Last post by Raymond - November 22, 2023, 08:28:50 PM
My proposed home Network is based upon my understanding after watching "Home Network Guy's" YouTube video for design of BASIC Home Networks for Beginners.
Since I don't know where this may, eventually, lead me, I show a fourth VLAN for "future," which may (or may not ever) be needed.
The included jpg file is my freehand (with software app assistance) attempt to sketch my proposed design. Some equipment in the design shows possible options to consider, especially the mini OPNSense firewall and the managed PoE switch.
Thanks, in advance, for any/all criticisms/comments or alternatives.
I have opened up a couple of ports on my router which I have NATed to point to a web server running on a machine in my LAN and registered a domain name with a domain name provider so I can access using a domain.
The web server is accessible from my own network and also it seems to an external network which is using my ISP (at least I can accesss it using one of my neighbours network which uses the same ISP as me).
However when I try to accesss my LAN from an external network not using my ISP theree is no access - messages get sent, but there are never any replies, so it appears to be completely blocked. I cannot even ping my router's (WAN) IP address (I have opened up ping on my router). (nslookup does correctly resolve the ip address of my router from the domain name)
Does anyone have any idea what might be blocking eccess from external networks ? And can anyone tell me how I might go about determining why and where access is blocked ? (I do have a neighbour either side whose networks (one using a different ISP, the other using the same ISP as me) from which I can run tests ).
Thanks! I apologize for the late response too. Been busy working on content.
It's funny you mention using my site to help you with pfSense because usually it's the other way around. Many OPNsense users use pfSense documentation since there is not as much documentation available in general than pfSense, part of a the reason I created my website.
Interesting note about hardware incompatibility because I haven't encountered that but I use most Intel NICs but recently I reviewed a unit with 10G Mellanox SFP+ and all I needed to do was manually enable the driver via command line and reboot. Worked perfectly after that. I know that Realtek is an issue with FreeBSD in general.
Last post by Alex_53408 - May 20, 2023, 09:10:06 AM
Sorry for the late response and many thanks for getting back to me on this thread.
The funny thing is that I saw your post comparing OPNsense and pfSense, that's a very interesting comparison while actually, in the meantime, I had already switched to pfSense, where I could set up the OpenVPN - or at least I would say apparently .
At the moment, I am still in an exploration phase, with a basic configuration but while both solutions are great and quite rich, I feel to be more at ease with the pfSense GUI - just a matter of taste. And as most configurations and options are similar to those in OPNsense, this website will still be of great help!
Btw, one difference that I noted between the two systems - and maybe that is the reason why I couldn't set up the VPN in OPNsense but could do it in pfSense - might be linked to hardware compatibility, and especially NICs : I noted some instability with a few NICs on the WAN interface when using OPNsense, while for instance one the NICs that didn't work at all with OPNsense, seems to be working fine with pfSense.
Not sure what the cause of that can be, but it looks like there are more hw compatibility probes on the website https://bsd-hardware.info (nb: there is a linux page too) for OPNsense than for pfSense : it could mean more OPNsense users than for pfSense, or that OPNsense users experience more hw issues and therefore run probes. Just sharing this for info and for thoughts.
Any way, I'll be back to read further pages on the website and look a little bit on rules.
Thanks! I'm glad you found the information helpful.
As you may have noticed, I haven't written about connecting to external VPN providers using OPNsense as an OpenVPN client. I only wrote about using OPNsense as an OpenVPN server. It is on my todo list to write about how to do external VPN connections, but since I haven't spent much time with the topic yet, I can't really offer a lot of advice at the moment, unfortunately.
I don't know if you need to setup the appropriate outbound NAT rules and/or set your default gateway to be the VPN provider so all traffic goes out the VPN. Since you don't want to use policy based routing, I'm assuming you want all traffic to go through the VPN (and I'm also assuming you don't need policy based routing if you're routing everything through the VPN since you're not routing only certain VLANs through the VPN). These are some areas I'm not clear on yet since I haven't taken the time to learn and try out various VPN connections to external VPN services.
Last post by Alex_53408 - May 03, 2023, 06:14:48 PM
Firstly, many thanks to Home Network Guy for this great website: I was looking for resources to get started with OPNSense and then add on more and more features, and that's the perfect place to find this - big thanks!
I have a question about OpenVPN set up in the following use case : - OPNSense is connected between the home internet access and the LAN - I would like to route the traffic from OPNSense to a VPN server via OpenVPN - so far, I have followed different tutorials, including this one found in this forum (although I don't look to use policy based routing for now) : https://community.spiceworks.com/how_to/177167-policy-based-routing-via-vpn[/li][/list]
At this stage : a) the OpenVPN client appears as "connected" in the screen VPN> OpenVPN> Connection Status : there are both a virtual and a real remote Ip address. b) however, when checking the Ip address on a site such as ipinfo.io, the displayed Ip is the address provided by my ISP, not the one coming from the VPN service provider, although this address can be seen in the connection status (point a) above) c) then, in the same VPN> OpenVPN> Connection Status screen, there is line for another vpn client. That line is empty though (no ip addresses) and it ends with a failed status. But I can't figure out where this comes from (please see attached screenshot).
I found different tutorials about OpenVPN set up in PfSense which mention things about adding routes, but these fields look different compared to the screens in OPNsense.
Because I kind of had to mix inputs from different sources, it's likely something is missing there, but any idea about how to solve this would be really welcome.
I think the way you are allocating IP address is fine because you have separate ranges for dynamic IPs and the static IP addresses you are setting up in OPNsense.
What I was referring to before is that you can set a static IP address on each individual system manually (such as a Windows PC where you manually configure the static IP address instead of using the default automatic DHCP settings) or you can set static IP addresses in OPNsense via DHCP using the MAC addresses. If you set the static IPs in OPNsense, all of your systems can be left at the default automatic DHCP setting and it will automatically receive the static IP from OPNsense. Either way will work for static IPs as long as you don't overlap IP address ranges since you could run into IP address conflicts.