OPNsense
Contents
- 1 installation
- 2 aim
- 3 setup
- 3.1 Interfaces: [LAN]
- 3.2 Interfaces: [WIFI]
- 3.3 Interfaces: [WAN]
- 3.4 Interfaces: [LTE]
- 3.5 System: Gateways: Single
- 3.6 System: Gateways: Group
- 3.7 System: Settings: Administration
- 3.8 System: Settings: General
- 3.9 Firewall: Aliases
- 3.10 Firewall: NAT: Port Forward
- 3.11 Firewall: NAT: Outbound
- 3.12 Firewall: Rules: Floating
- 3.13 Firewall: Rules: LAN
- 3.14 Firewall: Rules: LTE
- 3.15 Firewall: Rules: WAN
installation
prerequisite
- serial-cable / female<>female (null-modem)
- https://de.wikipedia.org/wiki/RS-232#Verkabelung_und_Stecker
- RX-TX (Pin2/Pin3) crossed
- GND <> GND
- putty
- speed 115200
- installer:opnsense
aim
Internet Internet : : DSL-Provider:(2.5Mbit/s) LTE-Provider:(100GB/month) : : : : .---+----. .----+-----. |fritzBox| NAT-Routers | SpeedBox | '---+----' '----+-----' | | 192.168.178.1/24 192.168.0.1/24 | | DHCP DHCP | | | .----------. | +-WAN--| OPNsense |--LTE--+ '----+-----' | LAN 192.168.1.1/24 | DHCP | | ...-----+-----... (Clients/Servers)
- DSL speed is very low, switch to LTE
- LTE data-volume is limited, failover to DSL
- cache windows updates to save bandwidth and download-volume
setup
- Versions: OPNsense 21.1.1-amd64
- CPU type: AMD GX-412TC SOC (4 cores)
Interfaces: [LAN]
- Device: igb0
- IPv4 Configuration Type: static IPv4
- IPv6 Configuration Type: None
Interfaces: [WIFI]
- Device: ath0_wlan1
Interfaces: [WAN]
- Device: igb1
- IPv4 Configuration Type: DHCP
- IPv6 Configuration Type: None
Interfaces: [LTE]
- Device: igb2
- IPv4 Configuration Type: DHCP
- IPv6 Configuration Type: None
System: Gateways: Single
WAN_GW
- Interface: WAN
- Address Family: IPv4
- IP address: dynamic
- Disable Gateway Monitoring: unchecked
- Monitor IP: 8.8.8.8
LTE_GW
- Interface: LTE
- Address Family: IPv4
- IP address: dynamic
- Disable Gateway Monitoring: unchecked
- Monitor IP: 1.1.1.1
System: Gateways: Group
WAN_LTE_GW_GROUP
- Gateway Priority: LTE_GW: Tier1
- Gateway Priority: WAN_GW: Tier2
- Trigger Level: Pcket Loss
- Description: failover group
System: Settings: Administration
- (Secure Shell)
System: Settings: General
- DNS servers: 8.8.8.8 WAN_GW
- DNS servers: 1.1.1.1 LTE_GW
- Gateway switching: Allow default gateway switching
Firewall: Aliases
- RFC1918
- Content: 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
- Description: private networks
Firewall: NAT: Port Forward
generated
no redirect LAN TCP * * LAN address 80, 443 * * Anti-Lockout Rule
man-made (make Web-Proxy transparent)
enabled LAN TCP LAN1 net * ! RFC1918 80 (HTTP) 127.0.0.1 3128 redirect outbound traffic to proxy
Firewall: NAT: Outbound
Mode: Automatic outbound NAT rule generation
enabled LTE LAN1 networks, Loopback networks, 127.0.0.0/8 * * 500 LTE * YES Auto created rule for ISAKMP enabled LTE LAN1 networks, Loopback networks, 127.0.0.0/8 * * * LTE * NO Auto created rule enabled WAN LAN1 networks, Loopback networks, 127.0.0.0/8 * * 500 WAN * YES Auto created rule for ISAKMP enabled WAN LAN1 networks, Loopback networks, 127.0.0.0/8 * * * WAN * NO Auto created rule
Firewall: Rules: Floating
17 automatically generated rules:
block/in/firstMatch IPv6 * * * * * * * Block all IPv6 block/in/lastMatch IPv4+6 * * * * * * * Default deny rule ... pass/out/lastMatch IPv4+6 * * * * * * * let out anything from firewall host itself pass/out/lastMatch IPv4+6 * igb2 * * * LTE_GW * let out anything from firewall host itself (force gw) pass/out/lastMatch IPv4+6 * igb1 * * * WAN_GW * let out anything from firewall host itself (force gw)
Firewall: Rules: LAN
4 automatically generated rules:
pass/in/firstMatch IPv4 UDP * 68 255.255.255.255 67 * * allow access to DHCP server pass/in/firstMatch IPv4+6 UDP * 68 (self) 67 * * allow access to DHCP server pass/out/firstMatch IPv4+6 UDP (self) 67 * 68 * * allow access to DHCP server pass/in/firstMatch IPv4+6 TCP * * (self) 80 443 * * anti-lockout rule
man-made rules:
pass/in/firstMatch IPv4 TCP/UDP * * 127.0.0.1 3128 * * allow NAT Proxy pass/in/firstMatch IPv4 TCP/UDP * * 192.168.1.1 3128 * * local route PROXY pass/in/firstMatch IPv4 TCP/UDP * * 192.168.1.1 53 (DNS) * * local route DNS pass/in/firstMatch IPv4 any LAN net * * * WAN_LTE_GW_GROUP * Default allow LAN to any rule
Firewall: Rules: LTE
2 automatically generated rules:
pass/in/lastMatch IPv4+6 UDP * 67 * 68 * * allow DHCP client on LTE pass/out/lastMatch IPv4+6 UDP * 68 * 67 * * allow DHCP client on LTE
Firewall: Rules: WAN
2 automatically generated rules:
pass/in/lastMatch IPv4+6 UDP * 67 * 68 * * allow DHCP client on WAN pass/out/lastMatch IPv4+6 UDP * 68 * 67 * * allow DHCP client on WAN