Home Network Guy Forum

Home Networking => Success Stories => Topic started by: sushifish on August 26, 2021, 05:24:40 AM

Title: Thanks for the ToDo'S
Post by: sushifish on August 26, 2021, 05:24:40 AM
First of all, many Thanks for providing such detailed How-To's especially for OpenSense.
With your posts I was able to set-up Opensense for a small business (around 10 users).
I replaced the default router with a small appliance (around 600 USD invest), switched the Wlan to a dedicated AP (business Netgear model), seperated Internal and Guests in VLANs and also the VoIP phones and Server into a seperate one.
It took me 2 evenings to set-up most of the stuff. I sweated, prayed and nearly used the hammer which I found in the server room. I managed several times to log-out from opensense or the Aruba-Switch once turning the VLANs "hot". After reading most of your guides and repeating step-by-step I fianally managed. First to set-up the internal network structure, and later replacing also the old router which still took care of dialing-in (I also needed a VLAN on the WAN interface for the successful dial-in).
Maybe some learnings for others:
Get all! log-in's from existing servers and change them to DHCP.
Before starting, make sure you have access to console on the appliance and switches (you might need special cables to do so - the Aruba switch provides a micro-USB which you can connect to a laptop and access a console via COMx interace; the OpenSense appliance finally got the VGA-output working - the serial port was wrong "sex" for my cable  :( - this is why I recommend to try console on all switches and the Appliances before starting).
And I (still) have 2 machines where I cannot access the management interfaces and they seem to have fixed IPs. So I had to change my Internal Netowrk set-up to match with the old IP-layout. Of course I discovered that the NAS is using the "wrong" fixed IP only when colleagues urgently needed access to it - so to change the INT-interace to the other IP space as a solution was quite urgent and I was really happy this solution came to my mind...
Setting up OpenSense only worked "out-of-the-box" once I used the provided interface detection in the set-up routine on the shell. Even if I assigned the ports manually the right way, something seemed to miss - I think something in the routing or automatic firewall rules. This was one of the sources for log-outs and not working WAN connections, I think (maybe on the 5th trial I did something different, but I cannot tell now, what it was - so I think it was the use of the set-up in the shell).
Still some work in tuning the FW rules (It's quite open at the moment, but I cannot allow to disrupt the colleagues all the time  ;D)
But over all performance is now better (OK, it gets reduced a bit with using Sensei), we can use port forwarding to the VoIP appliance now (this one needs so many open ports that I could not open these on the small router from the provider) and hopefully a VPN in future (the Wireguard set-up did not really work - OpenVPN looks better on the first glance, final test from home this evening). All together I'm happy with the decision for OpenSense and had a lot of fun and learning (I'm not an IT professional) in setting this up!
Title: Re: Thanks for the ToDo'S
Post by: Home Network Guy on August 30, 2021, 11:22:54 AM
I'm glad you found my site useful in helping you set up OPNsense for a small business! Also thanks for the tips for people using that particular hardware.