OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Migration of network structure
« previous next »
  • Print
Pages: [1]

Author Topic: Migration of network structure  (Read 51 times)

schnipp

  • Sr. Member
  • ****
  • Posts: 374
  • Karma: 19
    • View Profile
Migration of network structure
« on: Today at 06:05:34 pm »
For historical reasons, I have the following network structure:

  • Fiber ONT (Deutsche Glasfaser) <-> Fritzbox 7490 (router mode) <-> Opnsense <-> …

The above scenario worked fine for the last year (without interruptions). But the signal reception of my DECT phones connected to the Fritzbox is not good in some parts of my house, so I want to move the Fritzbox to a new location. This is a good time to remove the Fritzbox from the WAN side of the Opnsense and put it as a dedicated device in a separate VOIP VLAN. So far, so good. A few questions arise.

  • The network card in the WAN (Intel X553) had repeated connection losses in the past, which I solved by disabling EEE (Energy Efficient Ethernet) on the Fritzbox. I am not sure if the Opnsense network card (Intel X553) supports configuring EEE itself (setting the system tunable "dev.ix.n.eee_state=0" via SSH results in a hung SSH session. Finally, this parameter is not set). Does anyone have recommendations to avoid such connection loss issues in advance?

  • There were some discussions in the forum in the past about missing IPV6 prefix and address assignments (especially in case of connection loss) with Deutsche Glasfaser. On my Fritzbox, such problems never occurred in the past. Does anyone know the reasons some users have pointed to? I think the DHCP DUID should be persistent at least during boot cycles. Is that correct?

  • Modern SIP clients should derive the IP address for the SIP server by querying the SRV DNS record instead of directly querying the A record. Does the Opnsense firewall support DNS-based firewall rules based on SRV records?


Logged
OPNsense 24.7.9_1-amd64

meyergru

  • Hero Member
  • *****
  • Posts: 1720
  • Karma: 169
  • IT Aficionado
    • View Profile
    • congenio
Re: Migration of network structure
« Reply #1 on: Today at 08:13:55 pm »
1. That largely depend on if the ONT does EEE, so I would worry only if the problem turns up.
2. IHMO these were mostly configuration errors by newbies who did not follow all instructions by the letter or tried more sophistcated setups (like LAN bridges, again, without following instructions closely).
3. AFAIK, no. But why would you? The SIP IPs are known beforehand, so you can put them into a firewall alias. SIP nowadays does need a port forward, but if you know your ISP, you can also limit inbound connections to their ASN.
I always restrict such devices to my IoT network, where they cannot do much harm, anyway.
« Last Edit: Today at 08:28:48 pm by meyergru »
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Migration of network structure
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2