Rebuilding my home network after multiple storage failures and no backups! This video alone was a huge help after I moved from Pfsense to OPNSense.
@homenetworkguy
10 ай бұрын
I’m glad you found it helpful!
@TheJam53ice
10 ай бұрын
@homenetworkguy Thanks for the reply :) certainly did help, made me realise what I was doing wrong whilst setting it up aha
@theprextonshow
3 ай бұрын
Thank you so much for all your videos and wrote up guides, you have been extremely helpful for a new opnsense user
@homenetworkguy
3 ай бұрын
Thanks, I appreciate it. Glad you found them helpful!
@robertgrabowski2265
8 ай бұрын
Hi and thank you for the video. Some extra (needed) things you also can cover is how to check logs to verify that things like LAG or what port is blocking between vlans (to check and correct rules for open ports). Also that LAG interface should be enabled (?). Some questions: *Is DHCP blocked on each VLANs per default and should be opened in fw for each vlan? *Is every interface (OPT1, OPT2, OPT3, OPT4) in opnsenserouter corresponding to a specific vlan? *Can individual interface (OPT2,OPT3) be members in same vlan(s)? If two switches are connected to each interface OPT2/OPT3) or if you want/need connect two Access Points to OPNsens)? *Are there CLI commands for administrating (or checking logs) in OPNsens? EDIT: My issue with LAG was on the switch side, there you have to specific set PVID on each port. Once again, thank you for a good video, Robert
@homenetworkguy
8 ай бұрын
Thanks! Yeah logging is helpful. I don’t cover all topics in a single video to keep the time constrained and to stay focused on the topic at hand. 1. DHCP must be enabled after creating new interfaces (regardless whether it’s a physical interface or a VLAN interface). 2. Every interface can either be a physical interface or a VLAN interface. It’s not necessarily just VLANs. If your system has multiple physical network interfaces, OPT1, etc can be the physical interface. VLANs sit on top of physical interfaces but show up the same as real physical interfaces. They are treated the same as physical interfaces once you create VLANs. 3. You cannot assign the same VLAN on multiple physical interfaces unless you bridge those interfaces together (which is not generally recommended). You can connect a switch to the network interface and multiple APs to the switch if you need additional WiFi coverage. 4. There are some CLI commands you can use but I rarely use the command line since I do all the configuration via the web interface. Yeah TP-Link switches in particular require you set the PVID while other switches may do that automatically for you when you assign the VLAN.
@Carl-kg7rm9zz8y
11 ай бұрын
Hey Dustin! Another educationally well explained video, thank you!!! Keep these videos coming. I'm waiting for the member's area, hope it works out! //Carl
@homenetworkguy
11 ай бұрын
Thanks! I thought about creating a member only subscription on KZitem to get early access to videos (as one perk) since KZitem has that functionality built in so it is easy to set up. I’d have to think about other perks that don’t consume a lot of my time (such as certain extra content) since I can only get so much accomplished in a limited amount of time.
@Carl-kg7rm9zz8y
11 ай бұрын
Yes, start with that. One perk can be a Q&A section, you can answer questions when it suits the time. Regarding time, short of time you always have plenty of😅.
@homenetworkguy
11 ай бұрын
Q&A would be good. Since I would be paying customers I could try to give those a bit more of a timely response than other questions I receive. I still try hard to answer everyone but it’s getting more difficult to do as I grow my website and channel. Yeah I don’t have the pleasure of doing this full-time. Haha.
@JasonsLabVideos
11 ай бұрын
WOOP WOOP !!! Nice work !!! I will have to re-share this for people !!
@homenetworkguy
11 ай бұрын
Thanks! Hopefully it helps people to get started especially if new to the whole process.
@JasonsLabVideos
11 ай бұрын
And because of what Pfsense just did to everyone so all these people ditching Pfsense !@@homenetworkguy
@homenetworkguy
11 ай бұрын
Yeah I already had the written guide started before the pfSense news so that prompted me to make this more of a priority.
@JoJ0TheHoBo
Ай бұрын
So, just got it all setup. Amazing videos I'm loving the content thank you so much (from a beginner)! I was just curious though... I satup my untrusted network vlan for my wireless devices and they now get a proper ip assigned via dhcp and can access the internet, and as I wanted cannot access my private network, but I can no longer access my routers gui from my main computer I do management from. How can I allow access to that in my case I'm using MikroTik SwOS Lite and a MikroTik AP/Router
@homenetworkguy
Ай бұрын
Thanks! It depends where your main computer is connected. Anything on the trusted network (192.168.1.x) should have access to the OPNsense web GUI since I didn't create a separate management network in this video to keep things more simple.
@GustavoEscobar-e3i
29 күн бұрын
Hey, just a couple questions on my end. I just bought a protectli vp2420 and would like to try to run opnsense on it. I keep hearing about Wan and Lan ports, but I like the convenience of using the rest of the available ports as a switch, is that possible/recommended? Also, do you know anything about bufferbloat in terms of pc gaming? Can I configure opnsense to help with that? For context, I'm moving away from an openwrt box I've been running for a while now. So while I do know a bit a networking, I still very much consider myself a beginner. I'm still doing research regarding my questions but any help would be greatly appreciated!
@homenetworkguy
29 күн бұрын
Yeah on mini-PC boxes with multiple interfaces (similar to adding a PCIe NIC to a PC) are all treated as separate interfaces. They’re not bridged together in hardware like a network switch. This makes sense when you think about it because you often want to have interfaces belong to different networks whereas a network switch is used to connect multiple clients to the same network (or different networks via VLANs). So to answer your question, yes it’s possible to bridge the interfaces in software but it’s typically not recommended. However with that said, in a home network with the computing power available on mini-PCs (and the fact the network interfaces are not very high throughput), you will probably be fine if you bridged the interfaces. Of course I always recommend testing it out but worst case scenario if you encounter problems is to not use bridges (you could likely remove one of the interfaces from the bridge without reinstalling OPNsense). As for bufferbloat, that’s only an issue when you are fully saturating your network bandwidth especially upstream bandwidth if you have asymmetric speeds (slower upload than download) since the upstream bandwidth is easier to saturate. As long as you’re not saturating all your upstream or downstream bandwidth while gaming, you should be fine without tweaking bufferbloat. Of course if you put in place controls for bandwidth usage, you could end up with a better experience if something/someone on your network starts using a lot of bandwidth.
@hexium
Ай бұрын
Thanks for the video, very helpful. Regarding network isolation using VLANs, I plan to set up a mini-pc with Proxmox and virtualize opnsense and home assistant amongst other services. If I get an AP which supports multiple wifi networks and VLAN tagging (which I wasn´t planning to buy but after watching your video sounds like a good option), how would you go about connecting all IOT devices (in the untrusted wifi network) with the HA server which would live in Proxmox? I imagine I would need a rule to allow all IOT devices to talk to the HA server, and then if I enable client isolation add extra rules whenever individual IOT devices need to talk to each other? Would that in your opinion be a sensible configuration or is it a bad idea to allow clients in an untrusted network access to a server in the trusted network? The other option I can think of would be to register the HA server in both trusted and untrusted networks (the latter without client isolation), but having a server live in an untrusted network with no other restrictions sounds like a bad idea. Thanks!
@homenetworkguy
Ай бұрын
I put Home Assistant on the IOT network (I run HAOS in a VM on Proxmox) even though I manage my Proxmox server (a 3 node cluster) from my management network. It just made sense to me because HA is going to be the main hub for all things smart home. Most of my smart home devices are Z-Wave so I don’t have a lot of WiFi smart home/IoT devices. I put media players (Apple TVs, etc) and phones, etc on the IOT network. It just makes things easier when those devices can communicate together. It also simplifies firewall rules and the need to broadcast multicast across VLANs. There is some room for me to lock down things a bit more on the IOT network but I also try to balance usability with security. My family has no idea of any of the complexities that happen behind the scenes which means it just works. Haha. I also strive to minimize unnecessary complexity when possible.
@protacticus630
9 ай бұрын
Thank you for wonderful video. What will you recommend, to install Opensense on Proxmox, ESXi or bare metal? I need to for my home network. Thank you so much!
@homenetworkguy
9 ай бұрын
Thanks! I personally prefer bare metal so that I don’t take the network down if my virtualization server goes down or I’m rebooting it. But I also virtualize OPNsense for testing various things or doing videos or written content. There are ups and downs to both approaches. VMs are super easy to backup but with bare metal you need to save the config file (manually or automatically) and if you use ZFS you can take advantage of boot environments (via command line) if you need to roll back if something goes wrong. I find OPNsense so stable that I’ve never had to reinstall it from scratch unless I’m switching out my hardware.
@chucksezra9722
10 ай бұрын
Hi, thank you for this tutorial. For me I can't afford a WAP and not interested in VLAN at the moment. I just want to learn. Can I use an unmanaged switch and wifi router (as my WAP)? Just for the sake of learning. Thanks
@homenetworkguy
10 ай бұрын
Yes! You can use the default single LAN network with OPNsense just like a consumer grade router but you will have a lot more control over your router/firewall. An unmanaged switch will work just fine for that. You can put your WiFi router in access point mode if you wish to eliminate double NAT for devices connected to your WiFi. It will actually work leaving it in router mode but if you do that I recommend making sure it or OPNsense uses a different set of IP addresses to avoid issues if you want to access any wired devices on the switch connected to your OPNsense. It is less than ideal to leave it in router mode because it can be more difficult to access the wired devices from your wireless router and vice versa.
@jc-mt8ot
10 ай бұрын
Great stuff. If you had created the new vlan for untrusted on the igc2 physical interface would you need a device up stream to route that vlan or is OPNsense smart enough to route internally on the mini pc? Clearly it seems to work if you put more than one vlan on igc1 (lan and untrusted) like you did in the demo here.
@homenetworkguy
10 ай бұрын
With 2 interfaces you could actually create 2 separate physical networks without needing VLANs at all if you wanted to, but if you put a VLAN on igc2 while using igc1 as your trusted untagged network (which has no VLANs associated), you would simply need to add the appropriate firewall rules if you want to access anything between the 2 networks. Any interface/VLAN that is assigned on the OPNsense box you can have access to from OPNsense. You control access via firewall rules but OPNsense can route traffic to and from any of the interfaces (both physical and virtual) on the OPNsense box.
@jc-mt8ot
10 ай бұрын
@@homenetworkguy Thank you for the clarification! Great stuff.
@starfoxBR77
11 ай бұрын
Thank you! Look forward to watch it all!! My environment is still a bit unstable. I'm using it with a home license of Zenarmor.
@homenetworkguy
11 ай бұрын
You’re welcome. This guide is very bare minimum but once you have it running, you can introduce one feature at a time until you reach your goals.
@praetorxyn
5 ай бұрын
I have a NAS, and I'm planning to build a bigger badder 8-bay one with ZFS, so I know 10Gbps would be handy on LAN. Is there a functional difference between a router / firewall appliance that has 10G and one that does not for that use case? Or to be clearer, if I have a symmetrical 1 Gbps internet connection, is there a functional difference between an Opnsense appliance with 10Gbps SFP+ connected to a 10Gbps SFP+ on a switch the client devices are connected to (with one device using the other 10 Gbps port on the switch) and an Opnsense appliance without 10Gbps SFP+ connected via 2.5Gbps RJ45 to a switch with 10Gbps SFP+ that client devices are connected to (with one device using the other 10 Gbps port on the switch)? I'm currently eyeing a Minisforum MS-01 as a Proxmox device and considering virtualizing Opnsense on it. It would save money and make backups super easy in case an update messed anything up, but it would mean if I needed to update the Proxmox host and reboot it the whole internet would go down etc.
@homenetworkguy
5 ай бұрын
The faster interfaces are useful for the LAN only if you have more than one local network and you plan to route 10G across VLANs. It takes a reasonably powerful system to route full 10G across VLANs especially if you’re running services such as Zenarmor. But even if you can only route 3-5 Gbps, it’s still better than just 1 Gbps if you have faster clients on your network. Even better is if you can create a separate VLAN or dedicated 10G switch just for faster clients and you wouldn’t need to even route 10G traffic across the firewall. It puts less strain on the firewall.
@mrd4233
11 ай бұрын
Very informative! Thanks for share i will give it a try! ::)
@homenetworkguy
11 ай бұрын
You’re welcome! Hope it helps!
@NunoLeitaoTheEpiq
2 ай бұрын
8:05 timestamp. "Hopefully you are using a VPN not open to the world." I didn't understood this. The VPN only changes the entry point of your home, right?
@homenetworkguy
2 ай бұрын
I think I was trying to say, hopefully using a VPN and not exposing apps/services directly to the world. Of course you can expose them if you understand the risks and know how to secure them well (and monitor it on a regular basis for malicious activity). A VPN offers a secure connection so no one on the outside can get in (unless there is some rare vulnerability). I want to update this series at some point since I was new to KZitem when I created these.
@NunoLeitaoTheEpiq
2 ай бұрын
@@homenetworkguy thanks for the reply. I'm still not sure if I have understood. To my knowledge, (correct me please where u see fit, because I'm still trying to understand this), a VPN is just a different entry point on the internet to your home. Imagine you have a VPN configured in your router and all your home network goes in it when accessing the internet. How does this protect your network. Your router basically only has a different wan ip, no? All the ports can be hit in the vpn ip, instead of your ip, correct?
@homenetworkguy
2 ай бұрын
I’m referring to hosting apps on your network. You can set up a VPN server on your router or your internal network that you can connect remotely to your home network. Only the VPN port is exposed to the Internet rather than your app you are hosting. This means only users who use your VPN server can access it. It’s protected via encryption/keys, etc. What you are referring to is connecting your home network to a 3rd party VPN provider to route all of your home’s Internet traffic through it. Some users do it for increased privacy but then you have to trust the VPN provider. I don’t use 3rd party VPN providers but I know that some users prefer to do that. You may sacrifice latency and throughput depending on the VPN provider and the capabilities of your home router (a slower router may not handle higher throughput VPN traffic as well due to the CPU overhead of encryption).
@fu1r4
6 ай бұрын
You know you can click on the OPNsense logo to go to the dashboard ... 14:10 You don't need to press Save after you add an interface. The save button is to be used when you swap interfaces. You can see that your UNTRUSTED network will show up in the menu after you have clicked the add button.
@homenetworkguy
6 ай бұрын
Thanks for point that out! Yeah, I knew you could click the logo to skip the wizard. I think I have that mentioned in my written guides, but when I recorded the video, I didn't do it that way. I definitely make mistakes in the videos. Unfortunately, I can't go back and fix the minor issues and mistakes on KZitem like I can on my website. My website documentation is much more refined in that regard. I have edited some of my guides at least a half a dozen times or more over the last few years. If you watch my first full network build guide (part 2), I messed up the video in regards to setting up a LAGG. I realized I missed a step when recording, so I went back to fix it later but the web interface doesn't have the LAGG set up in one of the steps but later it is set up... I believe the overall process is correct, but it's confusing looking at the web interface because in some steps the LAGG interface isn't showing but in other steps it is. I may do another network build video later and try to refine and clean up some things in an effort of continual improvement. I have found creating technical videos to be much more difficult than creating written documentation (for others, it may be easier to produce video content, but not for me, haha).
@codescholar7345
Ай бұрын
How I setup vlans that use different openvpn or wireguard clients ? Thanks!
@homenetworkguy
29 күн бұрын
I think what you are wanting to know is how to do policy based routing for VLANs so that traffic on certain VLANs uses certain OpenVPN/WireGuard clients. I haven't explored that area yet but it's on my long list (although I'm not sure when I will explore it deeper). This would be higher priority on my list if it is something I wanted to do on my network (it helps me to justify the time to learn the process since I will be using on my home network while also creating content based around that topic).
@codescholar7345
27 күн бұрын
@@homenetworkguy thanks for the reply, I've now figured it out.
@AbsurdKangaroo
7 ай бұрын
Do you have any recommendations for connecting to your vp2420 without putting your current router into bridge mode? Or would I be better off just buying a separate modem?
@homenetworkguy
7 ай бұрын
If you’re not hosting any services or gaming, most things will be ok with double NAT (especially if the services are cloud based or use some sort of proxy). You could test it to see if it interferes with anything you use. If not, you can save on the cost of a dedicated or hassle of switching to bridge mode (although setting to bridge mode isn’t super difficult). Buying a dedicated modem can save on rental fees and potentially offer a better experience since you will be using your own quality router rather than the cheap all-in-one devices your ISP uses. I personally prefer owning my modem to save on fees and so I can run my own powerful, stable, and secure router.
@disjustice
7 ай бұрын
Can anyone explain why the trusted SSID didn't need to be put into VLAN 1? Is that just the default for the switch port if there is not VLAN tag present?
@homenetworkguy
7 ай бұрын
Yes VLAN 1 is the default. I believe I mentioned that I would be using the default VLAN 1 (which is the LAN interface on OPNsense) as the trusted network. I’m going to be releasing a new video soon on how to set up a separate dedicated management VLAN for core network infrastructure. I know some prefer to use a dedicated VLAN but I just use the default VLAN 1 as my management network. I just make sure that I don’t have anything on the management network that’s not supposed to be on it.
@timmark4190
9 ай бұрын
Once you block each network, how can you allow say an iPhone on network LAN to Apple TV on network UNTRUSTED
@homenetworkguy
9 ай бұрын
Add a rule on the LAN interface to access the Apple TV on the Untrusted network (you can use the Apple port list to determine specific ports or simply allow all ports even though it’s more open). It needs to be above the bottom rule. Ideally you would need to make the Apple TV a static IP and use the MDNS plugin so that you can auto discover the Apple TV from your phone. I haven’t tried making this work in a while because it’s tough to get even working properly because devices like the Apple TV are designed to be on a flat network. You can work around it but it can be extra work. I put my phones on the same IoT network as my Apple TV just to keep things easy/seamless between my iPhone and Apple TVs. I’m ok with classifying my phone as an IoT device even though it’s likely much more secure than many IoT devices that do not prioritize security.
@sohodon
4 ай бұрын
The question I have is does the AP show the connected host names in the management interface.., tried this with an Asus AP EBA63 and not showing the host name but showing them connected
@homenetworkguy
4 ай бұрын
I would have to check the Grandstream AP to see. I know it does with UniFi APs. Haven’t had the chance to check my Grandstream AP since I just use it for demonstration purposes.
@SecurityDivision
6 ай бұрын
You need to set up that PVID with Zyxel switches too, cost me full day of stress and anger, until I properly read the manual :)
@homenetworkguy
6 ай бұрын
Dang. That is a small detail that will get you messed up for hours! It still happens to me on occasion when I’m used to switches that do it for me. Haha. I’m hoping to purchase some cheap managed switches at some point from popular brands so I can show how to set up VLANs across many vendors.
@JemTheWire
Ай бұрын
Thank you for this. Very helpful. But that mouse pointer was driving me crazy! lol
@homenetworkguy
Ай бұрын
Glad it was helpful! Sorry about the mouse cursor. I was using the TinyPilot for remote administration and it shows the cursor of the remote machine as well as the cursor of the local machine so you end up seeing both with the remote cursor slightly lagging behind.
@johngalt8708
3 ай бұрын
What hardware would you recommend?
@homenetworkguy
3 ай бұрын
I would say it would depend on your goals and your budget. If you want to run intrusion detection services, you’ll need a more powerful system to use as your router. Otherwise you could probably get by with more budget friendly hardware. A lot of people like the mini PCs with the Intel N100 CPU. As for switches I’ve used TP-Link switches as budget friendly switches but I’ve moved over to Grandstream switches.
@hmt8701
10 ай бұрын
Please consider a OPNsense build using the new R2: kzitem.info/news/bejne/lK6OrqmHkKCeiZgsi=1E_xnzOv2IgaqgoX
@homenetworkguy
10 ай бұрын
That’s a neat tiny little box but it does have one Realtek NIC so you may have to avoid using that one NIC (or just use it as a management interface). Realtek NICs generally do not work well with OPNsense (due to poor driver support in FreeBSD).
@williamj8280
7 ай бұрын
Nice but could you explain firewall rule to allow one device to use the home internet instead of the vpn for every thing. Right now my OPNsense is fully setup and working with my NordVPN but the issue is I need one device to use my home internet for gaming. I tried setting my source as my pc static ip above the rule that allows devices to connect to vpn but then I loose vpn on all devices and still can’t reach the home internet I’m sure this is a simple task but I think I’m complicating the issue. Thanks
@homenetworkguy
7 ай бұрын
I don’t use an external VPN but if you do, you’re going to need to make use of policy based firewall rules so you can designate rules to some traffic to go through the VPN and others to not go through the VPN. I believe you can do this by specifying the gateway in your firewall rules. It’s something I want to explore more at some point.
@williamj8280
7 ай бұрын
I actually figured it out about 10 minutes after I sent that message. I was just over complicating my situation. I actually solved it by using an alias for some reason it won’t use a host directly. At least it wouldn’t on my install. I have it working flawlessly now basically as I stated, I have my VPN as the primary connection that way all traffic goes through the VPN. Any additional devices can be rerouted by adding a simple rule above the VPN rule button instead of directing the traffic to the VPN set the gateway as the one address actually it works by setting it as default as well and then of course change your source to the alias that has your host say apply you now can direct any IP that is in the alias host to use your home net which gives you higher speeds the VPN, which was originally what my problem was trying to play games on a VPN had very, very high latency and ping times, sometimes upward of 10k kudos to your instructions on setting up OPN following your instructions, made my install and configuration simple appreciate all the work you put into this because your knowledge has added to my success, and completing my home server set up@@homenetworkguy
@yesimwilliam
8 ай бұрын
Hi great videos. One question, I have a mini PC that has only 2 ports. Can I plug one into the modem (WAN) and the other into my managed switch (LAN) and then set up multiple vlans on the managed switch even though I only have one LAN port going back to OPNsense?
@homenetworkguy
8 ай бұрын
Yes! This is perfectly acceptable and how many users do it (even if they have a mini PC with 3+ interfaces). The only downside is that it can become a bottleneck when routing traffic across networks unless you have higher speed interfaces. If you don’t transfer files between networks often or mac out your bandwidth on a regular basis, it shouldn’t be a problem.
@yesimwilliam
8 ай бұрын
great, I was thinking of only using 2 vlans 1 for my wifi devices and another for my work set up as I work from home. I do have a NAS but its only really for storing files and runs my plex. So I don't think I would have an issue with bottlenecks, hopefully.. Thanks for the quick reply !!@@homenetworkguy
@cyrilpinto418
3 ай бұрын
This obviously is out of the scope of this video, but reading your website, I saw an article setting up Wireguard. Would it be possible to make a video on that, especially if installed on a container.
@homenetworkguy
3 ай бұрын
I haven’t tried setting it up in a container yet (even though it performs better) since WireGuard on OPNsense works well enough for my needs. I could put it on the list but I thought about doing one with WireGuard on OPNsense now that they’ve updated the UI and included a QR code for adding clients, which was greatly needed and is appreciated.
@cyrilpinto418
3 ай бұрын
Looking forward to all your co tent; much appreciated.
@YellowstoneCommie
6 ай бұрын
Why when directly connected to the firewall can i not ping it but i can access the gui seems off
@homenetworkguy
6 ай бұрын
You have to allow ping via firewall rules (you need to allow the ICMP protocol). Some people like having pings blocked while others enable it for certain parts of their network.
@CharizardSnyper
11 ай бұрын
Do you think you can follow this video up with: Installing nginx proxy manager on a routing level Setting up 2 VPN instances for VPNing into our home network and another VPN for all outgoing traffic And adguard?
@homenetworkguy
11 ай бұрын
I could try to cover some of these topics at some point. It’s been on my todo list for a while to cover VPNs for outgoing traffic. I already cover accessing your home network via VPN on my website (haven’t done a video on that yet).
@adambeal1037
11 ай бұрын
Site to site vpn would be awesome
@yesimwilliam
8 ай бұрын
I have no idea where I am going wrong. I've tried this twice and both times when I get to the firewall rules and then the vlan setup on my switch everything goes out and I can no longer get back into opnsense. I followed your guide to the t so no idea, very frustrating. How do yo get back into opnsense when this happens?
@homenetworkguy
8 ай бұрын
Hmm, it's hard to say without knowing the details of steps you are taking (I know you said you followed exactly but something is going wrong-- it can be some tiny detail). In theory, there should be an anti-lockout rule in OPNsense to prevent you from locking yourself out if you are connected to the LAN interface. Adding a VLAN to the default LAN interface shouldn't interfere with the functioning of the LAN interface (where the untagged network traffic resides). So you should be able to plug directly into the LAN interface with your PC/laptop (I don't know if you're trying to connect via a switch or directly to the LAN interface) to have access to OPNsense unless some incorrect configuration changes which could prevent that from working properly. When you start adding VLANs to your switch, you have to be careful to not change the network interface that you plugged into to a different VLAN since you will lose access.
@yesimwilliam
8 ай бұрын
@@homenetworkguy Funny you say that, I was just looking at the default firewall rule that is set up and I saw the anti-blockout. So I think I did something wrong at the switch. The switch I have is not the same as the one you used to demonstrate so I got confused and probably blocked myself out there. I will keep plugging away to see what I did. Thanks for the reply. Fyi I am using a Netgear GS108Ev3 switch
@shortvideosfullofstupidity9534
10 ай бұрын
How to connect a isp gateway with telephony with opnsense ? Btw good job
@homenetworkguy
10 ай бұрын
Thanks! It might depend on your ISP, but with Comcast for example, I am able to use my own modem with voice and it works fine with a standard handset. I believe it also worked fine when using Comcast's XB7 all-in-one box when it was in bridge mode so you don't lose that capability when using your own router such as OPNsense.
@shortvideosfullofstupidity9534
10 ай бұрын
@@homenetworkguy I know it depends but make a video about your isp for example please 🙏
@ChaosTheory666
2 ай бұрын
This will be quite useful once I figure out how to configure interfaces, ipv4 forwarding, etc, on Guix. Assuming KZitem still exists by then...
@homenetworkguy
2 ай бұрын
Glad you find it useful!
@C0LiDe
8 ай бұрын
How can we be sure that the BIOS has not been compromised?
@homenetworkguy
8 ай бұрын
It can be difficult especially if you have your system on the edge of your network and you are not able to monitor the traffic. If you put the system behind your main router/firewall, you can start observing the traffic to ensure nothing suspicious is happening. Of course, even this is a less than ideal way to know if the firmware has been compromised. I would say the likelihood of it happening is pretty low unless you are being targeted by a nation state, but there is always the possibility that vulnerabilities can be exploited which could potentially get into the firmware of your system. I'm sure how often that occurs since the most likely scenario is someone physically tampered with the device or it came from the manufacturer/supply chain with a backdoor or vulnerability already installed in the firmware.
@solverz4078
9 ай бұрын
Should the access point be plugged into a tagged or untagged port?
@homenetworkguy
9 ай бұрын
If you are using VLANs on the AP, it needs to be tagged.
@thecameratherapychannel
9 ай бұрын
@@homenetworkguy What if I want to use my wireless AP (no VLAN /no VLAN aware) for both traffics? Is there any way to do it or do I need to use a double WAN AP..? (I have a Asus router with double WAN but no VLAN as well).
@Carl-kg7rm9zz8y
10 ай бұрын
Hi Dustin! Can you somehow show how to configure Opnsense using two switches in same network and make that work based on your excellent howto videos!? //Carl
@homenetworkguy
10 ай бұрын
Are you referring to connecting the switches together and then connect one of them to OPNsense? That’s what I do for my home network so I can have more ports but also use the same VLANs across both switches (a router on a stick configuration). It works great and I’ve reduced the likelihood of bottlenecks for traffic traversing the different VLANs/networks since my router interface is faster than 1Gbps (I have a 10Gbps interface).
@Carl-kg7rm9zz8y
10 ай бұрын
Exactly what I meant! You must have a teacher skill hidden inside you 😊 My routers max speed is 2.5 Gb, I want to achieve what you describe with four switches.
@homenetworkguy
10 ай бұрын
I could do that. Basically doesn’t require any extra configuration on OPNsense- just need to make sure the VLANs pass through each switch. With 3+ switches I recommend using one switch as an aggregation switch and plugging the other 3 into that switch. That way if one of the switches dies, it doesn’t take down the entire network (unless it’s your main aggregation switch that died). Of course there are ways to add more redundancy by connecting the switches to each other but then you have to configure spanning tree protocol (which I haven’t tried yet since I don’t need that level of redundancy especially for a home network where switches last a long time and I don’t have more than 2 switches to connect for my main network).
@Carl-kg7rm9zz8y
10 ай бұрын
Please do! Show the configuration steps hands on. It can be a natural follow up to your “Set up a Full Network using OPNsense” series. Looking forward to that video!
@asheglenn
5 ай бұрын
Thank you! Helped me figure out my screwed up firewall rules
@homenetworkguy
5 ай бұрын
You’re welcome! I’m glad it was beneficial!
@doop9713
6 ай бұрын
Thank you so much, tremendously helpful!! :)
@homenetworkguy
6 ай бұрын
You’re welcome! Thanks.
@kevinhays1693
10 ай бұрын
Really good videos, got a lot of useful information out of these you have created for us. One question I have though is are you able to create a vlan firewall group, assign your vlans to it, then create a firewall rule on that group to allow dns, block dns, allow internet instead of having to create those rules on each vlan?
@homenetworkguy
10 ай бұрын
Thanks! Glad you found it helpeful. Yes, you can create firewall rule groups! You basically choose your interfaces you want in each group (it can be a physical or a virtual interface). See one of my previous videos for a more detailed explanation: kzitem.info/news/bejne/s5uHuJeHrWJmY4o
@kevinhays1693
10 ай бұрын
@@homenetworkguy Sounds great. I'm switching from an old pfsense community edition and I am enjoying opnsense so far! Keep up the excellent videos, they are really helpful! TY!!
@primenetwork27
8 ай бұрын
Can you create a video for openwaf in opensense
@homenetworkguy
8 ай бұрын
I haven’t considered OpenWAF before but I suppose it’s a possibility. I don’t have any experience with it so it would be a bit of a learning curve to get up to speed on it.
@Techie4life
11 ай бұрын
Great Job Dustin.
@homenetworkguy
11 ай бұрын
Thanks!
@coollllmann
9 ай бұрын
Excellent video mate!!!!
@homenetworkguy
9 ай бұрын
Thanks! Glad you liked it.
@YellowstoneCommie
6 ай бұрын
Cool but never went over how to save the actual config.
@homenetworkguy
6 ай бұрын
Which config are you referring to? OPNsense, the network switch, or the AP configuration? For OPNsense, the configuration will be saved if you click the Apply or Save buttons (depending on the config you are changing). You can also backup the configuration on the System > Configuration > Backup page. For many network switches, you have to click a Save button to persist changes on a reboot. Otherwise, you lose all of your configuration since the last time you saved the changes. This is done in case you mess up your config-- you could reboot and clear out the messed up configuration. Switches often let you export the configuration for backup as well. For the AP configuration, you should be able to Apply and Save changes. Depending on the AP, that process could vary. Also you can export a backup config for APs as well. If your switches and APs are in the same ecosystem, you only need to backup the configuration from the controller software such as the UniFi Controller.
@YellowstoneCommie
6 ай бұрын
@homenetworkguy I was able to save config once I pulled out the install usb haha . It was booting from the install even after I finished
@homenetworkguy
6 ай бұрын
Ohh… I didn’t show the installation portion to save time on the video because it would make it longer. Also was focusing on the topic at hand of building a network.
@janiel471
6 ай бұрын
Thank you so much for your great turorials. It helps me a lot in setting up my new home network. I wonder what is the internet speed of your connection? Is is suffer a lot when using opnsense firewall? I'd appreciate so much if you could have a video on this topic ^_^
@homenetworkguy
6 ай бұрын
You’re welcome! Glad they helped you with your home network! I currently have a cable Internet connection that offers 1.2 Gbps download (sometimes can burst to 1.4-1.5 Gbps) but the upload is 35 Mbps but can burst to 40-45 Mbps. Because I run read only powerful mini-PCs and my Internet bandwidth is only 1.2 Gbps max, I have no trouble getting full throughput with OPNsense even when enabling CPU intensive services like Zenarmor. Anytime you add Zenarmor, Suricata, VPNs, etc into the mix, you start taking performance hits. If you need more than 3-6 Gbps, you’re going to need a much faster system than the power efficient mini-PCs.
@janiel471
6 ай бұрын
@@homenetworkguythank you for your information. My internet is 1Gbps. I installed OPNsense on Proxmox on a Zimaboard 8G with default settings only and the speed test dropped down significantly, it's just around 300Mbps. After that, I switched back to OpenWrt and it gets back to around 870Mbps. Thanks so much to your tutorials, I know that there is another approach to install OPNsense without using Proxmox, it could be much huge problem to me.
@janiel471
6 ай бұрын
@@homenetworkguyMy internet connection is 1Gbps and I'm using Zimaboard 8G running totally for firewall functionality. At first, I installed OPNsense on Proxmox VE, but when I did internet speed testing, my throughput was dramatically down to about 450Mbps (like half). I thought possibly could be because of running on virtualization, so I re-installed OPNsense running directly on Zimaboard and did the test again. The speed increased a little bit, around 500Mbps, but still so disappointed. And I also found out that my internet connection was being dropped like always after doing several speed tests because of disappeared default routes to wan. I re-installed OpenWrt back to Zimaboard, and now my internet speed is nearly 900Mbps. These problems lead me to a question that is it worth using OPNsense as main firewall gw at this moment? How do you think about that? I'd appreciate your opinions so much.. Thanks.
@janiel471
6 ай бұрын
@@homenetworkguyMy internet connection is 1Gbps and I'm using Zimaboard totally for main firewall functionality. At first, I installed OPNsense on Proxmox VE and tried several speed tests, the throughput is like around 400Mbps. So I thought may be because of virtualization, then I re-installed OPNsense running directly on Zimaboard. The speed increased a little bit, around 500Mbps but not what I expected. Finally, I re-installed OpenWrt on Zimaboard for now, the speed is back to nearly 900Mbps. One more problem I had when using OPNsense was that after several times doing speed testing successfully, the internet connection was being dropped because of some default routes were removed and I have no idea how. These problems lead me to a question that is it worth using OPNsense at the moment as main firewall gateway? I have no problem with OpenWrt so far. How do you think about that? I'd appreciated your opinions so much. Thanks
@janiel471
6 ай бұрын
@@homenetworkguy My internet connection is 1Gbps and I'm using Zimaboard totally for main firewall functionality. At first, I installed OPNsense on Proxmox VE and tried several speed tests, the throughput is like around 400Mbps. So I thought may be because of virtualization, then I re-installed OPNsense running directly on Zimaboard. The speed increased a little bit, around 500Mbps but not what I expected. Finally, I re-installed OpenWrt on Zimaboard for now, the speed is back to nearly 900Mbps. One more thing I had when using OPNsense was that after several times doing speed testing successfully, the internet connection was being down because of some default routes were removed somehow. These experiences lead me to a question that is it worth using OPNsense at the moment as main firewall gateway? I have no problem with OpenWrt so far. How do you think about that? I'd appreciated your opinions so much. Thanks
@Parsley4706
11 ай бұрын
Amazing video, thanks a lot!
@homenetworkguy
11 ай бұрын
Thanks! You’re welcome! Glad you liked it.
@satoshiborishi6898
9 ай бұрын
Thank you very informative!
@homenetworkguy
9 ай бұрын
You’re welcome!
@brahyamalmonteruiz9984
6 ай бұрын
amazing videos!
@homenetworkguy
6 ай бұрын
Thanks! More to come!
@legendaryzfps
4 ай бұрын
No ipv6?????????????????????
@homenetworkguy
4 ай бұрын
I include IPv6 on the more advanced configuration guide videos I have created. I was trying to keep things simple and minimal with this guide.
@legendaryzfps
4 ай бұрын
@@homenetworkguy ipv6 is really simple, IPv4 is complicated
@homenetworkguy
4 ай бұрын
If you only have a single network that may be the case. However that has not been my experience when you want IPv6 for multiple internal networks. If your ISP doesn’t support prefix delegation, you can’t really use GUA addresses from the ISP. ULA addresses have to be used which complicates things and isn’t always recommended because it goes against the principles of IPv6 where everything can have a GUA address because there’s enough addresses to go around. Another complication is many ISPs use dynamic IPv6 addresses and if you wish to firewall such devices on your internal network using GUAs that can be a problem. OPNsense allows you to create aliases with dynamic prefixes to help with this but you would probably need to make the 2nd half of the IPv6 address static using a DHCPv6 reservation. Does this all sound simpler than IPv4? I keep the IPv6 configuration to a minimum on my network and just only allow IPv6 to access IPv6 content online and do not use it much internally.
@Zenobia992
6 ай бұрын
i came from LTT
@homenetworkguy
6 ай бұрын
Nice. Did you see it off to the side of one of their videos?
@paulheckenauer
6 ай бұрын
@@homenetworkguy Your video is linked in the last ShortCircuit video description!
Пікірлер: 143