Lan Interface - VLan 1 - 2 IPs and Gateway

Started by spooner.arthur, December 15, 2025, 09:35:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 15, 2025, 09:35:28 PM
Hello,
I need on the Lan Interface (igb1) in VLan1 two IP Addresses.
Both IPs I need as Gateway IP for Clients and Phone.
I can not work with different VLans because there is a chaotic network.
Can I use a Virtual IP for the second IP Address?

Best regards
Arthur
December 15, 2025, 09:39:09 PM #1
Sure you can.
But why do you need two gateways?
December 15, 2025, 09:44:05 PM #2
Quote from: spooner.arthur on December 15, 2025, 09:35:28 PMCan I use a Virtual IP for the second IP Address?

Yes, of course. OPNsense might (I have not tested this) not pick up that virtual IP and the corresponding network for automatic NAT. So possibly you will have to configure manual or hybrid NAT. But that's all. Running two distinct IP networks over a single Ethernet (also called a broadcast domain) works - no problem with that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 16, 2025, 08:02:42 AM #3
Thanks for the replies.

I need two Gateway.
1. for the Clients and Servers and so
2. for the 3CX PBX and Phones

I also need incoming Firewall Rules for the 3CX.
Is that a problem?
December 16, 2025, 09:19:32 AM #4
Quote from: spooner.arthur on December 16, 2025, 08:02:42 AMI also need incoming Firewall Rules for the 3CX.
Is that a problem?

No, of course not.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 16, 2025, 07:14:59 PM #5
Virtual IP is new to me. I have never even heard the term before reading this. Google says they are fairly common, sort of.

Like most things in Google, they provide a lot of information up to a point. Then nothing.

I found how to set them up. Lots of people offer information on that.

Nobody offers a simple explanation of what they are used for. What is the use case? Why would somebody want one and what would it do? Without using lots of jargon.
December 16, 2025, 07:27:30 PM #6
You need to add virtual IPs if you have multiple WAN IPs from your ISP or a subnet and want services on OPNsense to listen on multiple of them.
Also if you run two OPNsense in high availability you need to add a VIP of type CARP in this case.

Virtual IPs are just additonal IP to access OPNsense or even services on it.
Type Proxy ARP works a bit different, however. It cannot used for services on OPNsense itself. With this OPNsense just responses ARP requests to this IP. You can use it for forward traffic behind.

On internal interface there are very rara good use cases. That's why I asked for it.
One is if you want to run multiple layer 2 subnets on a singel network interface for instance.
December 16, 2025, 10:51:04 PM #7
Quote from: viragomann on December 16, 2025, 07:27:30 PMOne is if you want to run multiple layer 2 subnets on a single network interface for instance.
Subnets are layer 3. You can run multiple layer 3 networks/subnets on a single interface/broadcast domain (layer 2) with virtual addresses.

While I agree that you cannot expect anyone new to networking to be comfortable with these terms, the distinction is important. Possibly just a typo on your part ;-)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions