Author Topic: more complex setup (Read 5209 times)

mahescho · « **on:** September 26, 2018, 04:11:07 pm »

Hi,

i plan a a bit more complex setup. See attachment. I've tree VDSL connections. All with static public IPv4 and IPv6. On with an IPv4 subnet and a /48 v6 prefix. The other two get single v4 addresses and a /56 v6 prefix. Internally I plan to have VLANs only and depending on the VLAN different outgoing NAT setups an IPv6 nets. Communication between the VLANs has to work too.

Is this doable with OPNsense?

TIA
Matthias

fabian · « **Reply #1 on:** September 26, 2018, 07:47:10 pm »

I have never used it but OPNsense should be multi-wan capable.

opnsrcfw · « **Reply #2 on:** September 27, 2018, 04:56:07 am »

@mahescho your network config should be achievable with OpnSense.

mahescho · « **Reply #3 on:** September 27, 2018, 09:10:13 am »

@opnsrcfw Thanks, I thought so, as I did some thing similar with FreeBSD using FIBS. My concern was if this could be done via the GUI.

franco · « **Reply #4 on:** September 27, 2018, 12:54:38 pm »

Caveat: Multi-WAN with multiple DHCPv6 WANs does not currently work, but if you're using all static you shall be fine.

Cheers,
Franco

mahescho · « **Reply #5 on:** September 27, 2018, 09:52:46 pm »

@franco: I only use static public IPs

My major headaches at the moment are this: https://forum.opnsense.org/index.php?topic=9786.0 and that: https://forum.opnsense.org/index.php?topic=9804.0

franco · « **Reply #6 on:** September 27, 2018, 10:07:15 pm »

Let me answer here.

I hope 18.7.4 fixed the first one:

https://github.com/opnsense/changelog/blob/master/doc/18.7/18.7.4#L18

The second question's answer is: Firewall: Virtual IPs. Yes, it also works for IPv6 but the subnet mask may not switch immediately. Try saving anyway.

There *may* be a combination of issue 1 and 2 happening now for you for Virtual IPs on top of PPPoE so we need to go back and fix that as well. PPPoE is an ongoing adventure for us...

As far as binding goes for the services you mentioned... we don't support exclusive binding setups in the plugins so it's more of a primary interface address or all of the set addresses (including virtual IPs). Worst case you will have to install the FreeBSD packages and skip the plugins.

Cheers,
Franco

mahescho · « **Reply #7 on:** September 28, 2018, 12:42:04 pm »

Thanks.

Binding: Too bad, my hope was that "basics" are covered her. I''ve tried several commercial Linux based firewall and they all failed too when it came to binding and most important being able to create separate configurations for different IPs and ports. At least with OPNsense a complete manual setup of services is possible, as you mentioned.

IPv6 on PPPoE: The latest update fixed the problem. Thanks.

Now I will experiment with "virtual IPs" ...

BTW: My IPv6 issue on static connection persists! https://forum.opnsense.org/index.php?topic=9639.0 I've to use the "pfctl" workaround ...

Author Topic: more complex setup (Read 5209 times)

mahescho

more complex setup

fabian

Re: more complex setup

opnsrcfw

Re: more complex setup

mahescho

Re: more complex setup

franco

Re: more complex setup

mahescho

Re: more complex setup

franco

Re: more complex setup

mahescho

Re: more complex setup