Small Business Setup With OPNsense
Ғылым және технология
In this video we configure OPNsense for a small business setup. I show you how to create vlans, firewall rules, DHCP servers and WIFI networks using OPNsense and Unifi
Join our discord server:
/ discord
Find us on social media:
mactelecomnetworks
mactelecomnetworks
mactelecomn
If you would like to support the channel I have an Amazon storefront below:
Canadian Amazon Store front:
www.amazon.ca/shop/mactelecomnetworks
USA Amazon store front:
www.amazon.com/shop/mactelecomnetworks
Пікірлер: 93
This was not only a great video about a simple setup but a great introduction to opnsense which is what I was looking for!! Well deserved Sub mate!
Thanks for posting this. I had configured a few vlans many months ago but forgot the process, didn't document it and didn't backup my config. When the pain of not backing up is greater than our fear of backing up, we will surely backup.
my first OPNSENSE online course/tutorial with u. Thank you MN.
WARNING: Disabling the root user without giving the new user "Login shell" access means that no user can login to the system directly on the hardware with a keyboard. If you ever get locked out or screw something up you will have no choice but to reformat.
@ProXicT
2 жыл бұрын
You can always boot a live CD, chroot into the system and change the password from there.
@timmark4190
Жыл бұрын
How do you give login shell access
You have no idea how much this helps. Thanks, brotha!
Thank you so much for providing the flow chart diagram, it really helps set the upcoming information and creates a great context for us "complete" novices to digest...wonderful videos, thank you for your time. (i wish so many others would give a diagram first before diving so quick into the GUI part of the software)
@MactelecomNetworks
3 жыл бұрын
No problem! I can probably make the diagrams better and put link labels on them. I’ve been thinking about posting them on my webpage as well so people can grab them
Cool video. Thank you very much. That's exactly what I was looking for. Greetings from switzerland
Very simple, very clear. Good job!
Solid how-to, and easy to follow for beginners. Thank you.
Superb video! I used this to start my OPNsense project!
Thanks for the great explanation, I'm in the process of switching out some old network switches and adding a new AP. I'm also going from pfSense to OpenSense
Great how-to. Easy to undestand. Thanks!
Thanks! Very helpful for getting started.
This is one of the better videos I've seen on this. Ty.
thanks you! clear and clean tutorial.
This is exactly what i need to do on my home lab. Thanks!
Good to see the diagram. I have a 6 port barebones box - and trying to use 1 port as a trunk to another office VLAN8 ports switch. Struggling to assign VLANs to local box and get the trunk working in Opnsense
Seeing a management VLAN configuration would be cool!
Thumbs up! This video is so helpful. Thanks!
Great video mate!!
Thanks Bro 10 out 10 understanding it more now
By far best tutorial thank u sm
Nice video again!
Thanks. Good Job.
Great video! Thanks.
Thank you! 👊🏽👊🏽
Very nice video! Thank you.
@MactelecomNetworks
3 жыл бұрын
Thank you!
Noticed the doing the same in UniFi is a lot easier but I guess this gives more flexibility
Brilliant tutorial!!
To block intervlan routing normally I would create alias for instance Vlans_Staff_Block and populates this alias with those vlans/networks I would block access from Staff. Now I find a better way of doing it from your tutorial. It saves a lot of time.
This was great, easy to follow and understand. Now a request... Could we get a similar tutorial with more budget oriented WiFi infrastructure? Maybe TPLink... Or Grandstream (not that great for business, but enough for home use). Thanks.
Thanks for a great video! Does creating a LAN2 (not VLAN) on the physical port next to LAN1 follow the same steps as with these VLANs?
Thanks to you. jusst bought a protectli. Opnsense somehow seems to make more sense based on how its laid out compated to pfsense for an average user like my self. I'm a dentist lol..
@MactelecomNetworks
3 жыл бұрын
Lol ya the UI is pretty good on it. I typically deploy PFsense boxes but OPNsense is just as good. Depends which interface you like more
Great video. Very clear and concise. You created a new user with /sbin/nologon and disabled the root user. Was disabling ssh intentional?
OPNsense FTW!
Thanks
Nice video BUT - Using the current updated version I followed creating another admin user and disabling root afterwards. Consequence: The whole firewall went into such a state that 1) no https was served anymore and 2) I could not even re-logon on the console! The new admin user was not abled to be a console user. So I had to reinstall all by scratch ...
is that possible to do the same if you have bridge between all 3 other ports? thanks.
thx a lotttttt
@sirphilipisland
3 жыл бұрын
greeting from indonesia
Is it possible to have different interfaces share the same DCHP range?
Super helpful. Im not and advanced user. i considering dumping my USG on my unifi network and using opnsense. This would be very similar. Your video made it much easier for me to make the decision. One thing I am confused about... do you actually plug an ethernet cable into the nics for each of the staff, guest, ioT,? My guess is no, but the reason you do that is for some sort of speed or to offload to individual nics? If not, how do they get to the WAN (to the internet). I'm not sure about the relationship between the physical interfaces, the vlans, and where to plug the unifi switches in. In the (entry level) USG i have now, there is only a wan port and a lan port and all 3 of my vlans are sharing them? Thanks again.
@tokoiaoben3842
Жыл бұрын
The ethernet cable that runs from OPNSense to USW Flex Mini is the trunk and carries traffic for all vlans created in this lab.
Awesome Can you make a video how to set up OPNsense HA
@MactelecomNetworks
Жыл бұрын
Possibly in the future :)
Excellent video, thank you very much. How about Security Features and Web Filtering, requires license?
@MactelecomNetworks
3 жыл бұрын
I’ll add that to other vidoes. This has no licenses it’s a fork of PFsense
Semoga sukses
Question for you. I noticed at 19:37 in our video you left quick checked off in one of the firewall rules. This reads the firewall rules read top down to my understanding. Since that's the case don't you want to put your "pass" statements at the top and your "block" statements at the bottom?
@zoomingby
Жыл бұрын
No, the order of these rules is top down. So the more specific rule goes on top. Otherwise with a successful pass, the router never gets to check the block rules.
Great video thanks, so if I wanted to admin once the vlans are set up each as they can’t see each other, would you set up an admin Vlan ? . Eg if you’ve set this up and you’re in the staff Vlan do you still have access to the switch and router login screens ? What happens on the 192.168.1.x network ? Ok rewatched a bit and I’m guessing as you’ve added the /32 you have in effect blocked the whole of the 192.168.0.0 all the way up to 192.168. Whatever the end nos is but in the earlier rules it gave each Vlan access to the switch and the access point ?
@MactelecomNetworks
3 жыл бұрын
You could setup a management vlan that has access to all the devices. Would just need to put allow rules in
I have a fresh install of (did it 4 times) OPNsense 21.1 on a Protectli FW4A that has skipped over the LAN/WAN reversal option every time. Is there any way from the CLI (via SSH) that I can reverse em0/em1LAN/WAN interface configs? Or do I just live with it? Regards..
@richardmekolichick4326
3 жыл бұрын
Cancel question. Found my answer under GUI Assignments.
Thank you for this nice tutorial, I'm having issue at 18:00 when I move my RFC1918 rules on top, the blocking behavior works but I will also lose internet on my guest network, any idea why I'm having this issue?
@boa974
8 ай бұрын
I think I did figure out, I see that during the DHCP set up you did manual insert the DNS which I did not and the rule will essential also block DNS. By adding a rule allowing the DNS above the RFC1918 or adding manually the DNS during in the DHCP area, this will fix the internet issue.
there's some odd stuff in this video. why define the DNS for all subnets explicitly again when you can skip them to use the global settings? why create the RFC network rules with the source also being private networks? just don't allow anyone (wildcard) on that interface to talk to private networks.
Would a client on the Guest network still be able to hit the web interface or SSH on the Protectli by going to 192.168.20.1?
@MactelecomNetworks
3 жыл бұрын
Good call Ron I didn’t add that to my video I knew I forgot something. They most likely can get to it. You would want to put a block rule to their interface for http, https and ssh thanks for pointing that out
Wait, you had all those available ports on the router, Why trunk multiple vlans in 1 port rather than use 1 interface for each vlan?
Good video . What is the hardware you used for firewall ?
@MactelecomNetworks
3 жыл бұрын
It’s a protectli
@hamadalmarri2141
3 жыл бұрын
Thank you
After you apply your RFC1918 block rules you mention that the Guest network still has access to it’s own subnet but is that really true? The way your rule is configured will block inter and intra vlan routing if you don’t create additional allow rules for traffic within the same subnet.
@georgefarris711
2 жыл бұрын
At least in version 22.1 it blocks everything, I had to allow Guest access to Guest etc.
Thx, is it not necessary to configure the vlans on the Unifi Switch?
@MactelecomNetworks
3 жыл бұрын
It is and I show you how to do it in the video
@Bogomil76
3 жыл бұрын
@@MactelecomNetworks oh, sorry, missed it.
@MactelecomNetworks
3 жыл бұрын
@@Bogomil76 no worries
@Bogomil76
3 жыл бұрын
@@MactelecomNetworks Now i get it, what i overlooked was the fact that Unifi Standard VLAN means that All Ports have ALL VLANs? Because Port 1 has VLAN ALL?! Or do You preconfigured it this way?
should have done floating rules for the rfc1918
@MactelecomNetworks
3 жыл бұрын
I’ll do a deeper dive in firewall rules in the future
Why not use a Pi-hole as DNS server?
@MactelecomNetworks
3 жыл бұрын
This is my lab network I have it set up in my production network
@limpep
3 жыл бұрын
@@MactelecomNetworks Nice. you should do a tutorial where you show how to setup Pi-hole on the controller.
Great video... pity you do not do one for Opnsense and Nord VPN .. many issues with that!
ive noticed on videos your lipsync is out in the video
@MactelecomNetworks
3 жыл бұрын
Good to know. I typically test the audio before starting but may have missed this
@regchan
3 жыл бұрын
@@MactelecomNetworks i watched audio and the video camera was out in voice as u were speaking maybe look at camera
With the COVID no guest network needed