News:

Welcome to the Home Network Guy forum!

Main Menu

Thanks for the ToDo'S

Started by sushifish, August 26, 2021, 05:24:40 AM

Previous topic - Next topic

sushifish

First of all, many Thanks for providing such detailed How-To's especially for OpenSense.
With your posts I was able to set-up Opensense for a small business (around 10 users).
I replaced the default router with a small appliance (around 600 USD invest), switched the Wlan to a dedicated AP (business Netgear model), seperated Internal and Guests in VLANs and also the VoIP phones and Server into a seperate one.
It took me 2 evenings to set-up most of the stuff. I sweated, prayed and nearly used the hammer which I found in the server room. I managed several times to log-out from opensense or the Aruba-Switch once turning the VLANs "hot". After reading most of your guides and repeating step-by-step I fianally managed. First to set-up the internal network structure, and later replacing also the old router which still took care of dialing-in (I also needed a VLAN on the WAN interface for the successful dial-in).
Maybe some learnings for others:
Get all! log-in's from existing servers and change them to DHCP.
Before starting, make sure you have access to console on the appliance and switches (you might need special cables to do so - the Aruba switch provides a micro-USB which you can connect to a laptop and access a console via COMx interace; the OpenSense appliance finally got the VGA-output working - the serial port was wrong "sex" for my cable  :( - this is why I recommend to try console on all switches and the Appliances before starting).
And I (still) have 2 machines where I cannot access the management interfaces and they seem to have fixed IPs. So I had to change my Internal Netowrk set-up to match with the old IP-layout. Of course I discovered that the NAS is using the "wrong" fixed IP only when colleagues urgently needed access to it - so to change the INT-interace to the other IP space as a solution was quite urgent and I was really happy this solution came to my mind...
Setting up OpenSense only worked "out-of-the-box" once I used the provided interface detection in the set-up routine on the shell. Even if I assigned the ports manually the right way, something seemed to miss - I think something in the routing or automatic firewall rules. This was one of the sources for log-outs and not working WAN connections, I think (maybe on the 5th trial I did something different, but I cannot tell now, what it was - so I think it was the use of the set-up in the shell).
Still some work in tuning the FW rules (It's quite open at the moment, but I cannot allow to disrupt the colleagues all the time  ;D)
But over all performance is now better (OK, it gets reduced a bit with using Sensei), we can use port forwarding to the VoIP appliance now (this one needs so many open ports that I could not open these on the small router from the provider) and hopefully a VPN in future (the Wireguard set-up did not really work - OpenVPN looks better on the first glance, final test from home this evening). All together I'm happy with the decision for OpenSense and had a lot of fun and learning (I'm not an IT professional) in setting this up!

Home Network Guy

I'm glad you found my site useful in helping you set up OPNsense for a small business! Also thanks for the tips for people using that particular hardware.