OPNsense behind ISP router with NAT

[PeterESutton]

I have struggled to get my head around OPNsense which I am looking at for routing between subnets and controlling access to Internet.

I have eventually got a subnet on the inside accessing the internet and to another inside subnet.

Now I want to remove the NAT going out to the WAN since the WAN connects to an ISP router also doing NAT. So I turn off outbound NAT.

I now cannot get to the Internet. I cannot ping the ISP router.

I was wondering whether issue is routing so added RIP for all subnets. Do I have to manually add a route onto the ISP router to say go to my OPNsense box for the following subnets ... . Or is it something else I am doing? Any help or examples or documents explaining this process would be welcomed.

Thank you,
Peter

[fabian]

Routing protocols do only work if all routers can receive all routes - which means your ISP router needs to understand RIP. In your case, Your ISP router only needs static routes for the networks behind OPNsense - Routing protocols are for bigger setups.

[PeterESutton]

Thank you very much. This is what I thought. I do not think my ISP supplied router allows the addition of routes -
 have looked and have searched. So will stay with double-NAT. Resigned to the fact that if I need to alter this looks like I will have to upgrade the ISP-supplied ADSL router/modem device to something a bit more sophisticated. Peter

[bartjsmit]

If you only need ADSL+ and not VDSL, I've found the TP-Link TD-8616 to work well with OPNsense and PPPoE. It is out of production unfortunately.

Using only the ADSL modem makes things a lot simpler on the firewall.

Bart...

[Zeitkind]

Draytek xDSL modem:
https://www.draytek.de/vigor130.html
There is an older model without vDSL, DrayTek vigor120(b), but to be ready for vDSL I'd take the newer one.
The 130 is in fact a little router, but can be put into a pure bridged modus.