NOOB - OPNS on Protectli with modem in bridge mode not working

[sisu888]

I truly have tried to research this but cannot figure out what the steps are to proceed.

I have a router/modem from the provider that they set into bridge mode.

The vault/OpnSense is in a default configuration except I set the WAN interface to allow private network traffic. But plugged directly into the LAN port on the vault I cannot see anything other than the vault.

Rather than a long text description I have attached a network diagram and a PDF file that has configuration screen shots for the modem and for the OPNSENSE config.

Any help would be greatly appreciated. I have a 2nd PDF file with additional configs from OpnSense but the attachment limit won't let me upload them. I suspect I can in response to a reply

[patient0]

According to your diagram you get the an IP from 192.168.1.0/24 from the Huawei modem on igc1 (WAN). And you set igc0 to 192.168.1.2/24 (LAN?). But the DHCP range is 192.168._2_.10-192.168._2_.245?

In general, you can't have the same subnet on WAN as on LAN. The router doesn't know where to send the traffic, WAN or LAN since they are the same.

On the other hand: the Huawei is in bridge mode you write, which would mean OPNsense get's a public IP.

Do you get a WAN IP at all (WAN IPv4 gateway -> *defunct*)? How are you supposed to get a WAN IP from you provider? Using PPPoE or directly?

[meyergru]

@patient0 is right, see this, point 1.

Your LAN interface should be using 192.168.2.1/24, the DHCP range would already fit that. Your WAN ist set correctly to DHCP mode.

If you want to access the GUI of your modem, you can add a VIP of 192.168.1.2/24 to your WAN, not 192.168.1.1, because presumably, the latter is your modem's IP. You can then access this from your OpnSense, but for access from your LAN, you will need a specific outbound NAT rule.
That being said, I find 192.168.18.100 on the internet as the default address for these Huawei modems, so YMMV.

There is also a guide on this topic.

I urge you noobies to sift through the tutorial sections more often.

[sisu888]

@patient0 / @meyergru - Thank you for your replies.

1. Sincere apologies - Typo on my network diagram. The DHCP was set to  subnet 192.168.1

@patient0 - Your points are well taken. I need to check how the modem is really functioning. Issue is that I am in Thailand and the technicians don't speak much English and I have been unable to figure out how to set up the bridge mode myself. My Thai is very basic but I am going to get them out here to work on it and try to figure out what is going on.

@meyergru - I did look but I did not see that specific guide. I am going through it now. Thank you for that. I will try to implement the VIP solution that you mention. I am also trying to find a manual for it but from Huawei it appears to be locked unless you have an account they recognize as being from a carrier. ANyway ... thank you ... let me try this stuff and I will get back to you

[sisu888]

Here are the other configs that I pulled from screen shots of the modem GUI (when I connect directly to the modem)

[meyergru]

Your new network diagram still shows the same network on two different interfaces, namely 192.168.1.x/24. It won't work. If the modem's IP was 192.168.18.100, it might work with 192.168.18.1 as VIP on the WAN interface. If it is 192.168.1.1, you will have to renumber your LAN to another network.

[patient0]

Here are the other configs that I pulled from screen shots of the modem GUI (when I connect directly to the modem)

I don't think your modem is in bridge mode. Bridge mode usually disables all router functionality, and in the screenshot in the PDF (attached below) Wifi seems enabled.

Additioally a VLAN seems needed to connect to WAN, VLAN 10 (TR069 or VLAN 33). I don't know what TR069 is, your provider should be able to clarify that.

You cannot view this attachment.
You cannot view this attachment.