Difference between revisions of "OPNsense"
(→System: Gateways: Single) |
(→System: Settings: General) |
||
Line 90: | Line 90: | ||
* Gateway switching: Allow default gateway switching | * Gateway switching: Allow default gateway switching | ||
+ | === Firewall: Aliases === | ||
+ | * RFC1918 | ||
+ | * Content: 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 | ||
+ | * Description: private networks | ||
+ | === Firewall: NAT: Port Forward === | ||
+ | ==== Anti-Lockout rule ==== | ||
+ | system default | ||
+ | ==== redirect traffic to proxy ==== | ||
+ | LAN1 TCP LAN1 net * ! RFC1918 80 (HTTP) 127.0.0.1 3128 | ||
+ | (make transparent Web-Proxy work) | ||
+ | |||
+ | === Firewall: NAT: Outbound === | ||
+ | * Mode: Automatic outbound NAT rule generation | ||
+ | ==== Auto created rule for ISAKMP ==== | ||
+ | WAN LAN1 networks, Loopback networks, 127.0.0.0/8 * * 500 WAN * YES | ||
+ | LTE LAN1 networks, Loopback networks, 127.0.0.0/8 * * 500 LTE * YES | ||
+ | ==== Auto created rule ==== | ||
+ | WAN LAN1 networks, Loopback networks, 127.0.0.0/8 * * * WAN * NO | ||
+ | LTE LAN1 networks, Loopback networks, 127.0.0.0/8 * * * LTE * NO | ||
[[category:Projekte]] | [[category:Projekte]] |
Revision as of 12:06, 17 March 2021
Contents
- 1 installation
- 2 aim
- 3 setup
installation
prerequisite
- serial-cable / female<>female (null-modem)
- https://de.wikipedia.org/wiki/RS-232#Verkabelung_und_Stecker
- RX-TX (Pin2/Pin3) crossed
- GND <> GND
- putty
- speed 115200
- installer:opnsense
aim
Internet Internet : : DSL-Provider:(2.5Mbit/s) LTE-Provider:(100GB/month) : : : : .---+----. .----+-----. |fritzBox| NAT-Routers | SpeedBox | '---+----' '----+-----' | | 192.168.178.1/24 192.168.0.1/24 | | DHCP DHCP | | | .----------. | +-WAN--| OPNsense |--LTE--+ '----+-----' | LAN 192.168.1.1/24 | DHCP | | ...-----+-----... (Clients/Servers)
- DSL speed is very low, switch to LTE
- LTE data-volume is limited, failover to DSL
- cache windows updates to save bandwidth and download-volume
setup
- Versions: OPNsense 21.1.1-amd64
- CPU type: AMD GX-412TC SOC (4 cores)
Interfaces: [LAN]
- Device: igb0
- IPv4 Configuration Type: static IPv4
- IPv6 Configuration Type: None
Interfaces: [WIFI]
- Device: ath0_wlan1
Interfaces: [WAN]
- Device: igb1
- IPv4 Configuration Type: DHCP
- IPv6 Configuration Type: None
Interfaces: [LTE]
- Device: igb2
- IPv4 Configuration Type: DHCP
- IPv6 Configuration Type: None
System: Gateways: Single
WAN_GW
- Interface: WAN
- Address Family: IPv4
- IP address: dynamic
- Disable Gateway Monitoring: unchecked
- Monitor IP: 8.8.8.8
LTE_GW
- Interface: LTE
- Address Family: IPv4
- IP address: dynamic
- Disable Gateway Monitoring: unchecked
- Monitor IP: 1.1.1.1
System: Gateways: Group
WAN_LTE_GW_GROUP
- Gateway Priority: LTE_GW: Tier1
- Gateway Priority: WAN_GW: Tier2
- Trigger Level: Pcket Loss
- Description: failover group
System: Settings: Administration
- (Secure Shell)
System: Settings: General
- DNS servers: 8.8.8.8 WAN_GW
- DNS servers: 1.1.1.1 LTE_GW
- Gateway switching: Allow default gateway switching
Firewall: Aliases
- RFC1918
- Content: 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
- Description: private networks
Firewall: NAT: Port Forward
Anti-Lockout rule
system default
redirect traffic to proxy
LAN1 TCP LAN1 net * ! RFC1918 80 (HTTP) 127.0.0.1 3128
(make transparent Web-Proxy work)
Firewall: NAT: Outbound
- Mode: Automatic outbound NAT rule generation
Auto created rule for ISAKMP
WAN LAN1 networks, Loopback networks, 127.0.0.0/8 * * 500 WAN * YES LTE LAN1 networks, Loopback networks, 127.0.0.0/8 * * 500 LTE * YES
Auto created rule
WAN LAN1 networks, Loopback networks, 127.0.0.0/8 * * * WAN * NO LTE LAN1 networks, Loopback networks, 127.0.0.0/8 * * * LTE * NO