MTU LUG Wiki

Docs/OPNsense: Difference between revisions

Page Discussion

Docs/OPNsense (view source)

Revision as of 08:09, 4 November 2025

33 bytes removed ,  4 November 2025
no edit summary
No edit summary
No edit summary
 
(4 intermediate revisions by the same user not shown)
'''For Layer 1 network details, see [[Docs/Cables]].'''
[[Docs|<small>~/Docs</small>]]
 
'''For Layer 2 network details, see [[Docs/Switches]].'''
 
OPNsense is our router/firewall.
We have two OPNsense devices, Lasagna and Ravioli.
 
== Network ==
'''The VLAN configuration (like VLAN IDs) should probably be moved to [[Docs/Switches]] to keep this article strictly Layer3'''
 
=== Management (OOB) ===
{| class="wikitable"
!Subnet
!VLAN ID
|-
|10.10.0.0/24
|1?
|}
OOB Management services like [https://www.dell.com/en-us/lp/dt/open-manage-idrac Dell iDRAC] / [https://www.hpe.com/us/en/hpe-integrated-lights-out-ilo.html HP iLO] and internal networking hardware.
Because of this, the iDRAC web login interface should only be accessible to anyone you're okay having root on the server.
 
=== LAN ===
{| class="wikitable"
!Subnet
!VLAN ID
|-
|10.10.1.0/24
|2?
|}
Servers and Virtual Machines.
LAN cannot communicate with Management.
 
=== WAN ===
{| class="wikitable"
!Subnet
!VLAN ID
|-
|141.219.80.64/27
|640
|}
Our public IP subnet under Tech's <code>141.219.0.0/16</code> block.
 
The plan is to use reverse-NAT to map the public IPs to select internal IPs, since we won't have enough IPs for every VM.
 
== VPN Networks ==
 
=== OpenVPN ===
{| class="wikitable"
!Subnet
!VLAN ID
|-
|10.10.10.0/24
|N/A
|}
 
{| class="wikitable"
!Subnet
!VLAN ID
|-
|10.10.11.0/24
|N/A
|}
<code>10.10.11.0/25</code> - Wireguard admin range (access to LAN+Management)
 
Neither wireguard config should have access to the internet.
 
== OPNSense ==
<Rules for access, updates, generating wireguard configs, etc>
Retrieved from "https://lug.mtu.edu/wiki/Special:MobileDiff/7886...8011"