111.101
LAN2 192.168.111.102
LAN3 192.168.111.103
Yes ?

But that doesn't explain why I can't reach 192.168.111.101 while Laptop1 is plugged directly to the OPNs box ?

Your three ports are not in any way connected internally. So even if you connect the PC to LAN1, OPNsense's routing table might decide that that network (192.168.111.0/24) is really only connected to LAN2 and send the reply packets there.

This is the reason why you must use different IP networks for different physical networks.

[MarieSophieSG]

A bit more background would probably help.

Sure thing ! what do you need me to post ?

- When you have a device with a firewall/router operating system like OPN installed, the default will treat each interface i.e. igc2, igc3 (th ephysical ones), after setup, as indipendent networks.
-- To "join them" behaving as a switch, you need to create a bridge. There are instructions but is not the default.
-- These are not VLANs, they are LANs.

TY, but I'm not there yet, that will be for later once I manage to reach the GUI ;)

- You don't need more than one drive to use ZFS. You can reinstall and use ZFS on the single disk. You benefit from a better filesystem compared to UFS.

TY, but when I selected ZFS option, it came up with 4 choices, and neither worked, it says there is no second drive for ZFS (not to mention RAID)

- To use VLANs, they go under a single interface i.e. icg2 and your switch will need to be a managed one and set the connecting port from it to OPN as a trunk port with all traffic tagged.

Oh ! hum ...
So my desired set up:
LAN1 = 192.168.111.101 (Unmanned switch1)
VLAN11 = 192.168.111.102-192.168.111.109
VLAN12= 192.168.111.110-192.168.111.113
VLAN13= 192.168.111.114-192.168.111.120
will not work ? Good to know

But first I still have to find a way to at least reach the GUI

[MarieSophieSG]

If I understand correctly, I should have
LAN1 192.168.111.101
LAN2 192.168.112.101
LAN3 192.168.113.101

Yes.

Rather than the current
LAN1 192.168.111.101
LAN2 192.168.111.102
LAN3 192.168.111.103
Yes ?

But that doesn't explain why I can't reach 192.168.111.101 while Laptop1 is plugged directly to the OPNs box ?

Your three ports are not in any way connected internally. So even if you connect the PC to LAN1, OPNsense's routing table might decide that that network (192.168.111.0/24) is really only connected to LAN2 and send the reply packets there.

This is the reason why you must use different IP networks for different physical networks.

Right, I see ... thank you !
So unplugging everything and back to the test table to access the box (keyboard+screen) and reinstall from scratch ...

[cookiemonster]

> Sure thing ! what do you need me to post ?
I meant a bit of background for you ;)

>TY, but when I selected ZFS option, it came up with 4 choices, and neither worked, it says there is no second drive for ZFS (not to mention RAID)
I haven't installed from scratch in a while but one of those should be "stripe". That is the option for a single drive.

[MarieSophieSG]

> Sure thing ! what do you need me to post ?
I meant a bit of background for you ;)

Oh ! haha, I wasn't there. All good then :)

>TY, but when I selected ZFS option, it came up with 4 choices, and neither worked, it says there is no second drive for ZFS (not to mention RAID)
I haven't installed from scratch in a while but one of those should be "stripe". That is the option for a single drive.

Yes, that is the first option I tried, and got the error msg "second drive not selected/mising" (or something like that)
As I have to re-do the complete install anyway, I will try again, but no hope
Thks

[cookiemonster]

Yes, that is the first option I tried, and got the error msg "second drive not selected/mising" (or something like that)
As I have to re-do the complete install anyway, I will try again, but no hope
Thks

As lady luck would have it, here is a minutes-old picture.
https://forum.opnsense.org/index.php?topic=42791.0;topicseen see post #7 of that thread.
ZFS setup step, select that single drive and follow next steps.

[MarieSophieSG]

Yes, that is the first option I tried, and got the error msg "second drive not selected/mising" (or something like that)
As I have to re-do the complete install anyway, I will try again, but no hope
Thks

As lady luck would have it, here is a minutes-old picture.
https://forum.opnsense.org/index.php?topic=42791.0;topicseen see post #7 of that thread.
ZFS setup step, select that single drive and follow next steps.

TY, but no need, I found the bug ...
It's right here between the keyboard and the seat !
As I said, I did the complete reinstall and spent more time on the ZFS
The error message was *not* about a second disk, but about a *first* disk !
The menu suggest the disk, but you have to select it to go ahead and format it ... which I didn't not in the first try, hence the error msg
And indeed, when I select it, it works like a charm ...

[MarieSophieSG]

If I understand correctly, I should have
LAN1 192.168.111.101
LAN2 192.168.112.101
LAN3 192.168.113.101

Your three ports are not in any way connected internally. So even if you connect the PC to LAN1, OPNsense's routing table might decide that that network (192.168.111.0/24) is really only connected to LAN2 and send the reply packets there.

This is the reason why you must use different IP networks for different physical networks.

I've reinstalled the OS and set the 4 icg as suggested
icg0 WAN DHCP
icg1 LAN1 192.168.111.101
icg2 LAN2 192.168.112.101
icg3 LAN3 192.168.113.101

Connecting my laptop to icg1, typing in the IP in both browsers, neither reach
Ping doesn't reach
I'm frustrated .. I've reconnected my old router to be able to write here

Any idea ?
I even tried to connect to each icg, in case the icg1 is not where I think it is (physically) but to no avail :/

[newsense]

Only the first/default  LAN will have rules that will allow you to access the FW and go online, the others will need rules to achieve that. In your case it could be LAN1

[cookiemonster]

Also. For simplicity the interface designated as LAN during setup, say LAN1 will have a DHCP service enabled (I think it is an option given at setup) so when you plug your laptop, it gets an ip and they can talk.
If for any reason that wasn't enabled, check the ip aff of your laptop. If is not in the range ie. 192.168.111.0/24 then change it manually on the laptop so they're both in the same network that way and can talk.