I am working on setting up an ONPSense router on my home network. I will be hosting a small dev ops server for my company and figured a little more robust firewall/router would be great. I’ll be putting my home wifi and devices on a separate VLAN to keep all the traffic segregated. I have a laptop and an older Intel NUC which I thought would do the trick. They both only have 1 NIC on-board. No problem, I have a little ProSafe Plus switch as well, I’ll just utilize VLAN tagging. Well this is where the wheels come off. I don’t know if I have something misconfigured or if I just have incompatible hardware or what.
I have installed OPNSense on the NUC and the laptop and configured them with VLANs for the LAN and WAN interfaces. The switch has port 1 setup up for VLAN tagging which is hooked to the OPNSense machine. Port 2 goes to my internet gateway. The other ports are untagged.
Anytime I turn on the OPNSense machine and plug the switch in to my gateway the entire network fails. No hostnames can be found. I am not sure if I have a misconfiguration in the switch, in OPNSense, or just have some incompatible hardware. I have a buddy that was trying to help me set it up and I have an identical setup to his own but still am unable to make it work.
Anyone have any experience with OPNSense that could give me some pointers?
For the NUC, I assume you mean it only has the one ethernet port available, which is why you had to opt for VLANs for the LAN and WAN? If that’s the case, although I don’t at all recommend doing this, it might be possible given you have your VLAN aware switch configured correctly.
Are you keeping the LAN native on the NUC? You may be able to have port 1 set VLAN 1 to be untagged and trunk all other traffic (ensuring to tag WAN VLAN and any other VLANS), then port 2 have the WAN VLAN set untagged. If you’re not using VLAN 1 for your LAN, you would otherwise just need to set the LAN VLAN to be untagged on all other ports, tagging other VLAN traffic as necessary.
Again, this is not a recommended set up and may not work.
Step 1 for me, if you have multipl wan IP’s to go at, would be to untag a port on the WAN vlan and check you can ping your router / gateway to check that the vlan tagging is working correctly there.
Then untag two ports on your LAN vlan and check that two devices connected there can see each other.
At this point you know your vlans are working.
Then tag the LAN vlan on a port and connect something that supports vlans (maybe opensense but I have no experience of that specifically) and again check everything pings on LAN
Finally tag the WAN vlan on the same port and see what happens.
Also what Eric said…
If you are using vlan 1 for your LAN then don’t tag that, it should be untagged anywhere you need it even for VLAN aware devices. Some gear does not play well with vlan 1 tagged.
Thanks for the advice. I have seen this done by others but I think I am over-thinking everything. I can just grab a USB ethernet adapter to add a second ethernet connection to either machine. I think I was headed down a rabbit hole and needed someone to slap me out of it.
Look, we’ve all been there. Honestly a USB ethernet adapter isn’t a bad idea to try, haven’t tried one of those specifically with pfSense to use as an interface but I imagine it could work just fine.