NEED WITH HELP OPNSENSE CONFIG.(Modem>Opnsense firewall>managedSwitch>OpenwrtAP)

Started by iwanttolearn, January 17, 2026, 04:19:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 17, 2026, 04:19:06 PM
Hi everyone.

Im tryinging to install a opensense firewall for about 1 and a half year now without succes. I have wasted countless hours trying and watching all yt content without succes. Both HomeNetworkGuy's 2025 and old guides, sheridan computers videos you name it. I dont even know why and what im doing wrong. Last year at new years eve i finally had a IP Lease but i noticed it after restarting the firewall appliance. The setup goes like this: modem>(protectli)Opnsense firewall>(Zyxel) managed switch> Openwrt AP. I dont know if im doing it wrong on the Opnsense firewall, the zyxel managed switch or on the Openwrt AP im configuring.

Can someone help me out with this task since i tried by myself for about a year now and cant pull it off. Im using the GUI (NO COMAND LINE) to do it.
January 17, 2026, 05:52:28 PM #1
How is your Internet uplink supposed to work? DHCP? PPPoE? That information can come from your ISP only. Or from examining a working device if you have access to its admin UI.

You must know this upfront or no YT video is going to help you. There are settings very specific to your ISP and the "Internet" product you rented alone.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 17, 2026, 07:17:11 PM #2
I have PPPoE if im not wrong. On the site it said:

Annex: A
Mode: PPPoE.

Side question.
Is it a must to be connected to the internet to configure Opnsense and get a IP LEASE ?
Today at 06:28:06 PM #3
What do you mean by "connected to the Internet"? To make OPNsense your Internet router and firewall of course you need to connect OPNsense's WAN port to the modem. Then you connect your switch to OPNsense's LAN port and your PC to the switch.

Your PC should get an IP address from OPNsense's default LAN range 192.168.1.x. You should be able to connect to the OPNsense UI at address 192.168.1.1 with your browser and login.

Then you follow the well documented procedure to set up a PPPoE link, using the username and password and potentially other information (VLAN?) you got from your ISP.

The documentation is here:

https://docs.opnsense.org/manual/how-tos/pppoe_isp_setup.html

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 07:38:30 PM #4
Hi Patrick

First of all thank you so much for the response. I hope you understand that its all a bit new to me.

What i meant is that i walked all/as much of the steps of configuring the firewall without having the modem installed yet or having it connected to the internet (keeping it offline) since cutting off internet at home for to long of a period might cause a uprising, heavy resistance and protest from kids and wife.

I followed this guide step by step: https://www.youtube.com/watch?v=fPP4UE6IuRc&pp=ygUXaG9tZW5ldHdvcmtndXkgb3Buc2Vuc2U%3D

And for the zyxel managed switch this guide: https://www.youtube.com/watch?v=2VHgZg5jFiM&pp=ygUsenl4ZWwgbWFuYWdlZCBzd2l0Y2ggZ3MgMTIwMC04IGNvbmZpZ3VyYXRpb24%3D

I followed it step by step except for the only part i did not do from the start is the PPPoE and ISP credentials part. My thought was that i could do this part last so that i would not lose wifi connection from the ISP router i am connected to now. But this shouldn't be necessary for a valid IP Lease from the Openwrt AP right?

Also what i still don't get is if the switch and AP should be in the same IP range as the modem and Opnsense firwall. Meaning if the modems IP address is lets say 192.168.1.1 the firewall is 192.168.1.2 should the the switch and AP also be at 192.168.1.3 and 192.168.1.4 or a different 192.168.1. IP?
I did it this way just to not complicate things more than they already are but since the switch recognizes the VLAN TAGs not the IP addresses right?
Today at 08:19:27 PM #5
For starters, you have got a few problems here:

a. That video of the HomeNetworkGuy handles an internet connection with DHCP only, not with PPPoE - so, you cannot follow this from the very start. That is the problem with many of these video guides: They show one specific setup - in reality, every setup is different and you will have to know what your are doing.

b. Speaking of this, the question you ask about IPs clearly show that you have little to no networking skills. Different networks (like WAN with the modem and LAN with your switch and/or AP) not only have different IPs, but even different IP ranges. So, you cannot have 192.168.1.1 for the modem, 192.168.1.2 for OpnSense WAN and also 192.168.1.x for anything that connects to your LAN (like the switch and AP). Besides that, OpnSense has an IP for every which interface, say 192.168.2.1 for LAN.

c. If you aim to learn while your regular network does not get interrupted, you should consider to use OpnSense behind your ISP router first. That way, you can try out these things. However, that is what is called a "router-behind-router" scenario, which in some ways is even harder to understand than a normal setup.

You could start with this post for hints and the official OpnSense docs, I do not recommend YT videos or AI to learn this. YT videos cannot cover every variant, like you see and AI is wrong most of the time.

However, you will find that it may take you serious time to learn the skills to master this. OpnSense is a professional tool, not your average consumer appliance.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Print
Go Up Pages1
User actions